summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChuck Short <zul@gentoo.org>2004-06-19 15:10:35 +0000
committerChuck Short <zul@gentoo.org>2004-06-19 15:10:35 +0000
commitedf529a106db28b19d3ebd5a36edfb48d0cdd3a8 (patch)
treef6e0ef08f67697c42eae68b7af936a879ba32ee5
parentMoved patches to mirror://gentoo at seemants request. (diff)
downloadhistorical-edf529a106db28b19d3ebd5a36edfb48d0cdd3a8.tar.gz
historical-edf529a106db28b19d3ebd5a36edfb48d0cdd3a8.tar.bz2
historical-edf529a106db28b19d3ebd5a36edfb48d0cdd3a8.zip
Ebuild cleanup.
-rw-r--r--net-www/apache/ChangeLog15
-rw-r--r--net-www/apache/Manifest13
-rw-r--r--net-www/apache/apache-2.0.49-r2.ebuild411
-rw-r--r--net-www/apache/files/digest-apache-2.0.49-r21
-rw-r--r--net-www/apache/files/patches/2.0.49-r2/00_gentoo_base.patch158
-rw-r--r--net-www/apache/files/patches/2.0.49-r2/01_apache_ldap_fixes.patch542
-rw-r--r--net-www/apache/files/patches/2.0.49-r2/01_gentoo_cvs_sync.patch13507
-rw-r--r--net-www/apache/files/patches/2.0.49-r2/01_gentoo_ipv6.patch22
-rw-r--r--net-www/apache/files/patches/2.0.49-r2/01_ssl_engine_kernel.patch1842
-rw-r--r--net-www/apache/files/patches/2.0.49-r2/01_ssl_verify_client.patch244
-rw-r--r--net-www/apache/files/patches/2.0.49-r2/03_redhat_xfsz.patch15
-rw-r--r--net-www/apache/files/patches/2.0.49-r2/04_ssl_makefile.patch13
-rw-r--r--net-www/apache/files/patches/2.0.49-r2/Readme.PATCHES16
13 files changed, 15 insertions, 16784 deletions
diff --git a/net-www/apache/ChangeLog b/net-www/apache/ChangeLog
index 5d52064e5b62..cdf1a99f9909 100644
--- a/net-www/apache/ChangeLog
+++ b/net-www/apache/ChangeLog
@@ -1,6 +1,19 @@
# ChangeLog for net-www/apache
# Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-www/apache/ChangeLog,v 1.206 2004/06/19 14:57:58 zul Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-www/apache/ChangeLog,v 1.207 2004/06/19 15:08:24 zul Exp $
+
+ 19 Jun 2004; Chuck Short <zul@gentoo.org> apache-2.0.49-r2.ebuild,
+ files/patches/2.0.49-r2/00_gentoo_base.patch,
+ files/patches/2.0.49-r2/01_apache_ldap_fixes.patch,
+ files/patches/2.0.49-r2/01_gentoo_cvs_sync.patch,
+ files/patches/2.0.49-r2/01_gentoo_ipv6.patch,
+ files/patches/2.0.49-r2/01_ssl_engine_kernel.patch,
+ files/patches/2.0.49-r2/01_ssl_verify_client.patch,
+ files/patches/2.0.49-r2/03_redhat_xfsz.patch,
+ files/patches/2.0.49-r2/04_ssl_makefile.patch,
+ files/patches/2.0.49-r2/Readme.PATCHES:
+ Ebuild cleanup. -r2 was marked unstable while -r3 was marked stable. Removed
+ -r2.
19 Jun 2004; Chuck Short <zul@gentoo.org> apache-2.0.49-r3.ebuild,
files/patches/2.0.49-r3/00_gentoo_base.patch,
diff --git a/net-www/apache/Manifest b/net-www/apache/Manifest
index ffd7e3210802..881bf82ff555 100644
--- a/net-www/apache/Manifest
+++ b/net-www/apache/Manifest
@@ -1,11 +1,10 @@
-MD5 536cd8fc6a679f4a9cc0e3cd81fe8df6 apache-2.0.49-r2.ebuild 13097
MD5 cdf590244c2432f89f430ddb4d096234 apache-1.3.29-r2.ebuild 7143
MD5 06fd1e5c0a9875c51ae41611a1b0fee9 apache-1.3.31.ebuild 6703
MD5 0db141c3deb9681139e541aa52beb768 apache-2.0.49-r1.ebuild 12686
MD5 2c5290736383dbd474a19babfd0c30c9 apache-1.3.31-r2.ebuild 6839
MD5 3e0c303e5d1224ab2cdc0fb44fa951f8 apache-2.0.49-r3.ebuild 13101
MD5 560a017fb276c511c94a69ffe8f1b736 apache-1.3.31-r1.ebuild 6711
-MD5 8d104257f414a06f875967dad843ec6b ChangeLog 37684
+MD5 eed7a2a2137eccebb68f20167834a3ea ChangeLog 38289
MD5 5b6dd438f81019e56fa641841c0c13fe metadata.xml 501
MD5 d4b8a4908870107e15cc1edbd0ec6ebb files/apache-1.3.29_mod_auth_db.patch 729
MD5 161245c7aa1eb785db53b34d6a10be43 files/suexec_pam_gentoo.patch 2149
@@ -15,7 +14,6 @@ MD5 7d4cec8690cb2c6406b84990d8365587 files/digest-apache-1.3.31-r1 139
MD5 7d4cec8690cb2c6406b84990d8365587 files/digest-apache-1.3.31-r2 139
MD5 d3626a1e31a675c60d066c111d552adf files/suexec.pam 59
MD5 3a7818b24f0952694c7b878ba3d8e79a files/digest-apache-2.0.49-r1 65
-MD5 3a7818b24f0952694c7b878ba3d8e79a files/digest-apache-2.0.49-r2 65
MD5 b7aa6e39d33d167baf460dd30a14c977 files/digest-apache-2.0.49-r3 142
MD5 37d2c4ea8e1a6725deaca42b6aa22c69 files/apache-1.3.27_db4_gentoo.patch 1006
MD5 f344d93e24620988b561d71974989e8e files/00_apache_manual.conf 770
@@ -88,16 +86,7 @@ MD5 21a6ee55341125140e40c0f48144277d files/patches/2.0.49-r1/Readme.PATCHES 507
MD5 64670c349a80e98fc61da8e32b44a913 files/patches/2.0.49-r1/01_ssl_engine_kernel.patch 66330
MD5 59deb12158a55cc2259cd79c245eb00d files/patches/2.0.49-r1/00_ssl_verify_client.patch 6671
MD5 30add456de1ed8fab4bc473a4afda161 files/patches/2.0.49-r1/04_ssl_makefile.patch 619
-MD5 b7c4fabdcb3845c4218b770acb792f73 files/patches/2.0.49-r2/00_gentoo_base.patch 6316
-MD5 5c4796d256a7a9d38dfd7cad6ffbc448 files/patches/2.0.49-r2/01_gentoo_cvs_sync.patch 619776
-MD5 b30d264a0cfb08b2ce2300132abbe654 files/patches/2.0.49-r2/01_apache_ldap_fixes.patch 18048
-MD5 b50b5055727b0d1aa89936d0decccd2e files/patches/2.0.49-r2/03_redhat_xfsz.patch 563
-MD5 f0d25e7c6f092d5f64b18eb8f2f62fc6 files/patches/2.0.49-r2/Readme.PATCHES 552
-MD5 8cb4313e58d7bd5dc369eb92f75daa2b files/patches/2.0.49-r2/01_gentoo_ipv6.patch 788
-MD5 64670c349a80e98fc61da8e32b44a913 files/patches/2.0.49-r2/01_ssl_engine_kernel.patch 66330
MD5 d52999376f67a872ee48cbae72db0160 files/patches/2.0.49-r2/01_gentoo_cgi.patch 10319
-MD5 30add456de1ed8fab4bc473a4afda161 files/patches/2.0.49-r2/04_ssl_makefile.patch 619
-MD5 7c6533ba87a75f243b4098b4e530bc00 files/patches/2.0.49-r2/01_ssl_verify_client.patch 6743
MD5 3c0dfc9f2dc93ae46eb6382cf9533f18 files/patches/1.3.31/00_gentoo_base.patch 27799
MD5 a63b9472904d3500cf72b370a9ee3200 files/patches/1.3.31/00_gentoo_db4_detect.patch 1304
MD5 28272b16a4f701f29eb73d932fd81101 files/patches/1.3.31/Readme.PATCHES 747
diff --git a/net-www/apache/apache-2.0.49-r2.ebuild b/net-www/apache/apache-2.0.49-r2.ebuild
deleted file mode 100644
index 5ec1ce9fea4f..000000000000
--- a/net-www/apache/apache-2.0.49-r2.ebuild
+++ /dev/null
@@ -1,411 +0,0 @@
-# Copyright 1999-2004 Gentoo Technologies, Inc.
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-www/apache/apache-2.0.49-r2.ebuild,v 1.13 2004/06/10 22:56:54 zul Exp $
-
-inherit flag-o-matic eutils fixheadtails gnuconfig
-
-S="${WORKDIR}/httpd-${PV}"
-DESCRIPTION="Apache Web Server, Version 2.0.x"
-HOMEPAGE="http://www.apache.org/"
-SRC_URI="http://www.apache.org/dist/httpd/httpd-${PV}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="2"
-KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha arm ~hppa ~amd64 ~ia64 s390"
-IUSE="berkdb gdbm ldap threads ipv6 doc static ssl"
-
-#Standard location for Gentoo Linux
-DATADIR="/var/www/localhost"
-
-DEPEND="dev-util/yacc
- dev-lang/perl
- sys-libs/zlib
- dev-libs/expat
- dev-libs/openssl
- >=sys-apps/sed-4
- berkdb? ( sys-libs/db )
- gdbm? ( sys-libs/gdbm )
- !mips? ( ldap? ( =net-nds/openldap-2* ) )"
-
-apache_setup_vars() {
- # Sets the USERDIR to default.
- USERDIR="public_html"
-
- if use berkdb; then
- db_major=`grep DB_VERSION_MAJOR /usr/include/db.h | cut -f3`
- db_minor=`grep DB_VERSION_MINOR /usr/include/db.h | cut -f3`
- if [ $db_minor -gt 0 ];
- then
- db_version="db4"
- else
- db_version=`echo "db$db_major.$db_minor"`
- fi
- append-ldflags -l`echo "$db_version"`
- fi
- einfo "DATADIR is set to: ${DATADIR}"
- einfo "USERDIR is set to: $USERDIR"
- einfo "DB verison detected is $db_version"
-}
-
-set_filter_flags () {
- CFLAGS="${CFLAGS/ / }"
- has_version =sys-libs/glibc-2.2* && filter-flags -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-}
-
-src_unpack() {
- set_filter_flags
-
- unpack ${A} || die
- cd ${S} || die
- epatch ${FILESDIR}/patches/${PVR}/00_gentoo_base.patch || die
- epatch ${FILESDIR}/patches/${PVR}/01_gentoo_cvs_sync.patch || die
- epatch ${FILESDIR}/patches/${PVR}/03_redhat_xfsz.patch || die
- epatch ${FILESDIR}/patches/${PVR}/01_gentoo_cgi.patch || die
- epatch ${FILESDIR}/patches/${PVR}/04_ssl_makefile.patch || die
- epatch ${FILESDIR}/patches/${PVR}/01_ssl_engine_kernel.patch || die
-
- if use ipv6; then
- epatch ${FILESDIR}/patches/${PVR}/01_gentoo_ipv6.patch || die
- fi
-
- if use ldap; then
- epatch ${FILESDIR}/patches/${PVR}/01_apache_ldap_fixes.patch || die
- fi
-
- if use ssl; then
- epatch ${FILESDIR}/patches/${PVR}/01_ssl_verify_client.patch || die
- fi
-
- #avoid utf-8 charset problems
- export LC_CTYPE=C
-
- ht_fix_file srclib/apr/build/buildcheck.sh
-
- #give it the stamp
- sed -i -e 's:(" PLATFORM "):(Gentoo/Linux):g' server/core.c
-
- #fix perl with perl!
- find -type f | xargs perl -pi -e \
- "s|/usr/local/bin/perl|/usr/bin/perl|g; \
- s|/usr/local/bin/perl5|/usr/bin/perl|g; \
- s|/path/to/bin/perl|/usr/bin/perl|g;"
- #dont want this cruft in /usr/bin
- sed -i -e 's:@exp_bindir@:@exp_installbuilddir:g' support/apachectl.in
-
- #setup the filesystem layout config
- cat ${FILESDIR}/common/config.layout >> config.layout
- sed -i -e 's:version:${PF}:g' config.layout
-
- cat ${FILESDIR}/common/apr-config.layout >> srclib/apr/config.layout
- cat ${FILESDIR}/common/apr-util-config.layout >> srclib/apr-util/config.layout
-
- sed -i -e "s:/var/www/localhost:${DATADIR}:g" srclib/apr/config.layout
- sed -i -e "s:/var/www/localhost:${DATADIR}:g" srclib/apr-util/config.layout
-
- WANT_AUTOCONF_2_5=1 WANT_AUTOCONF=2.5 ./buildconf || die "buildconf failed"
-}
-
-src_compile() {
- set_filter_flags
- apache_setup_vars
-
- # Detect mips systems properly
- use mips && gnuconfig_update
-
- local myconf
- if use ldap; then
- if use mips; then
- eerror "Sorry, LDAP support isn't available yet for MIPS"
- eerror "Test out OpenLDAP and report it via BugZilla!"
- eerror "Continuing in 5 seconds"
- sleep 5s
- else
- einfo "Enabling LDAP"
- if use static; then
- myconf="--with-ldap --enable-auth-ldap=static --enable-ldap=static"
- else
- myconf="--with-ldap --enable-auth-ldap=shared --enable-ldap=shared"
- fi
- fi
- fi
-
- if use ipv6; then
- einfo "Enabling ipv6"
- myconf="${myconf} --enable-vp4"
- else
- myconf="${myconf} --disable-ipv6"
- fi
-
- if use threads; then
- einfo "Enabling threads support"
- myconf="${myconf} --with-mpm=worker"
- else
- myconf="${myconf} --with-mpm=${MPM:=prefork}"
- fi
-
- select_modules_config || die "determining modules"
-
- # Fix for bug #24215 - robbat2@gentoo.org, 30 Oct 2003
- # We pre-load the cache with the correct answer! This avoids
- # it violating the sandbox. This may have to be changed for
- # non-Linux systems or if sem_open changes on Linux. This
- # hack is built around documentation in /usr/include/semaphore.h
- # and the glibc (pthread) source
- echo 'ac_cv_func_sem_open=${ac_cv_func_sem_open=no}' >> ${S}/config.cache
-
- # Workaround for bug #32444 - robbat2@gentoo.org, 28 Nov 2003
- # Apache2 tries to build SCTP support even when all the parts of it aren't there
- # So for the moment we tell it to ignore SCTP support
- echo 'ac_cv_sctp=${ac_cv_sctp=no}' >> ${S}/config.cache
- echo 'ac_cv_header_netinet_sctp_h=${ac_cv_header_netinet_sctp_h=no}' >> ${S}/config.cache
- echo 'ac_cv_header_netinet_sctp_uio_h=${ac_cv_header_netinet_sctp_uio_h=no}' >> ${S}/config.cache
-
- makeopts="${makeopts} -j1"
- SSL_BASE="SYSTEM" \
- WANT_AUTOCONF_2_5=1 WANT_AUTOCONF=2.5
- ./configure \
- --with-suexec-safepath="/usr/local/bin:/usr/bin:/bin" \
- --with-suexec-logfile=/var/log/apache2/suexec_log \
- --with-suexec-bin=/usr/sbin/suexec2 \
- --with-suexec-userdir=${USERDIR} \
- --with-suexec-caller=apache \
- --with-suexec-docroot=/var/www \
- --with-suexec-uidmin=1000 \
- --with-suexec-gidmin=100 \
- --with-suexec-umask=077 \
- --enable-suexec=shared \
- \
- ${MY_BUILTINS} \
- \
- --cache-file=${S}/config.cache \
- --with-perl=/usr/bin/perl \
- --with-expat=/usr \
- --with-ssl=/usr \
- --with-z=/usr \
- --with-port=80 \
- --enable-layout=Gentoo \
- --with-program-name=apache2 \
- --with-devrandom=/dev/urandom \
- --host=${CHOST} ${myconf} || die "bad ./configure please submit bug report to bugs.gentoo.org. Include your config.layout."
- #--with-mpm={worker|prefork|perchild|leader|threadpool}
-
- # we don't want to try and recompile the ssl_expr_parse.c file, because
- # the lex source is broken
- touch modules/ssl/ssl_expr_scan.c
-
- emake || die "problem compiling Apache2 :("
-
- #build ssl version of apache bench (ab-ssl)
- cd support; rm -f ab .libs/ab ab.lo ab.o
- make ab CFLAGS="${CFLAGS} -DUSE_SSL -lcrypto -lssl \
- -I/usr/include/openssl -L/usr/lib" || die
- mv ab ab-ssl; mv .libs/ab .libs/ab-ssl; rm -f ab.lo ab.o
- make ab || die
-}
-
-src_install () {
- set_filter_flags
-
- local i
- make DESTDIR=${D} install || die
- dodoc ABOUT_APACHE CHANGES INSTALL LAYOUT \
- LICENSE README* ${FILESDIR}/robots.txt
-
- #bogus values pointing at /var/tmp/portage
- sed -i -e 's:APR_SOURCE_DIR=.*:APR_SOURCE_DIR=:g' ${D}/usr/bin/apr-config
- sed -i -e 's:APU_SOURCE_DIR=.*:APU_SOURCE_DIR=:g' ${D}/usr/bin/apu-config
- sed -i -e 's:APU_BUILD_DIR=.*:APU_BUILD_DIR=:g' ${D}/usr/bin/apu-config
-
- #protect the suexec binary
- local gid=`id -g apache`
- [ -z "${gid}" ] && gid=81
- fowners root:${gid} /usr/sbin/suexec
- fperms 4710 /usr/sbin/suexec
-
- #apxs needs this to pickup the right lib for install
- dosym /usr/lib /usr/lib/apache2/lib
- dosym /var/log/apache2 /usr/lib/apache2/logs
- dosym /usr/lib/apache2-extramodules /usr/lib/apache2/extramodules
- dosym /etc/apache2/conf /usr/lib/apache2/conf
-
- cd ${S}
- #Credits to advx.org people for these scripts. Heck, thanks for
- #the nice layout and everything else ;-)
- exeinto /usr/sbin
- for i in apache2logserverstatus apache2splitlogfile
- do
- doexe ${FILESDIR}/2.0.49/$i
- done
- exeinto /usr/lib/ssl/apache2-mod_ssl
- doexe ${FILESDIR}/2.0.49/gentestcrt.sh
-
- #some more scripts
- exeinto /usr/sbin
- for i in split-logfile list_hooks.pl logresolve.pl log_server_status
- do
- doexe ${S}/support/$i
- done
- #the ssl version of apache bench
- doexe support/.libs/ab-ssl
-
- #move some mods to extramodules
- dodir /usr/lib/apache2-extramodules
- for i in mod_ssl.so mod_ldap.so mod_auth_ldap.so
- do
- [ -x ${D}/usr/lib/apache2/modules/$i ] && \
- mv ${D}/usr/lib/apache2/modules/$i ${D}/usr/lib/apache2-extramodules
- done
-
- #modules.d config file snippets
- insinto /etc/apache2/conf/modules.d
- for i in 40_mod_ssl.conf 41_mod_ssl.default-vhost.conf 45_mod_dav.conf
- do
- doins ${FILESDIR}/2.0.49/$i
- done
- use !mips && use ldap && doins ${FILESDIR}/2.0.49/46_mod_ldap.conf
-
- #drop in a convenient link to the manual
- if use doc; then
- MANUAL_VERSION="2.0.49-r2"
- insinto /etc/apache2/conf/modules.d
- doins ${FILESDIR}/00_apache_manual.conf
- dosym /usr/share/doc/${PF}/manual ${DATADIR}/htdocs/manual
- sed -i -e "s:2.0.49:${MY_VERSION}:" ${D}/etc/apache2/conf/modules.d/00_apache_manual.conf
- fi
-
- #SLOT=2!!!
- cd ${D}
- # do non-man pages
- cd ${D}
- mv -v usr/sbin/apachectl usr/sbin/apache2ctl
- mv -v usr/sbin/htdigest usr/sbin/htdigest2
- mv -v usr/sbin/htpasswd usr/sbin/htpasswd2
- mv -v usr/sbin/logresolve usr/sbin/logresolve2
- mv -v usr/sbin/apxs usr/sbin/apxs2
- mv -v usr/sbin/ab usr/sbin/ab2
- mv -v usr/sbin/ab-ssl usr/sbin/ab2-ssl
- mv -v usr/sbin/suexec usr/sbin/suexec2
- mv -v usr/sbin/rotatelogs usr/sbin/rotatelogs2
- mv -v usr/sbin/dbmmanage usr/sbin/dbmmanage2
- mv -v usr/sbin/checkgid usr/sbin/checkgid2
- mv -v usr/sbin/split-logfile usr/sbin/split-logfile2
- mv -v usr/sbin/list_hooks.pl usr/sbin/list_hooks2.pl
- mv -v usr/sbin/logresolve.pl usr/sbin/logresolve2.pl
-
- # do the man pages
- mv -v usr/share/man/man1/htdigest.1 usr/share/man/man1/htdigest2.1
- mv -v usr/share/man/man1/htpasswd.1 usr/share/man/man1/htpasswd2.1
- mv -v usr/share/man/man1/dbmmanage.1 usr/share/man/man1/dbmmanage2.1
- mv -v usr/share/man/man8/ab.8 usr/share/man/man8/ab2.8
- mv -v usr/share/man/man8/apxs.8 usr/share/man/man8/apxs2.8
- mv -v usr/share/man/man8/apachectl.8 usr/share/man/man8/apache2ctl.8
- mv -v usr/share/man/man8/httpd.8 usr/share/man/man8/apache2.8
- mv -v usr/share/man/man8/logresolve.8 usr/share/man/man8/logresolve2.8
- mv -v usr/share/man/man8/rotatelogs.8 usr/share/man/man8/rotatelogs2.8
- mv -v usr/share/man/man8/suexec.8 usr/share/man/man8/suexec2.8
-
- #tidy up
- mv ${D}/usr/sbin/envvars* ${D}/usr/lib/apache2/build
- dodoc ${D}/etc/apache2/conf/*-std.conf
- rm -f ${D}/etc/apache2/conf/*.conf
- rm -rf ${D}/var/run ${D}/var/log
-
- #config files
- insinto /etc/conf.d; newins ${FILESDIR}/2.0.49/apache2.confd apache2
- exeinto /etc/init.d; newexe ${FILESDIR}/2.0.49/apache2.initd apache2
- insinto /etc/apache2; doins ${FILESDIR}/2.0.49/apache2-builtin-mods
- insinto /etc/apache2/conf
- doins ${FILESDIR}/2.0.49/commonapache2.conf
- doins ${FILESDIR}/2.0.49/apache2.conf
- insinto /etc/apache2/conf/vhosts
- doins ${FILESDIR}/2.0.49/virtual-homepages.conf
- doins ${FILESDIR}/2.0.49/dynamic-vhosts.conf
- doins ${FILESDIR}/2.0.49/vhosts.conf
-
- # Added by Jason Wever <weeve@gentoo.org>
- # A little sedfu to fix bug #7172 for sparc64s
- if [ ${ARCH} = "sparc" ]
- then
- sed -i -e '13a\AcceptMutex fcntl' \
- ${D}/etc/apache2/conf/apache2.conf
- fi
-}
-
-parse_modules_config() {
- set_filter_flags
-
- local filename=$1
- local name=""
- local dso=""
- local disable=""
- [ -f ${filename} ] || return 1
- for i in `cat $filename | sed "s/^#.*//"` ; do
- if [ $i == "-" ] ; then
- disable="true"
- elif [ -z "$name" ] && [ ! -z "`echo $i | grep "mod_"`" ] ; then
- name=`echo $i | sed "s/mod_//"`
- elif [ "$disable" ] && ( [ $i == "static" ] || [ $i == "shared" ] ) ; then
- MY_BUILTINS="${MY_BUILTINS} --disable-$name"
- name="" ; disable=""
- elif [ $i == "static" ] ; then
- MY_BUILTINS="${MY_BUILTINS} --enable-$name=yes"
- name="" ; disable=""
- elif [ $i == "shared" ] ; then
- MY_BUILTINS="${MY_BUILTINS} --enable-$name=shared"
- name="" ; disable=""
- fi
- done
- einfo "${filename} options:\n${MY_BUILTINS}"
-}
-
-select_modules_config() {
- parse_modules_config /etc/apache2/apache2-builtin-mods || \
- parse_modules_config ${FILESDIR}/2.0.49/apache2-builtin-mods || \
- return 1
-}
-
-pkg_postinst() {
- set_filter_flags
-
- #empty dirs...
- install -d -m0755 -o apache -g apache ${ROOT}/var/lib/dav
- install -d -m0755 -o root -g root ${ROOT}/var/log/apache2
- install -d -m0755 -o root -g root ${ROOT}/var/cache/apache2
-
- if use ssl; then
- # install -d -m0755 -o root -g root ${ROOT}/etc/apache2/conf/ssl
- install -d -m0755 -o root -g root ${ROOT}/etc/apache2/conf/ssl
- cd ${ROOT}/etc/apache2/conf/ssl
- einfo
- einfo "Generating self-signed test certificate in /etc/apache2/conf/ssl..."
- yes "" 2>/dev/null | ${ROOT}/usr/lib/ssl/apache2-mod_ssl/gentestcrt.sh >/dev/null 2>&1
- einfo
- fi
-
- if has_version '=net-www/apache-1*' ; then
- ewarn
- ewarn "Please add the 'apache2' flag to your USE variable and (re)install"
- ewarn "any additional DSO modules you may wish to use with Apache-2.x."
- ewarn "Addon modules are configured in /etc/apache2/conf/modules.d/"
- ewarn
- fi
-
- # Check to see if this is an upgrade
- if [ -d /home/httpd ];
- then
- einfo
- einfo "Please remember to update your config files in /etc/apache2"
- einfo "as --datadir has been changed to ${DATADIR}, and ServerRoot"
- einfo "has changed to /usr/lib/apache2!"
- einfo
- fi
-
- local list=""
- for i in lib logs modules extramodules; do
- local d="/etc/apache2/${i}"
- [ -s "${d}" ] && list="${list} ${d}"
- done
- if [ -n "${list}" ]; then
- einfo "You should delete these old symlinks: ${list}"
- fi
-}
diff --git a/net-www/apache/files/digest-apache-2.0.49-r2 b/net-www/apache/files/digest-apache-2.0.49-r2
deleted file mode 100644
index caa6620e2194..000000000000
--- a/net-www/apache/files/digest-apache-2.0.49-r2
+++ /dev/null
@@ -1 +0,0 @@
-MD5 275d3d37eed1b070f333d3618f7d1954 httpd-2.0.49.tar.gz 5919279
diff --git a/net-www/apache/files/patches/2.0.49-r2/00_gentoo_base.patch b/net-www/apache/files/patches/2.0.49-r2/00_gentoo_base.patch
deleted file mode 100644
index a1b7fb767e99..000000000000
--- a/net-www/apache/files/patches/2.0.49-r2/00_gentoo_base.patch
+++ /dev/null
@@ -1,158 +0,0 @@
-- enable the checks that the suexec wrapper is a setuid root binary;
- so if people turn off setuid on the binary, suexec won't be enabled.
-
-- fix hardcoded path to suexec2
-
-- remove checks requiring /usr/sbin/httpd to be present: this is
- unnecessary, we know that httpd contains mod_so, and only the
- httpd-devel package should be required to build modules.
-
-- Allow startup after unclean shutdown: remove mutex before
- creating it, use anonymous shm in shmcb.
-
-- allow server/exports.c to be generated in a parallel build successfully
-
-- ensure that when mod_ssl is unloaded, libcrypto doesn't still have the
- thread_id callback pointing at a mod_ssl function.
-
-- make apache2ctl source /etc/conf.d/apache2 for startup options
-
-diff -ur httpd-2.0.49.orig/include/httpd.h httpd-2.0.49/include/httpd.h
---- httpd-2.0.49.orig/include/httpd.h 2004-02-09 12:54:34.000000000 -0800
-+++ httpd-2.0.49/include/httpd.h 2004-03-22 10:38:40.000000000 -0800
-@@ -137,7 +137,7 @@
-
- /* The path to the suExec wrapper, can be overridden in Configuration */
- #ifndef SUEXEC_BIN
--#define SUEXEC_BIN HTTPD_ROOT "/bin/suexec"
-+#define SUEXEC_BIN "/usr/sbin/suexec2"
- #endif
-
- /* The timeout for waiting for messages */
-Only in httpd-2.0.49/include: httpd.h.orig
-diff -ur httpd-2.0.49.orig/modules/ssl/ssl_engine_mutex.c httpd-2.0.49/modules/ssl/ssl_engine_mutex.c
---- httpd-2.0.49.orig/modules/ssl/ssl_engine_mutex.c 2004-02-09 12:53:20.000000000 -0800
-+++ httpd-2.0.49/modules/ssl/ssl_engine_mutex.c 2004-03-22 10:38:40.000000000 -0800
-@@ -41,6 +41,8 @@
- if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
- return TRUE;
-
-+ apr_file_remove(mc->szMutexFile, p);
-+
- if ((rv = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile,
- mc->nMutexMech, p)) != APR_SUCCESS) {
- if (mc->szMutexFile)
-Only in httpd-2.0.49/modules/ssl: ssl_engine_mutex.c.orig
-diff -ur httpd-2.0.49.orig/modules/ssl/ssl_scache_shmcb.c httpd-2.0.49/modules/ssl/ssl_scache_shmcb.c
---- httpd-2.0.49.orig/modules/ssl/ssl_scache_shmcb.c 2004-02-09 12:53:20.000000000 -0800
-+++ httpd-2.0.49/modules/ssl/ssl_scache_shmcb.c 2004-03-22 10:38:40.000000000 -0800
-@@ -341,7 +341,7 @@
-
- if ((rv = apr_shm_create(&(mc->pSessionCacheDataMM),
- mc->nSessionCacheDataSize,
-- mc->szSessionCacheDataFile,
-+ NULL,
- mc->pPool)) != APR_SUCCESS) {
- char buf[100];
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
-Only in httpd-2.0.49/modules/ssl: ssl_scache_shmcb.c.orig
-diff -ur httpd-2.0.49.orig/modules/ssl/ssl_util.c httpd-2.0.49/modules/ssl/ssl_util.c
---- httpd-2.0.49.orig/modules/ssl/ssl_util.c 2004-02-09 12:53:20.000000000 -0800
-+++ httpd-2.0.49/modules/ssl/ssl_util.c 2004-03-22 10:38:40.000000000 -0800
-@@ -422,6 +422,8 @@
- CRYPTO_set_locking_callback(NULL);
- CRYPTO_set_id_callback(NULL);
-
-+ CRYPTO_set_id_callback(NULL);
-+
- /* Let the registered mutex cleanups do their own thing
- */
- return APR_SUCCESS;
-Only in httpd-2.0.49/modules/ssl: ssl_util.c.orig
-diff -ur httpd-2.0.49.orig/os/unix/unixd.c httpd-2.0.49/os/unix/unixd.c
---- httpd-2.0.49.orig/os/unix/unixd.c 2004-03-17 23:36:53.000000000 -0800
-+++ httpd-2.0.49/os/unix/unixd.c 2004-03-22 10:38:40.000000000 -0800
-@@ -200,23 +200,20 @@
-
- AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp)
- {
-- apr_finfo_t wrapper;
-+ struct stat wrapper;
-
- unixd_config.user_name = DEFAULT_USER;
- unixd_config.user_id = ap_uname2id(DEFAULT_USER);
- unixd_config.group_id = ap_gname2id(DEFAULT_GROUP);
-
- /* Check for suexec */
-- unixd_config.suexec_enabled = 0;
-- if ((apr_stat(&wrapper, SUEXEC_BIN,
-- APR_FINFO_NORM, ptemp)) != APR_SUCCESS) {
-- return;
-- }
--
-- /* XXX - apr_stat is incapable of checking suid bits (grumble) */
-- /* if ((wrapper.filetype & S_ISUID) && wrapper.user == 0) { */
-+ if (stat(SUEXEC_BIN, &wrapper) == 0 &&
-+ (wrapper.st_mode & S_ISUID) && wrapper.st_uid == 0) {
- unixd_config.suexec_enabled = 1;
-- /* } */
-+ } else {
-+ unixd_config.suexec_enabled = 0;
-+ }
-+
- }
-
-
-Only in httpd-2.0.49/os/unix: unixd.c.orig
-diff -ur httpd-2.0.49.orig/server/Makefile.in httpd-2.0.49/server/Makefile.in
---- httpd-2.0.49.orig/server/Makefile.in 2004-03-08 09:40:37.000000000 -0800
-+++ httpd-2.0.49/server/Makefile.in 2004-03-22 10:38:40.000000000 -0800
-@@ -67,6 +67,9 @@
- export_vars.h: export_files
- $(AWK) -f $(top_srcdir)/build/make_var_export.awk `cat $?` > $@
-
-+# Needed to allow exports.c to be generated in a parallel build successfully
-+.NOTPARALLEL: $(top_builddir)/server/exports.c
-+
- # Rule to make def file for OS/2 core dll
- ApacheCoreOS2.def: exports.c export_vars.h $(top_srcdir)/os/$(OS_DIR)/core_header.def
- cat $(top_srcdir)/os/$(OS_DIR)/core_header.def > $@
-Only in httpd-2.0.49/server: Makefile.in.orig
-diff -ur httpd-2.0.49.orig/support/apachectl.in httpd-2.0.49/support/apachectl.in
---- httpd-2.0.49.orig/support/apachectl.in 2004-02-09 12:59:49.000000000 -0800
-+++ httpd-2.0.49/support/apachectl.in 2004-03-22 10:38:40.000000000 -0800
-@@ -40,7 +40,8 @@
- # -------------------- --------------------
- #
- # the path to your httpd binary, including options if necessary
--HTTPD='@exp_sbindir@/@progname@'
-+. /etc/conf.d/apache2
-+HTTPD="@exp_sbindir@/@progname@ ${APACHE2_OPTS}"
- #
- # pick up any necessary environment variables
- if test -f @exp_bindir@/envvars; then
-Only in httpd-2.0.49/support: apachectl.in.orig
-diff -ur httpd-2.0.49.orig/support/apxs.in httpd-2.0.49/support/apxs.in
---- httpd-2.0.49.orig/support/apxs.in 2004-02-09 12:59:49.000000000 -0800
-+++ httpd-2.0.49/support/apxs.in 2004-03-22 10:38:40.000000000 -0800
-@@ -198,19 +198,6 @@
- ($httpd = $0) =~ s:support/apxs$::;
- }
-
--unless (-x "$httpd") {
-- error("$httpd not found or not executable");
-- exit 1;
--}
--
--unless (grep /mod_so/, `. $envvars && $httpd -l`) {
-- error("Sorry, no shared object support for Apache");
-- error("available under your platform. Make sure");
-- error("the Apache module mod_so is compiled into");
-- error("your server binary `$httpd'.");
-- exit 1;
--}
--
- sub get_config_vars{
- my ($file, $rh_config) = @_;
-
-Only in httpd-2.0.49/support: apxs.in.orig
diff --git a/net-www/apache/files/patches/2.0.49-r2/01_apache_ldap_fixes.patch b/net-www/apache/files/patches/2.0.49-r2/01_apache_ldap_fixes.patch
deleted file mode 100644
index 5e7450413bac..000000000000
--- a/net-www/apache/files/patches/2.0.49-r2/01_apache_ldap_fixes.patch
+++ /dev/null
@@ -1,542 +0,0 @@
-diff -Naur httpd-2.0.49/modules/experimental/NWGNUauthldap httpd-2.0.49-gentoo/modules/experimental/NWGNUauthldap
---- httpd-2.0.49/modules/experimental/NWGNUauthldap 2003-03-07 20:12:29.000000000 +0000
-+++ httpd-2.0.49-gentoo/modules/experimental/NWGNUauthldap 2004-05-23 21:45:34.330922280 +0000
-@@ -186,7 +186,6 @@
- lldapsdk \
- lldapssl \
- lldapx \
-- utilldap \
- $(EOLIST)
-
- #
-@@ -210,7 +209,8 @@
- FILES_nlm_Ximports = \
- util_ldap_connection_find \
- util_ldap_connection_close \
-- util_ldap_connection_destroy \
-+ util_ldap_connection_unbind \
-+ util_ldap_connection_cleanup \
- util_ldap_cache_checkuserid \
- util_ldap_cache_compare \
- util_ldap_cache_comparedn \
-diff -Naur httpd-2.0.49/modules/experimental/NWGNUutilldap httpd-2.0.49-gentoo/modules/experimental/NWGNUutilldap
---- httpd-2.0.49/modules/experimental/NWGNUutilldap 2003-03-07 20:12:29.000000000 +0000
-+++ httpd-2.0.49-gentoo/modules/experimental/NWGNUutilldap 2004-05-23 21:45:34.335921520 +0000
-@@ -223,7 +223,8 @@
- ldap_module \
- util_ldap_connection_find \
- util_ldap_connection_close \
-- util_ldap_connection_destroy \
-+ util_ldap_connection_unbind \
-+ util_ldap_connection_cleanup \
- util_ldap_cache_checkuserid \
- util_ldap_cache_compare \
- util_ldap_cache_comparedn \
-diff -Naur httpd-2.0.49/modules/experimental/README httpd-2.0.49-gentoo/modules/experimental/README
---- httpd-2.0.49/modules/experimental/README 2002-04-12 11:20:47.000000000 +0000
-+++ httpd-2.0.49-gentoo/modules/experimental/README 2004-05-23 21:45:34.338921064 +0000
-@@ -16,7 +16,7 @@
- the example module did as the various callbacks were made.
-
- To include the example module in your server add --enable-example to the
--other ./configure arguments executed from the httpd-2.0 directory. After
-+other ./configure arguments executed from the httpd-2.1 directory. After
- that run 'make'.
-
- To add another module of your own:
-diff -Naur httpd-2.0.49/modules/experimental/mod_auth_ldap.c httpd-2.0.49-gentoo/modules/experimental/mod_auth_ldap.c
---- httpd-2.0.49/modules/experimental/mod_auth_ldap.c 2004-02-09 20:53:16.000000000 +0000
-+++ httpd-2.0.49-gentoo/modules/experimental/mod_auth_ldap.c 2004-05-23 21:45:34.324923192 +0000
-@@ -42,7 +42,7 @@
- #include "http_request.h"
- #include "util_ldap.h"
-
--#ifndef APU_HAS_LDAP
-+#if !APR_HAS_LDAP
- #error mod_auth_ldap requires APR-util to have LDAP support built in
- #endif
-
-@@ -113,7 +113,6 @@
- static char* derive_codepage_from_lang (apr_pool_t *p, char *language)
- {
- int lang_len;
-- int check_short = 0;
- char *charset;
-
- if (!language) /* our default codepage */
-@@ -330,7 +329,6 @@
-
- /* sanity check - if server is down, retry it up to 5 times */
- if (result == LDAP_SERVER_DOWN) {
-- util_ldap_connection_destroy(ldc);
- if (failures++ <= 5) {
- goto start_over;
- }
-@@ -475,8 +473,8 @@
- method_restricted = 1;
-
- t = reqs[x].requirement;
-- w = ap_getword_white(r->pool, &t);
--
-+ w = ap_getword_white(r->pool, &t);
-+
- if (strcmp(w, "valid-user") == 0) {
- /*
- * Valid user will always be true if we authenticated with ldap,
-@@ -953,6 +951,15 @@
- }
- */
-
-+ /* make sure that mod_ldap (util_ldap) is loaded */
-+ if (ap_find_linked_module("util_ldap.c") == NULL) {
-+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
-+ "Module mod_ldap missing. Mod_ldap (aka. util_ldap) "
-+ "must be loaded in order for mod_auth_ldap to function properly");
-+ return HTTP_INTERNAL_SERVER_ERROR;
-+
-+ }
-+
- if (!charset_confname) {
- return OK;
- }
-diff -Naur httpd-2.0.49/modules/experimental/util_ldap.c httpd-2.0.49-gentoo/modules/experimental/util_ldap.c
---- httpd-2.0.49/modules/experimental/util_ldap.c 2004-02-11 18:07:46.000000000 +0000
-+++ httpd-2.0.49-gentoo/modules/experimental/util_ldap.c 2004-05-23 21:45:34.469901152 +0000
-@@ -38,7 +38,7 @@
- #include <unistd.h>
- #endif
-
--#ifndef APU_HAS_LDAP
-+#if !APR_HAS_LDAP
- #error mod_ldap requires APR-util to have LDAP support built in
- #endif
-
-@@ -88,6 +88,20 @@
- "\"http://www.w3.org/TR/REC-html40/frameset.dtd\">\n"
- #endif
-
-+
-+static void util_ldap_strdup (char **str, const char *newstr)
-+{
-+ if (*str) {
-+ free(*str);
-+ *str = NULL;
-+ }
-+
-+ if (newstr) {
-+ *str = calloc(1, strlen(newstr)+1);
-+ strcpy (*str, newstr);
-+ }
-+}
-+
- /*
- * Status Handler
- * --------------
-@@ -171,32 +185,52 @@
-
-
- /*
-- * Destroys an LDAP connection by unbinding. This function is registered
-- * with the pool cleanup function - causing the LDAP connections to be
-- * shut down cleanly on graceful restart.
-+ * Destroys an LDAP connection by unbinding and closing the connection to
-+ * the LDAP server. It is used to bring the connection back to a known
-+ * state after an error, and during pool cleanup.
- */
--LDAP_DECLARE_NONSTD(apr_status_t) util_ldap_connection_destroy(void *param)
-+LDAP_DECLARE_NONSTD(apr_status_t) util_ldap_connection_unbind(void *param)
- {
- util_ldap_connection_t *ldc = param;
-
-- /* unbinding from the LDAP server */
-- if (ldc->ldap) {
-- ldap_unbind_s(ldc->ldap);
-+ if (ldc) {
-+ if (ldc->ldap) {
-+ ldap_unbind_s(ldc->ldap);
-+ ldc->ldap = NULL;
-+ }
- ldc->bound = 0;
-- ldc->ldap = NULL;
- }
-
-- /* release the lock we were using. The lock should have
-- already been released in the close connection call.
-- But just in case it wasn't, we first try to get the lock
-- before unlocking it to avoid unlocking an unheld lock.
-- Unlocking an unheld lock causes problems on NetWare. The
-- other option would be to assume that close connection did
-- its job. */
--#if APR_HAS_THREADS
-- apr_thread_mutex_trylock(ldc->lock);
-- apr_thread_mutex_unlock(ldc->lock);
--#endif
-+ return APR_SUCCESS;
-+}
-+
-+
-+/*
-+ * Clean up an LDAP connection by unbinding and unlocking the connection.
-+ * This function is registered with the pool cleanup function - causing
-+ * the LDAP connections to be shut down cleanly on graceful restart.
-+ */
-+LDAP_DECLARE_NONSTD(apr_status_t) util_ldap_connection_cleanup(void *param)
-+{
-+ util_ldap_connection_t *ldc = param;
-+
-+ if (ldc) {
-+
-+ /* unbind and disconnect from the LDAP server */
-+ util_ldap_connection_unbind(ldc);
-+
-+ /* free the username and password */
-+ if (ldc->bindpw) {
-+ free((void*)ldc->bindpw);
-+ }
-+ if (ldc->binddn) {
-+ free((void*)ldc->binddn);
-+ }
-+
-+ /* unlock this entry */
-+ util_ldap_connection_close(ldc);
-+
-+ }
-
- return APR_SUCCESS;
- }
-@@ -290,11 +324,6 @@
- /* always default to LDAP V3 */
- ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
-
--
-- /* add the cleanup to the pool */
-- apr_pool_cleanup_register(ldc->pool, ldc,
-- util_ldap_connection_destroy,
-- apr_pool_cleanup_null);
- }
-
-
-@@ -313,9 +342,6 @@
- break;
- }
-
-- ldc->bound = 1;
-- ldc->reason = "LDAP: connection open successful";
--
- /* free the handle if there was an error
- */
- if (LDAP_SUCCESS != result)
-@@ -325,6 +351,10 @@
- ldc->bound = 0;
- ldc->reason = "LDAP: ldap_simple_bind_s() failed";
- }
-+ else {
-+ ldc->bound = 1;
-+ ldc->reason = "LDAP: connection open successful";
-+ }
-
- return(result);
- }
-@@ -362,18 +392,22 @@
- */
- for (l=st->connections,p=NULL; l; l=l->next) {
- #if APR_HAS_THREADS
-- if ( (APR_SUCCESS == apr_thread_mutex_trylock(l->lock)) &&
--#else
-- if (
-+ if (APR_SUCCESS == apr_thread_mutex_trylock(l->lock)) {
- #endif
-- l->port == port
-- && strcmp(l->host, host) == 0
-- && ( (!l->binddn && !binddn) || (l->binddn && binddn && !strcmp(l->binddn, binddn)) )
-- && ( (!l->bindpw && !bindpw) || (l->bindpw && bindpw && !strcmp(l->bindpw, bindpw)) )
-- && l->deref == deref
-- && l->secure == secure
-- )
-+ if ((l->port == port) && (strcmp(l->host, host) == 0) &&
-+ ((!l->binddn && !binddn) || (l->binddn && binddn && !strcmp(l->binddn, binddn))) &&
-+ ((!l->bindpw && !bindpw) || (l->bindpw && bindpw && !strcmp(l->bindpw, bindpw))) &&
-+ (l->deref == deref) && (l->secure == secure)) {
-+
- break;
-+ }
-+#if APR_HAS_THREADS
-+ /* If this connection didn't match the criteria, then we
-+ * need to unlock the mutex so it is available to be reused.
-+ */
-+ apr_thread_mutex_unlock(l->lock);
-+ }
-+#endif
- p = l;
- }
-
-@@ -383,21 +417,25 @@
- if (!l) {
- for (l=st->connections,p=NULL; l; l=l->next) {
- #if APR_HAS_THREADS
-- if ( (APR_SUCCESS == apr_thread_mutex_trylock(l->lock)) &&
--#else
-- if (
-+ if (APR_SUCCESS == apr_thread_mutex_trylock(l->lock)) {
-+
- #endif
-- l->port == port
-- && strcmp(l->host, host) == 0
-- && l->deref == deref
-- && l->secure == secure
-- ) {
-+ if ((l->port == port) && (strcmp(l->host, host) == 0) &&
-+ (l->deref == deref) && (l->secure == secure)) {
-+
- /* the bind credentials have changed */
- l->bound = 0;
-- l->binddn = apr_pstrdup(st->pool, binddn);
-- l->bindpw = apr_pstrdup(st->pool, bindpw);
-+ util_ldap_strdup((char**)&(l->binddn), binddn);
-+ util_ldap_strdup((char**)&(l->bindpw), bindpw);
- break;
- }
-+#if APR_HAS_THREADS
-+ /* If this connection didn't match the criteria, then we
-+ * need to unlock the mutex so it is available to be reused.
-+ */
-+ apr_thread_mutex_unlock(l->lock);
-+ }
-+#endif
- p = l;
- }
- }
-@@ -426,10 +464,15 @@
- l->host = apr_pstrdup(st->pool, host);
- l->port = port;
- l->deref = deref;
-- l->binddn = apr_pstrdup(st->pool, binddn);
-- l->bindpw = apr_pstrdup(st->pool, bindpw);
-+ util_ldap_strdup((char**)&(l->binddn), binddn);
-+ util_ldap_strdup((char**)&(l->bindpw), bindpw);
- l->secure = secure;
-
-+ /* add the cleanup to the pool */
-+ apr_pool_cleanup_register(l->pool, l,
-+ util_ldap_connection_cleanup,
-+ apr_pool_cleanup_null);
-+
- if (p) {
- p->next = l;
- }
-@@ -531,8 +574,8 @@
- if ((result = ldap_search_ext_s(ldc->ldap, const_cast(reqdn), LDAP_SCOPE_BASE,
- "(objectclass=*)", NULL, 1,
- NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) {
-- util_ldap_connection_close(ldc);
- ldc->reason = "DN Comparison ldap_search_ext_s() failed with server down";
-+ util_ldap_connection_unbind(ldc);
- goto start_over;
- }
- if (result != LDAP_SUCCESS) {
-@@ -584,7 +627,7 @@
- util_url_node_t curnode;
- util_compare_node_t *compare_nodep;
- util_compare_node_t the_compare_node;
-- apr_time_t curtime;
-+ apr_time_t curtime = 0; /* silence gcc -Wall */
- int failures = 0;
-
- util_ldap_state_t *st =
-@@ -660,8 +703,8 @@
- if ((result = ldap_compare_s(ldc->ldap, const_cast(dn), const_cast(attrib), const_cast(value)))
- == LDAP_SERVER_DOWN) {
- /* connection failed - try again */
-- util_ldap_connection_close(ldc);
- ldc->reason = "ldap_compare_s() failed with server down";
-+ util_ldap_connection_unbind(ldc);
- goto start_over;
- }
-
-@@ -781,6 +824,7 @@
- const_cast(filter), attrs, 0,
- NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) {
- ldc->reason = "ldap_search_ext_s() for user failed with server down";
-+ util_ldap_connection_unbind(ldc);
- goto start_over;
- }
-
-@@ -809,7 +853,7 @@
-
- /* Grab the dn, copy it into the pool, and free it again */
- dn = ldap_get_dn(ldc->ldap, entry);
-- *binddn = apr_pstrdup(st->pool, dn);
-+ *binddn = apr_pstrdup(r->pool, dn);
- ldap_memfree(dn);
-
- /*
-@@ -835,6 +879,7 @@
- LDAP_SERVER_DOWN) {
- ldc->reason = "ldap_simple_bind_s() to check user credentials failed with server down";
- ldap_msgfree(res);
-+ util_ldap_connection_unbind(ldc);
- goto start_over;
- }
-
-@@ -842,8 +887,18 @@
- if (result != LDAP_SUCCESS) {
- ldc->reason = "ldap_simple_bind_s() to check user credentials failed";
- ldap_msgfree(res);
-+ util_ldap_connection_unbind(ldc);
- return result;
- }
-+ else {
-+ /*
-+ * We have just bound the connection to a different user and password
-+ * combination, which might be reused unintentionally next time this
-+ * connection is used from the connection pool. To ensure no confusion,
-+ * we mark the connection as unbound.
-+ */
-+ ldc->bound = 0;
-+ }
-
- /*
- * Get values for the provided attributes.
-@@ -873,22 +928,23 @@
- /*
- * Add the new username to the search cache.
- */
-- LDAP_CACHE_WRLOCK();
-- the_search_node.username = filter;
-- the_search_node.dn = *binddn;
-- the_search_node.bindpw = bindpw;
-- the_search_node.lastbind = apr_time_now();
-- the_search_node.vals = vals;
- if (curl) {
-+ LDAP_CACHE_WRLOCK();
-+ the_search_node.username = filter;
-+ the_search_node.dn = *binddn;
-+ the_search_node.bindpw = bindpw;
-+ the_search_node.lastbind = apr_time_now();
-+ the_search_node.vals = vals;
- util_ald_cache_insert(curl->search_cache, &the_search_node);
-+ LDAP_CACHE_UNLOCK();
- }
- ldap_msgfree(res);
-- LDAP_CACHE_UNLOCK();
-
- ldc->reason = "Authentication successful";
- return LDAP_SUCCESS;
- }
-
-+
- /*
- * Reports if ssl support is enabled
- *
-@@ -916,8 +972,9 @@
- st->cache_bytes = atol(bytes);
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
-- "[%d] ldap cache: Setting shared memory cache size to %d bytes.",
-- getpid(), st->cache_bytes);
-+ "[%" APR_PID_T_FMT "] ldap cache: Setting shared memory "
-+ " cache size to %" APR_SIZE_T_FMT " bytes.",
-+ getpid(), st->cache_bytes);
-
- return NULL;
- }
-@@ -1025,7 +1082,7 @@
- }
-
-
--const char *util_ldap_set_cert_type(cmd_parms *cmd, void *dummy, const char *Type)
-+static const char *util_ldap_set_cert_type(cmd_parms *cmd, void *dummy, const char *Type)
- {
- util_ldap_state_t *st =
- (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
-@@ -1073,19 +1130,16 @@
-
- static apr_status_t util_ldap_cleanup_module(void *data)
- {
-+#if APR_HAS_LDAP_SSL && APR_HAS_NOVELL_LDAPSDK
- server_rec *s = data;
--
- util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(
-- s->module_config, &ldap_module);
-+ s->module_config, &ldap_module);
-+
-+ if (st->ssl_support)
-+ ldapssl_client_deinit();
-
-- #if APR_HAS_LDAP_SSL
-- #if APR_HAS_NOVELL_LDAPSDK
-- if (st->ssl_support)
-- ldapssl_client_deinit();
-- #endif
-- #endif
--
-- return(APR_SUCCESS);
-+#endif
-+ return APR_SUCCESS;
- }
-
- static int util_ldap_post_config(apr_pool_t *p, apr_pool_t *plog,
-@@ -1115,7 +1169,7 @@
- s_vhost = s->next;
- while (s_vhost) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, result, s,
-- "LDAP merging Shared Cache conf: shm=0x%x rmm=0x%x for VHOST: %s",
-+ "LDAP merging Shared Cache conf: shm=0x%pp rmm=0x%pp for VHOST: %s",
- st->cache_shm, st->cache_rmm, s_vhost->server_hostname);
-
- st_vhost = (util_ldap_state_t *)ap_get_module_config(s_vhost->module_config, &ldap_module);
-diff -Naur httpd-2.0.49/modules/experimental/util_ldap_cache.c httpd-2.0.49-gentoo/modules/experimental/util_ldap_cache.c
---- httpd-2.0.49/modules/experimental/util_ldap_cache.c 2004-02-11 18:07:46.000000000 +0000
-+++ httpd-2.0.49-gentoo/modules/experimental/util_ldap_cache.c 2004-05-23 21:45:34.565886560 +0000
-@@ -25,7 +25,7 @@
- #include "util_ldap.h"
- #include "util_ldap_cache.h"
-
--#ifdef APU_HAS_LDAP
-+#if APR_HAS_LDAP
-
- #if APR_HAS_SHARED_MEMORY
- #define MODLDAP_SHMEM_CACHE "/tmp/mod_ldap_cache"
-@@ -292,4 +292,4 @@
- }
-
-
--#endif /* APU_HAS_LDAP */
-+#endif /* APR_HAS_LDAP */
-diff -Naur httpd-2.0.49/modules/experimental/util_ldap_cache.h httpd-2.0.49-gentoo/modules/experimental/util_ldap_cache.h
---- httpd-2.0.49/modules/experimental/util_ldap_cache.h 2004-02-11 18:07:46.000000000 +0000
-+++ httpd-2.0.49-gentoo/modules/experimental/util_ldap_cache.h 2004-05-23 21:45:34.569885952 +0000
-@@ -21,7 +21,7 @@
- */
-
- /* this whole thing disappears if LDAP is not enabled */
--#ifdef APU_HAS_LDAP
-+#if APR_HAS_LDAP
-
-
- /*
-@@ -195,5 +195,5 @@
- char *util_ald_cache_display_stats(apr_pool_t *p, util_ald_cache_t *cache,
- char *name);
-
--#endif /* APU_HAS_LDAP */
-+#endif /* APR_HAS_LDAP */
- #endif /* APU_LDAP_CACHE_H */
-diff -Naur httpd-2.0.49/modules/experimental/util_ldap_cache_mgr.c httpd-2.0.49-gentoo/modules/experimental/util_ldap_cache_mgr.c
---- httpd-2.0.49/modules/experimental/util_ldap_cache_mgr.c 2004-03-01 18:04:45.000000000 +0000
-+++ httpd-2.0.49-gentoo/modules/experimental/util_ldap_cache_mgr.c 2004-05-23 21:45:34.577884736 +0000
-@@ -26,7 +26,7 @@
- #include "util_ldap_cache.h"
- #include <apr_strings.h>
-
--#ifdef APU_HAS_LDAP
-+#if APR_HAS_LDAP
-
- /* only here until strdup is gone */
- #include <string.h>
-@@ -515,4 +515,4 @@
- return buf;
- }
-
--#endif /* APU_HAS_LDAP */
-+#endif /* APR_HAS_LDAP */
diff --git a/net-www/apache/files/patches/2.0.49-r2/01_gentoo_cvs_sync.patch b/net-www/apache/files/patches/2.0.49-r2/01_gentoo_cvs_sync.patch
deleted file mode 100644
index 73b57c0cca6f..000000000000
--- a/net-www/apache/files/patches/2.0.49-r2/01_gentoo_cvs_sync.patch
+++ /dev/null
@@ -1,13507 +0,0 @@
-diff -Naur httpd-2.0.49/CHANGES.orig httpd-2.0.49-gentoo/CHANGES.orig
---- httpd-2.0.49/CHANGES.orig 1970-01-01 00:00:00.000000000 +0000
-+++ httpd-2.0.49-gentoo/CHANGES.orig 2004-03-18 07:36:52.000000000 +0000
-@@ -0,0 +1,13405 @@
-+Changes with Apache 2.0.49
-+
-+ *) SECURITY: CAN-2004-0174 (cve.mitre.org)
-+ Fix starvation issue on listening sockets where a short-lived
-+ connection on a rarely-accessed listening socket will cause a
-+ child to hold the accept mutex and block out new connections until
-+ another connection arrives on that rarely-accessed listening socket.
-+ With Apache 2.x there is no performance concern about enabling the
-+ logic for platforms which don't need it, so it is enabled everywhere
-+ except for Win32. [Jeff Trawick]
-+
-+ *) mod_cgid: Fix storage corruption caused by use of incorrect pool.
-+ [Jeff Trawick]
-+
-+ *) Win32: find_read_listeners was not correctly handling multiple
-+ listeners on the Win32DisableAcceptEx path. [Bill Stoddard]
-+
-+ *) Fix bug in mod_usertrack when no CookieName is set. PR 24483.
-+ [Manni Wood <manniwood planet-save.com>]
-+
-+ *) Fix some piped log problems: bogus "piped log program '(null)'
-+ failed" messages during restart and problem with the logger
-+ respawning again after Apache is stopped. PR 21648, PR 24805.
-+ [Jeff Trawick]
-+
-+ *) Fixed file extensions for real media files and removed rpm extension
-+ from mime.types. PR 26079. [Allan Sandfeld <kde carewolf.com>]
-+
-+ *) Remove compile-time length limit on request strings. Length is
-+ now enforced solely with the LimitRequestLine config directive.
-+ [Paul J. Reder]
-+
-+ *) mod_ssl: Send the Close Alert message to the peer before closing
-+ the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton]
-+
-+ *) SECURITY: CAN-2004-0113 (cve.mitre.org)
-+ mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
-+ PR 27106. [Joe Orton]
-+
-+ *) mod_ssl: Fix bug in passphrase handling which could cause spurious
-+ failures in SSL functions later. PR 21160. [Joe Orton]
-+
-+ *) mod_log_config: Fix corruption of buffered logs with threaded
-+ MPMs. PR 25520. [Jeff Trawick]
-+
-+ *) Fix mod_include's expression parser to recognize strings correctly
-+ even if they start with an escaped token. [André Malo]
-+
-+ *) Add fatal exception hook for use by diagnostic modules. The hook
-+ is only available if the --enable-exception-hook configure parm
-+ is used and the EnableExceptionHook directive has been set to
-+ "on". [Jeff Trawick]
-+
-+ *) Allow mod_auth_digest to work with sub-requests with different
-+ methods than the original request. PR 25040.
-+ [Josh Dady <jpd indecisive.com>]
-+
-+ *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
-+ argumentless containers.
-+ ["Philippe M. Chiasson" <gozer cpan.org>]
-+
-+ *) mod_auth_ldap: Fix some segfaults in the cache logic. PR 18756.
-+ [Matthieu Estrade <apache moresecurity.org>, Brad Nicholes]
-+
-+ *) mod_cgid: Restart the cgid daemon if it crashes. PR 19849
-+ [Glenn Nielsen <glenn apache.org>]
-+
-+ *) The whole codebase was relicensed and is now available under
-+ the Apache License, Version 2.0 (http://www.apache.org/licenses).
-+ [Apache Software Foundation]
-+
-+ *) Fixed cache-removal order in mod_mem_cache.
-+ [Jean-Jacques Clar, Cliff Woolley]
-+
-+ *) mod_setenvif: Fix the regex optimizer, which under circumstances
-+ treated the supplied regex as literal string. PR 24219.
-+ [André Malo]
-+
-+ *) ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
-+ instead of mmn. [André Malo]
-+
-+ *) mod_rewrite: Catch an edge case, where strange subsequent RewriteRules
-+ could lead to a 400 (Bad Request) response. [André Malo]
-+
-+ *) Keep focus of ITERATE and ITERATE2 on the current module when
-+ the module chooses to return DECLINE_CMD for the directive.
-+ PR 22299. [Geoffrey Young <geoff apache.org>]
-+
-+ *) Add support for IMT minor-type wildcards (e.g., text/*) to
-+ ExpiresByType. PR#7991 [Ken Coar]
-+
-+ *) Fix segfault in mod_mem_cache cache_insert() due to cache size
-+ becoming negative. PR: 21285, 21287
-+ [Bill Stoddard, Massimo Torquati, Jean-Jacques Clar]
-+
-+ *) core.c: If large file support is enabled, allow any file that is
-+ greater than AP_MAX_SENDFILE to be split into multiple buckets.
-+ This allows Apache to send files that are greater than 2gig.
-+ Otherwise we run into 32/64 bit type mismatches in the file size.
-+ [Brad Nicholes]
-+
-+ *) proxy_http fix: mod_proxy hangs when both KeepAlive and
-+ ProxyErrorOverride are enabled, and a non-200 response without a
-+ body is generated by the backend server. (e.g.: a client makes a
-+ request containing the "If-Modified-Since" and "If-None-Match"
-+ headers, to which the backend server respond with status 304.)
-+ [Graham Wiseman <gwiseman fscinternet.com>, Richard Reiner]
-+
-+ *) mod_dav: Reject requests which include an unescaped fragment in the
-+ Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
-+
-+ *) Build array of allowed methods with proper dimensions, fixing
-+ possible memory corruption. [Jeff Trawick]
-+
-+ *) mod_ssl: Fix potential segfault on lookup of SSL_SESSION_ID.
-+ PR 15057. [Otmar Lendl <lendl nic.at>]
-+
-+ *) mod_ssl: Fix streaming output from an nph- CGI script. PR 21944
-+ [Joe Orton]
-+
-+ *) mod_usertrack no longer inspects the Cookie2 header for
-+ the cookie name. PR 11475. [Chris Darrochi <chrisd pearsoncmg.com>]
-+
-+ *) mod_usertrack no longer overwrites other cookies.
-+ PR 26002. [Scott Moore <apache nopdesign.com>]
-+
-+ *) worker MPM: fix stack overlay bug that could cause the parent
-+ process to crash. [Jeff Trawick]
-+
-+ *) Win32: Add Win32DisableAcceptEx directive. This Windows
-+ NT/2000/CP directive is useful to work around bugs in some
-+ third party layered service providers like virus scanners,
-+ VPN and firewall products, that do not properly handle
-+ WinSock 2 APIs. Use this directive if your server is issuing
-+ AcceptEx failed messages.
-+ [Allan Edwards, Bill Rowe, Bill Stoddard, Jeff Trawick]
-+
-+ *) Make REMOTE_PORT variable available in mod_rewrite.
-+ PR 25772. [André Malo]
-+
-+ *) Fix a long delay with CGI requests and keepalive connections on
-+ AIX. [Jeff Trawick]
-+
-+ *) mod_autoindex: Add 'XHTML' option in order to allow switching between
-+ HTML 3.2 and XHTML 1.0 output. PR 23747. [André Malo]
-+
-+ *) Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
-+ [André Malo]
-+
-+ *) mod_ssl: Advertise SSL library version as determined at run-time rather
-+ than at compile-time. PR 23956. [Eric Seidel <seidel apple.com>]
-+
-+ *) mod_ssl: Fix segfault on a non-SSL request if the 'c' log
-+ format code is used. PR 22741. [Gary E. Miller <gem rellim.com>]
-+
-+ *) Fix build with parallel make. PR 24643. [Joe Orton]
-+
-+ *) mod_rewrite: In external rewrite maps lookup keys containing
-+ a newline now cause a lookup failure. PR 14453.
-+ [Cedric Gavage <cedric.gavage unixtech.be>, André Malo]
-+
-+ *) Backport major overhaul of mod_include's filter parser from 2.1.
-+ The new parser code is expected to be more robust and should
-+ catch all of the edge cases that were not handled by the previous one.
-+ The 2.1 external API changes were hidden by a wrapper which is
-+ expected to keep the API backwards compatible. [André Malo]
-+
-+ *) Add a hook (insert_error_filter) to allow filters to re-insert
-+ themselves during processing of error responses. Enable mod_expires
-+ to use the new hook to include Expires headers in valid error
-+ responses. This addresses an RFC violation. It fixes PRs 19794,
-+ 24884, and 25123. [Paul J. Reder]
-+
-+ *) Add Polish translation of error messages. PR 25101.
-+ [Tomasz Kepczynski <tomek jot23.org>]
-+
-+ *) Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. (Not yet
-+ supported for BeOS or OS/2 MPMs.) [Jeff Trawick, Brad Nicholes,
-+ Bill Stoddard]
-+
-+ *) Add mod_status hook to allow modules to add to the mod_status
-+ report. [Joe Orton]
-+
-+ *) Fix htdbm to generate comment fields in DBM files correctly.
-+ [Justin Erenkrantz]
-+
-+ *) mod_dav: Use bucket brigades when reading PUT data. This avoids
-+ problems if the data stream is modified by an input filter. PR 22104.
-+ [Tim Robbins <tim robbins.dropbear.id.au>, André Malo]
-+
-+ *) Fix RewriteBase directive to not add double slashes. [André Malo]
-+
-+ *) Improve 'configure --help' output for some modules. [Astrid Keßler]
-+
-+ *) Correct UseCanonicalName Off to properly check incoming port number.
-+ [Jim Jagielski]
-+
-+ *) Fix slow graceful restarts with prefork MPM. [Joe Orton]
-+
-+ *) Fix a problem with namespace mappings being dropped in mod_dav_fs;
-+ if any property values were set which defined namespaces these
-+ came out mangled in the PROPFIND response. PR 11637.
-+ [Amit Athavale <amit_athavale persistent.co.in>]
-+
-+ *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
-+ the destination resource gives a 401. PR 15571. [Joe Orton]
-+
-+ *) SECURITY: CAN-2003-0020 (cve.mitre.org)
-+ Escape arbitrary data before writing into the errorlog. Unescaped
-+ errorlogs are still possible using the compile time switch
-+ "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, André Malo]
-+
-+ *) mod_autoindex / core: Don't fail to show filenames containing
-+ special characters like '%'. PR 13598. [André Malo]
-+
-+ *) mod_status: Report total CPU time accurately when using a threaded
-+ MPM. PR 23795. [Jeff Trawick]
-+
-+ *) Fix memory leak in handling of request bodies during reverse
-+ proxy operations. PR 24991. [Larry Toppi <larry.toppi citrix.com>]
-+
-+ *) Win32 MPM: Implement MaxMemFree to enable setting an upper
-+ limit on the amount of storage used by the bucket brigades
-+ in each server thread. [Bill Stoddard]
-+
-+ *) Modified the cache code to be header-location agnostic. Also
-+ fixed a number of other cache code bugs related to PR 15852.
-+ Includes a patch submitted by Sushma Rai <rsushma novell.com>.
-+ This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
-+ closing the PR since that is what they are using. [Paul J. Reder]
-+
-+ *) complain via error_log when mod_include's INCLUDES filter is
-+ enabled, but the relevant Options flag allowing the filter to run
-+ for the specific resource wasn't set, so that the filter won't
-+ silently get skipped. next remove itself, so the warning will be
-+ logged only once [Stas Bekman, Jeff Trawick, Bill Rowe]
-+
-+ *) mod_info: HTML escape configuration information so it displays
-+ correctly. PR 24232. [Thom May]
-+
-+ *) Restore the ability to add a description for directories that
-+ don't contain an index file. (Broken in 2.0.48) [André Malo]
-+
-+ *) Fix a problem with the display of empty variables ("SetEnv foo") in
-+ mod_include. PR 24734 [Markus Julen <mj zermatt.net>]
-+
-+ *) mod_log_config: Log the minutes component of the timezone correctly.
-+ PR 23642. [Hong-Gunn Chew <hgbug gunnet.org>]
-+
-+ *) mod_proxy: Fix cases where an invalid status-line could be sent
-+ to the client. PR 23998. [Joe Orton]
-+
-+ *) mod_ssl: Fix segfaults at startup if other modules which use OpenSSL
-+ are also loaded. [Joe Orton]
-+
-+ *) mod_ssl: Use human-readable OpenSSL error strings in logs; use
-+ thread-safe interface for retrieving error strings. [Joe Orton]
-+
-+ *) mod_expires: Initialize ExpiresDefault to NULL instead of "" to
-+ avoid reporting an Internal Server error if it is used without
-+ having been set in the httpd.conf file. PR: 23748, 24459
-+ [Andre Malo, Liam Quinn <liam htmlhelp.com>]
-+
-+ *) mod_autoindex: Don't omit the <tr> start tag if the SuppressIcon
-+ option is set. PR 21668. [Jesse Tie-Ten-Quee <highos highos.com>]
-+
-+ *) mod_include no longer allows an ETag header on 304 responses.
-+ PR 19355. [Geoffrey Young <geoff apache.org>, André Malo]
-+
-+ *) EBCDIC: Convert header fields to ASCII before sending (broken
-+ since 2.0.44). [Martin Kraemer]
-+
-+ *) Fix the inability to log errors like exec failure in
-+ mod_ext_filter/mod_cgi script children. This was broken after
-+ such children stopped inheriting the error log handle.
-+ [Jeff Trawick]
-+
-+ *) Fix mod_info to use the real config file name, not the default
-+ config file name. [Aryeh Katz <aryeh secured-services.com>]
-+
-+ *) Set the scoreboard state to indicate logging prior to running
-+ logging hooks so that server-status will show 'L' for hung loggers
-+ instead of 'W'. [Jeff Trawick]
-+
-+Changes with Apache 2.0.48
-+
-+ *) SECURITY [CAN-2003-0789]: mod_cgid: Resolve some mishandling of
-+ the AF_UNIX socket used to communicate with the cgid daemon and
-+ the CGI script. [Jeff Trawick]
-+
-+ *) SECURITY [CAN-2003-0542]: Fix buffer overflows in mod_alias and
-+ mod_rewrite which occurred if one configured a regular expression
-+ with more than 9 captures. [André Malo]
-+
-+ *) mod_include: fix segfault which occured if the filename was not
-+ set, for example, when processing some error conditions.
-+ PR 23836. [Brian Akins <bakins web.turner.com>, André Malo]
-+
-+ *) fix the config parser to support <Foo>..</Foo> containers (no
-+ arguments in the opening tag) supported by httpd 1.3. Without
-+ this change mod_perl 2.0's <Perl> sections are broken.
-+ ["Philippe M. Chiasson" <gozer cpan.org>]
-+
-+ *) mod_cgid: fix a hash table corruption problem which could
-+ result in the wrong script being cleaned up at the end of a
-+ request. [Jeff Trawick]
-+
-+ *) Update httpd-*.conf to be clearer in describing the connection
-+ between AddType and AddEncoding for defining the meaning of
-+ compressed file extensions. [Roy Fielding]
-+
-+ *) mod_rewrite: Don't die silently when failing to open RewriteLogs.
-+ PR 23416. [André Malo]
-+
-+ *) mod_rewrite: Fix mod_rewrite's support of the [P] option to send
-+ rewritten request using "proxy:". The code was adding multiple "proxy:"
-+ fields in the rewritten URI. PR: 13946.
-+ [Eider Oliveira <eider bol.com.br>]
-+
-+ *) cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and
-+ expires as directed in RFC 2616. [Thomas Castelle <tcastelle generali.fr>]
-+
-+ *) Ensure that ssl-std.conf is generated at configure time, and switch
-+ to using the expanded config variables to work the same as
-+ httpd-std.conf PR: 19611
-+ [Thom May]
-+
-+ *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
-+ [Hartmut Keil <Hartmut.Keil adnovum.ch>]
-+
-+ *) mod_autoindex: If a directory contains a file listed in the
-+ DirectoryIndex directive, the folder icon is no longer replaced
-+ by the icon of that file. PR 9587.
-+ [David Shane Holden <dpejesh yahoo.com>]
-+
-+ *) Fixed mod_usertrack to not get false positive matches on the
-+ user-tracking cookie's name. PR 16661.
-+ [Manni Wood <manniwood planet-save.com>]
-+
-+ *) mod_cache: Fix the cache code so that responses can be cached
-+ if they have an Expires header but no Etag or Last-Modified
-+ headers. PR 23130.
-+ [<bjorn exoweb.net>]
-+
-+ *) mod_log_config: Fix %b log format to write really "-" when 0 bytes
-+ were sent (e.g. with 304 or 204 response codes). [Astrid Keßler]
-+
-+ *) Modify ap_get_client_block() to note if it has seen EOS.
-+ [Justin Erenkrantz]
-+
-+ *) Fix a bug, where mod_deflate sometimes unconditionally compressed the
-+ content if the Accept-Encoding header contained only other tokens than
-+ "gzip" (such as "deflate"). PR 21523. [Joe Orton, André Malo]
-+
-+ *) Avoid an infinite recursion, which occured if the name of an included
-+ config file or directory contained a wildcard character. PR 22194.
-+ [André Malo]
-+
-+ *) mod_ssl: Fix a problem setting variables that represent the
-+ client certificate chain. PR 21371 [Jeff Trawick]
-+
-+ *) Unix: Handle permissions settings for flock-based mutexes in
-+ unixd_set_global|proc_mutex_perms(). Allow the functions to be
-+ called for any type of mutex. PR 20312 [Jeff Trawick]
-+
-+ *) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]
-+
-+ *) Fix a misleading message from the some of the threaded MPMs when
-+ MaxClients has to be lowered due to the setting of ServerLimit.
-+ [Jeff Trawick]
-+
-+ *) Lower the severity of the "listener thread didn't exit" message
-+ to debug, as it is of interest only to developers. PR 9011
-+ [Jeff Trawick]
-+
-+ *) MPMs: The bucket brigades subsystem now honors the MaxMemFree setting.
-+ [Cliff Woolley, Jean-Jacques Clar]
-+
-+ *) Install config.nice into the build/ directory to make
-+ minor version upgrades easier. [Joshua Slive]
-+
-+ *) Fix mod_deflate so that it does not call deflate() without checking
-+ first whether it has something to deflate. (Currently this causes
-+ deflate to generate a fatal error according to the zlib spec.)
-+ PR 22259. [Stas Bekman]
-+
-+ *) mod_ssl: Fix FakeBasicAuth for subrequest. Log an error when an
-+ identity spoof is encountered.
-+ [Sander Striker]
-+
-+ *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
-+ containing the .htaccess file is requested without a trailing slash.
-+ PR 20195. [André Malo]
-+
-+ *) ab: Overlong credentials given via command line no longer clobber
-+ the buffer. [André Malo]
-+
-+ *) mod_deflate: Don't attempt to hold all of the response until we're
-+ done. [Justin Erenkrantz]
-+
-+ *) Assure that we block properly when reading input bodies with SSL.
-+ PR 19242. [David Deaves <David.Deaves dd.id.au>, William Rowe]
-+
-+ *) Update mime.types to include latest IANA and W3C types. [Roy Fielding]
-+
-+ *) mod_ext_filter: Set additional environment variables for use by
-+ the external filter. PR 20944. [Andrew Ho, Jeff Trawick]
-+
-+ *) Fix buildconf errors when libtool version changes. [Jeff Trawick]
-+
-+ *) Remember an authenticated user during internal redirects if the
-+ redirection target is not access protected and pass it
-+ to scripts using the REDIRECT_REMOTE_USER environment variable.
-+ PR 10678, 11602. [André Malo]
-+
-+ *) mod_include: Fix a trio of bugs that would cause various unusual
-+ sequences of parsed bytes to omit portions of the output stream.
-+ PR 21095. [Ron Park <ronald.park cnet.com>, André Malo, Cliff Woolley]
-+
-+ *) Update the header token parsing code to allow LWS between the
-+ token word and the ':' seperator. [PR 16520]
-+ [Kris Verbeeck <kris.verbeeck advalvas.be>, Nicel KM <mnicel yahoo.com>]
-+
-+ *) Eliminate creation of a temporary table in ap_get_mime_headers_core()
-+ [Joe Schaefer <joe+gmane sunstarsys.com>]
-+
-+ *) Added FreeBSD directory layout. PR 21100.
-+ [Sander Holthaus <info orangexl.com>, André Malo]
-+
-+ *) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP
-+ response. PR 21085. [Glenn Nielsen <glenn apache.org>, André Malo]
-+
-+ *) mod_rewrite: Perform child initialization on the rewrite log lock.
-+ This fixes a log corruption issue when flock-based serialization
-+ is used (e.g., FreeBSD). [Jeff Trawick]
-+
-+ *) Don't respect the Server header field as set by modules and CGIs.
-+ As with 1.3, for proxy requests any such field is from the origin
-+ server; otherwise it will have our server info as controlled by
-+ the ServerTokens directive. [Jeff Trawick]
-+
-+Changes with Apache 2.0.47
-+
-+ *) SECURITY [CAN-2003-0192]: Fixed a bug whereby certain sequences
-+ of per-directory renegotiations and the SSLCipherSuite directive
-+ being used to upgrade from a weak ciphersuite to a strong one
-+ could result in the weak ciphersuite being used in place of the
-+ strong one. [Ben Laurie]
-+
-+ *) SECURITY [CAN-2003-0253]: Fixed a bug in prefork MPM causing
-+ temporary denial of service when accept() on a rarely accessed port
-+ returns certain errors. Reported by Saheed Akhtar
-+ <S.Akhtar talis.com>. [Jeff Trawick]
-+
-+ *) SECURITY [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial
-+ of service when target host is IPv6 but proxy server can't create
-+ IPv6 socket. Fixed by the reporter. [Yoshioka Tsuneo
-+ <tsuneo.yoshioka f-secure.com>]
-+
-+ *) SECURITY [VU#379828] Prevent the server from crashing when entering
-+ infinite loops. The new LimitInternalRecursion directive configures
-+ limits of subsequent internal redirects and nested subrequests, after
-+ which the request will be aborted. PR 19753 (and probably others).
-+ [William Rowe, Jeff Trawick, André Malo]
-+
-+ *) core_output_filter: don't split the brigade after a FLUSH bucket if
-+ it's the last bucket. This prevents creating unneccessary empty
-+ brigades which may not be destroyed until the end of a keepalive
-+ connection.
-+ [Juan Rivera <Juan.Rivera citrix.com>]
-+
-+ *) Add support for "streamy" PROPFIND responses.
-+ [Ben Collins-Sussman <sussman collab.net>]
-+
-+ *) mod_cgid: Eliminate a double-close of a socket. This resolves
-+ various operational problems in a threaded MPM, since on the
-+ second attempt to close the socket, the same descriptor was
-+ often already in use by another thread for another purpose.
-+ [Jeff Trawick]
-+
-+ *) mod_negotiation: Introduce "prefer-language" environment variable,
-+ which allows to influence the negotiation process on request basis
-+ to prefer a certain language. [André Malo]
-+
-+ *) Make mod_expires' ExpiresByType work properly, including for
-+ dynamically-generated documents. [Ken Coar, Bill Stoddard]
-+
-+Changes with Apache 2.0.46
-+
-+ *) SECURITY [CAN-2003-0245]: Fixed a bug causing apr_pvsprintf() to crash
-+ by sending an overly long string. This can be triggered remotely
-+ through mod_dav, mod_ssl, and other mechanisms. Reported by David
-+ Endler <DEndler iDefense.com>.
-+ [Joe Orton <jorton redhat.com>]
-+
-+ *) SECURITY [CAN-2003-0189]: Fixed a denial-of-service vulnerability
-+ affecting basic authentication on Unix platforms related to
-+ thread-safety in apr_password_validate(). The problem was reported
-+ by John Hughes <john.hughes entegrity.com>.
-+
-+ *) Fix for mod_dav. Call the 'can_be_activity' callback, if provided,
-+ when a MKACTIVITY request comes in.
-+ [Ben Collins-Sussman <sussman collab.net>]
-+
-+ *) Perform run-time query in apxs for apr and apr-util's includes.
-+ [Justin Erenkrantz]
-+
-+ *) run libtool from the apr install directory (in case that is different
-+ from the apache install directory) [Jeff Trawick]
-+
-+ *) configure.in: Play nice with libtool-1.5. [Wilfredo Sanchez]
-+
-+ *) If mod_mime_magic does not know the content-type, do not attempt to
-+ guess. PR 16908. [Andrew Gapon <agapon telcordia.com>]
-+
-+ *) ssl session caching(shmht) : Fix a SEGV problem with SHMHT session
-+ caching. PR 17864.
-+ [Andreas Leimbacher <andreasl67 yahoo.de>, Madhusudan Mathihalli]
-+
-+ *) Add a delete flag to htpasswd.
-+ [Thom May]
-+
-+ *) Fix mod_rewrite's handling of absolute URIs. The escaping routines
-+ now work scheme dependent and the query string will only be
-+ appended if supported by the particular scheme. [André Malo]
-+
-+ *) Add another check for already compressed content in mod_deflate.
-+ PR 19913. [Tsuyoshi SASAMOTO <nazonazo super.win.ne.jp>]
-+
-+ *) Fixes for VPATH builds; copying special.mk and any future .mk files
-+ from the source tree as well as the build tree (now creates a usable
-+ configuration for apxs), and eliminated redundant -I'nclude paths.
-+ [William Rowe]
-+
-+ *) Code fixes, constness corrections and ssl_toolkit_compat.h updates
-+ for SSLC and OpenSSL toolkit compatibility. Still work remains to
-+ be done to cripple features based on the limitations of RSA's binary
-+ distribution of their SSL-C toolkit.
-+ [William Rowe, Madhusudan Mathihalli, Jeff Trawick]
-+
-+ *) Linux 2.4+: If Apache is started as root and you code
-+ CoreDumpDirectory, coredumps are enabled via the prctl() syscall.
-+ [Greg Ames]
-+
-+ *) ap_get_mime_headers_core: allocate space for the trailing null
-+ when folding is in effect.
-+ PR 18170 [Peter Mayne <PeterMayne SPAM_SUX.ap.spherion.com>]
-+
-+ *) Fix --enable-mods-shared=most and other variants. [Aaron Bannert]
-+
-+ *) mod_log_config: Add the ability to log the id of the thread
-+ processing the request via new %P formats. [Jeff Trawick]
-+
-+ *) Use appropriate language codes for Czech (cs) and Traditional Chinese
-+ (zh-tw) in default config files. PR 9427. [André Malo]
-+
-+ *) mod_auth_ldap: Use generic whitespace character class when parsing
-+ "require" directives, instead of literal spaces only. PR 17135.
-+ [André Malo]
-+
-+ *) Hook mod_rewrite's type checker before mod_mime's one. That way the
-+ RewriteRule [T=...] Flag should work as expected now. PR 19626.
-+ [André Malo]
-+
-+ *) htpasswd: Check the processed file on validity. If a line is not empty
-+ and not a comment, it must contain at least one colon. Otherwise exit
-+ with error code 7. [Kris Verbeeck <Kris.Verbeeck ubizen.com>, Thom May]
-+
-+ *) Fix a problem that caused httpd to be linked with incorrect flags
-+ on some platforms when mod_so was enabled by default, breaking
-+ DSOs on AIX. PR 19012 [Jeff Trawick]
-+
-+ *) By default, use the same CC and CPP with which APR was built.
-+ The user can override with CC and CPP environment variables.
-+ [Jeff Trawick]
-+
-+ *) Fix ap_construct_url() so that it surrounds IPv6 literal address
-+ strings with []. This fixes certain types of redirection.
-+ PR 19207. [Jeff Trawick]
-+
-+ *) forward port of buffer overflow fixes for htdigest. [Thom May]
-+
-+ *) Added AllowEncodedSlashes directive to permit control of whether
-+ the server will accept encoded slashes ('%2f') in the URI path.
-+ Default condition is off (the historical behaviour). This permits
-+ environments in which the path-info needs to contain encoded
-+ slashes. PR 543, 2389, 3581, 3589, 5687, 7066, 7865, 14639. [Ken Coar]
-+
-+ *) When using Redirect in directory context, append requested query
-+ string if there's no one supplied by configuration. PR 10961.
-+ [André Malo]
-+
-+ *) Unescape the supplied wildcard pattern in mod_autoindex. Otherwise
-+ the pattern will not always match as desired. PR 12596.
-+ [André Malo]
-+
-+ *) mod_autoindex now emits and accepts modern query string parameter
-+ delimiters (;). Thus column headers no longer contain unescaped
-+ ampersands. PR 10880 [André Malo]
-+
-+ *) Enable ap_sock_disable_nagle for Windows. This along with the
-+ addition of APR_TCP_NODELAY_INHERITED to apr.hw will cause Nagle
-+ to be disabled for Windows. [Allan Edwards]
-+
-+ *) Correct a mis-correlation between mpm_common.c and mpm_common.h;
-+ This patch reverts us to pre-2.0.46 behavior, using the
-+ ap_sock_disable_nagle noop macro, because ap_sock_disable_nagle
-+ was never compiled on Win32. [Allan Edwards, William Rowe]
-+
-+ *) Fix a build problem with passing unsupported --enable-layout
-+ args to apr and apr-util. This broke binbuild.sh as well as
-+ user-specified layout parameters. PR 18649 [Justin Erenkrantz,
-+ Jeff Trawick]
-+
-+ *) If a Date response header was already set in the headers array,
-+ this value was ignored in favour of the current time. This meant
-+ that Date headers on proxied requests where rewritten when they
-+ should not have been. PR: 14376 [Graham Leggett]
-+
-+ *) Add code to buildconf that produces an httpd.spec file from
-+ httpd.spec.in, using build/get-version.sh from APR.
-+ [Graham Leggett]
-+
-+ *) Fixed a segfault when multiple ProxyBlock directives were used.
-+ PR: 19023 [Sami Tikka <sami.tikka f-secure.com>]
-+
-+ *) SECURITY [CAN-2003-0134] OS2: Fix a Denial of Service vulnerability
-+ identified and reported by Robert Howard <rihoward rawbw.com> that
-+ where device names faulted the running OS2 worker process.
-+ The fix is actually in APR 0.9.4. [Brian Havard]
-+
-+ *) Forward port: Escape special characters (especially control
-+ characters) in mod_log_config to make a clear distinction between
-+ client-supplied strings (with special characters) and server-side
-+ strings. This was already introduced in version 1.3.25.
-+ [André Malo]
-+
-+ *) mod_deflate: Check also err_headers_out for an already set
-+ Content-Encoding: gzip header. This prevents gzip compressed content
-+ from a CGI script from being compressed once more. PR 17797.
-+ [André Malo]
-+
-+Changes with Apache 2.0.45
-+
-+ *) Fix possible segfaults under obscure error conditions within the
-+ cgid daemon. [Jeff Trawick, William Rowe]
-+
-+ *) SECURITY [CAN-2003-0132]: Close a Denial of Service vulnerability
-+ identified by David Endler <DEndler iDefense.com> on all platforms.
-+ An unlimited stream of newlines were acceptable between requests
-+ where each <lf> would allocate an 80 byte buffer, leading very
-+ quickly to memory exahustion. [Brian Pane]
-+
-+ *) Added an rpm build script.
-+ [Graham Leggett, Joe Orton <jorton redhat.com>]
-+
-+ *) Simpler, faster code path for request header scanning [Brian Pane]
-+
-+ *) SECURITY: Eliminated leaks of several file descriptors to child
-+ processes, such as CGI scripts. This fix depends on the APR library
-+ release 0.9.2 or later (0.9.3 was distributed with the httpd
-+ source tarball for Apache 2.0.45.) PR 17206
-+ [Christian Kratzer <ck cksoft.de>, Bjoern A. Zeeb <bz zabbadoz.net>]
-+
-+ *) Fix path handling of mod_rewrite, especially on non-unix systems.
-+ There was some confusion between local paths and URL paths.
-+ PR 12902. [André Malo]
-+
-+ *) Prevent endless loops of internal redirects in mod_rewrite by
-+ aborting after exceeding a limit of internal redirects. The
-+ limit defaults to 10 and can be changed using the RewriteOptions
-+ directive. PR 17462. [André Malo]
-+
-+ *) Win32: Avoid busy wait (consuming all the CPU idle cycles) when
-+ all worker threads are busy.
-+ [Igor Nazarenko <igor_nazarenko hotmail.com>]
-+
-+ *) Keep the subrequest filter in place when a subrequest is
-+ redirected. PR 15423. [Jeff Trawick]
-+
-+ *) you can now specify the compression level for mod_deflate.
-+ [Ian Holsman, Stephen Pierzchala <stephen pierzchala.com>,
-+ Michael Schroepl <Michael.Schroepl telekurs.de>]
-+
-+ *) mod_deflate: Extend the DeflateFilterNote directive to
-+ allow accurate logging of the filter's in- and outstream.
-+ [André Malo]
-+
-+ *) Allow SSLMutex to select/use the full range of APR locking
-+ mechanisms available to it. Also, fix the bug that SSLMutex uses
-+ APR_LOCK_DEFAULT no matter what. PR 8122 [Jim Jagielski,
-+ Martin Kutschker <martin.t.kutschker blackbox.net>]
-+
-+ *) Restore the ability of htdigest.exe to create files that contain
-+ more than one user. PR 12910. [André Malo]
-+
-+ *) Improve binary compatibility of the core between debug (aka
-+ maintainer-mode) and a non-debug compile.
-+ [Sander Striker]
-+
-+ *) mod_usertrack: don't set the cookie in subrequests. This works
-+ around the problem that cookies were set twice during fast internal
-+ redirects. PR 13211. [André Malo]
-+
-+ *) mod_autoindex no longer forgets output format and enabled version
-+ sort in linked column headers. [André Malo]
-+
-+ *) Use .sv instead of .se as extension for Swedish documents in the
-+ default configuration. PR 12877. [André Malo]
-+
-+ *) Updated mod_ldap and mod_auth_ldap to support the Novell LDAP SDK SSL
-+ and standardized the LDAP SSL support across the various LDAP SDKs.
-+ Isolated the SSL functionality to mod_ldap rather than speading it
-+ across mod_auth_ldap and mod_ldap. Also added LDAPTrustedCA
-+ and LDAPTrustedCAType directives to mod_ldap to allow for a more
-+ common method of specifying the SSL certificate.
-+ [Dave Ward, Brad Nicholes]
-+
-+ *) Fixed mod_ssl's SSLCertificateChain initialization to no longer
-+ skip the first cert of the chain by default. This misbehavior
-+ was introduced in 2.0.34. PR 14560 [Madhusudan Mathihalli]
-+
-+ *) mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot
-+ be started on Unix because of such problems as bad permissions,
-+ bad shebang line, etc. [Jeff Trawick]
-+
-+ *) Fix 64-bit problem in mod_ssl input logic.
-+ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
-+
-+ *) Fix potential memory leaks in mod_deflate on malformed data. PR 16046.
-+ [Justin Erenkrantz]
-+
-+ *) Rewrite ap_xml_parse_input to use bucket brigades. PR 16134.
-+ [Justin Erenkrantz]
-+
-+ *) Fix segfault which occurred when a section in an included
-+ configuration file was not closed. PR 17093. [André Malo]
-+
-+ *) Enhance the behavior of mod_isapi's WriteClient() callback to
-+ provide better emulation for isapi modules that presume that the
-+ first WriteClient() call may send status and headers. An example
-+ of WriteClient() abuse is the foxisapi module, which relies on
-+ that assumpion and now works. [William Rowe, Milan Kosina]
-+
-+ *) Check the return value of ap_run_pre_connection(). So if the
-+ pre_connection phase fails (without setting c->aborted)
-+ ap_run_process_connection is not executed. [Stas Bekman]
-+
-+ *) Fixed a problem with mod_ldap which caused it to fault when caching
-+ was disabled. Needed to make sure that the code did not
-+ attempt to use the cache if it didn't exist. Also fixed some memory
-+ leaks which were due to not releasing LDAP resources on error
-+ conditions. [Brad Nicholes]
-+
-+ *) Hook mod_proxy's fixup before mod_rewrite's fixup, so that by
-+ mod_rewrite proxied URLs will not be escaped accidentally by
-+ mod_proxy's fixup. PR 16368 [André Malo]
-+
-+ *) While processing filters on internal redirects, remember seen EOS
-+ buckets also in the request structure of the redirect issuer(s). This
-+ prevents filters (such as mod_deflate) from adding garbage to the
-+ response. PR 14451. [André Malo]
-+
-+ *) suexec: Be more pedantic when cleaning environment. Clean it
-+ immediately after startup. PR 2790, 10449.
-+ [Jeff Stewart <jws purdue.edu>, André Malo]
-+
-+ *) Fix apxs to insert LoadModule directives only outside of sections.
-+ PR 8712, 9012. [André Malo]
-+
-+ *) Fix suexec compile error under SUNOS4, where strerror() doesn't
-+ exist. PR 5913, 9977.
-+ [Jonathan W Miner <Jonathan.W.Miner lmco.com>]
-+
-+ *) Fix If header parsing when a non-mod_dav lock token is passed to it.
-+ PR 16452. [Justin Erenkrantz]
-+
-+ *) mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
-+ not specified. Now it assumes "/" as already documented. PR 16937.
-+ [André Malo]
-+
-+ *) Try to log an error if a piped log program fails. Try to
-+ restart a piped log program in more failure situations. Fix an
-+ existing problem with error handling in piped_log_spawn(). Use
-+ new APR apr_proc_create() features to prevent Apache from starting
-+ on Unix* in most cases where a piped log program can be started,
-+ and add log messages for the other situations. *Other platforms
-+ already failed Apache initialization if a piped log program
-+ couldn't be started. PR 15761 [Jeff Trawick]
-+
-+ *) Fix mod_cern_meta to not create empty metafiles when the
-+ metafile searched for does not exist. PR 12353
-+ [Owen Rees <owen_rees hp.com>]
-+
-+ *) Introduce debugging symbols for Win32 release builds, both .pdb
-+ and .dbg files (older debuggers and Dr. Watson-type utilities
-+ on WinNT or Win9x don't support the newer .pdb flavor.)
-+ [Allen Edwards, William Rowe]
-+
-+ *) Fix bug where 'Satisfy Any' without an AuthType lost all MIME
-+ information (and more). Related to PR 9076. [André Malo]
-+
-+ *) mod_file_cache: fix segfault serving mmaped cached files.
-+ [Bill Stoddard]
-+
-+ *) mod_file_cache: fixed a segfault when multiple MMapFile directives
-+ were used. PR 16313. [Cliff Woolley]
-+
-+ *) Fix a nasty segfault in mmap_bucket_setaside() caused by passing
-+ an incompatible pointer type to mmap_bucket_destroy(void*).
-+ [Gerard Eviston <geviston bigpond.net.au>]
-+
-+ *) Enable the -n name parameter on NetWare to allow the
-+ administrator to rename the Apache console screen
-+ [Brad Nicholes]
-+
-+ *) Fixed piped access logs on Win32 by disabling OTHER_CHILD
-+ support by default in APR. More development is required
-+ to deploy OTHER_CHILD on Win32. [William Rowe]
-+
-+ *) Use saner default config values for suexec. PR 15713.
-+ [Thom May <thom planetarytramp.net>]
-+
-+ *) mod_rewrite: Allow "RewriteEngine Off" even if no "Options FollowSymlinks"
-+ (or SymlinksIfOwnermatch) is set. PR 12395. [André Malo]
-+
-+ *) apxs: Include any special APR ld flags when linking the DSO.
-+ This resolves problems on AIX when building a DSO with apxs+gcc.
-+ [Jeff Trawick]
-+
-+ *) Added character set support to mod_auth_LDAP to allow it to
-+ convert extended characters used in the user ID to UTF-8
-+ before authenticating against the LDAP directory. The new
-+ directive AuthLDAPCharsetConfig is used to specify the config
-+ file that contains the character set conversion table.
-+ [Brad Nicholes]
-+
-+ *) Don't remove the Content-Length from responses in mod_proxy
-+ PR: 8677 [Brian Pane]
-+
-+ *) Ensure LDAP version is set to v3 on every bind. PR 14235.
-+ [Sergey A. Lipnevich <sergeyli pisem.net>]
-+
-+ *) Fix mod_ldap to open an existing shared memory file should one
-+ already exist. PR 12757. [Scooter Morris <scooter gene.com>,
-+ Graham Leggett]
-+
-+ *) Fix the ulimit command used by apachectl on Tru64. PR 13609.
-+ [Joseph Senulis <Joseph.Senulis dnr.state.wi.us>, Jeff Trawick]
-+
-+ *) Change the ulimit command used by apachectl on AIX so that it
-+ works in all locales. [Jeff Trawick]
-+
-+ *) mod_ext_filter: Fix a problem building argument lists which
-+ occasionally caused exec to fail. PR 15491. [Jeff Trawick]
-+
-+Changes with Apache 2.0.44
-+
-+ *) mod_autoindex: Bring forward the IndexOptions IgnoreCase option
-+ from Apache 1.3. PR 14276
-+ [David Shane Holden <dpejesh yahoo.com>, William Rowe]
-+
-+ *) mod_mime: Workaround to prevent a segfault if r->filename=NULL
-+ [Brian Pane]
-+
-+ *) Reorder the definitions for mod_ldap and mod_auth_ldap within
-+ config.m4 to make sure the parent mod_ldap is defined first.
-+ This ensures that mod_ldap comes before mod_auth_ldap in the
-+ httpd.conf file, which is necessary for mod_auth_ldap to load.
-+ PR 14256 [Graham Leggett]
-+
-+ *) Fix the building of cgi command lines when the query string
-+ contains '='. PR 13914 [Ville Skyttä <ville.skytta iki.fi>,
-+ Jeff Trawick]
-+
-+ *) Rename CacheMaxStreamingBuffer to MCacheMaxStreamingBuffer. Move
-+ implementation of MCacheMaxStreamingBuffer from mod_cache to
-+ mod_mem_cache. MCacheMaxStreamingBuffer now defaults to the
-+ lesser of 100,000 bytes or MCacheMaxCacheObjectSize. This should
-+ eliminate the need for explicitly coding MCacheMaxStreamingBuffer
-+ in most configurations. [Bill Stoddard]
-+
-+ *) mod_cache: Fix PR 15113, a core dump in cache_in_filter when
-+ a redirect occurs. The code was passing a format string and
-+ integer to apr_pstrcat. Changed to apr_psprintf.
-+ [Paul J. Reder]
-+
-+ *) Replace APU_HAS_LDAPSSL_CLIENT_INIT with APU_HAS_LDAP_NETSCAPE_SSL
-+ as set by apr-util in util_ldap.c. This should allow mod_ldap
-+ to work with the Netscape/Mozilla LDAP library. [Øyvin Sømme
-+ <somme oslo.westerngeco.slb.com>, Graham Leggett]
-+
-+ *) Fix critical bug in new --enable-v4-mapped configure option
-+ implementation which broke IPv4 listening sockets on some
-+ systems. [hiroyuki hanai <hanai imgsrc.co.jp>]
-+
-+ *) mod_setenvif: Fix BrowserMatchNoCase support for non-regex
-+ patterns [André Malo <nd perlig.de>]
-+
-+ *) Add version string to provider API. [Justin Erenkrantz]
-+
-+ *) build: './configure && make' now works without an in-tree
-+ apr and apr-util. [Wilfredo Sanchez]
-+
-+ *) mod_negotiation: Set the appropriate mime response headers
-+ (Content-Type, charset, Content-Language and Content-Encoding)
-+ for negotated type-map "Body:" responses (such as the error
-+ pages.) [André Malo <nd perlig.de>]
-+
-+ *) mod_log_config: Allow '%%' escaping in CustomLog format
-+ strings to insert a literal, single '%'.
-+ [André Malo <nd perlig.de>]
-+
-+ *) mod_autoindex: AddDescription directives for directories
-+ now work as in Apache 1.3, where no trailing '/' is
-+ specified on the directory name. Previously, the trailing
-+ '/' *had* to be specified, which was incompatible with
-+ Apache 1.3. PR 7990 [Jeff Trawick]
-+
-+ *) Fix for PR 14556. The expiry calculations in mod_cache were
-+ trying to perform "now + ((date - lastmod) * factor)" where
-+ date == lastmod resulting in "now + 0". The code now follows
-+ the else path (using the default expiration) if date is
-+ equal to lastmod. [Sergey <rx armstrike.com>, Paul J. Reder]
-+
-+ *) Use AP_DECLARE in the debug versions of ap_strXXX in case the
-+ default calling convention is not the same as the one used by
-+ AP_DECLARE. [Juan Rivera <Juan.Rivera citrix.com>]
-+
-+ *) mod_cache: Don't cache response header fields designated
-+ as hop-by-hop headers in HTTP/1.1 (RFC 2616 Section 13.5.1).
-+ [Estrade Matthieu <estrade-m ifrance.com>, Brian Pane]
-+
-+ *) mod_cgid: Handle environment variables containing newlines.
-+ PR 14550 [Piotr Czejkowski <apache czarny.eu.org>, Jeff
-+ Trawick]
-+
-+ *) Move mod_ext_filter out of experimental and into filters.
-+ [Jeff Trawick]
-+
-+ *) Fixed a memory leak in mod_deflate with dynamic content.
-+ PR 14321 [Ken Franken <kfranken decisionmark.com>]
-+
-+ *) Add --[enable|disable]-v4-mapped configure option to control
-+ whether or not Apache expects to handle IPv4 connections
-+ on IPv6 listening sockets. Either setting will work on
-+ systems with the IPV6_V6ONLY socket option. --enable-v4-mapped
-+ must be used on systems that always allow IPv4 connections on
-+ IPv6 listening sockets. PR 14037 (Bugzilla), PR 7492 (Gnats)
-+ [Jeff Trawick]
-+
-+ *) This fixes a problem where the underlying cache code
-+ indicated that there was one more element on the cache
-+ than there actually was. This happened since element 0
-+ exists but is not used. This code allocates the correct
-+ number of useable elements and reports the number of
-+ actually used elements. The previous code only allowed
-+ MCacheMaxObjectCount-1 objects to be stored in the
-+ cache. [Paul J. Reder]
-+
-+ *) mod_setenvif: Add SERVER_ADDR special keyword to allow
-+ envariable setting according to the server IP address
-+ which received the request. [Ken Coar]
-+
-+ *) mod_cgid: Terminate CGI scripts when the client connection
-+ drops. PR 8388 [Jeff Trawick]
-+
-+ *) Rearrange OpenSSL engine initialization to support RAND
-+ redirection on crypto accelerator.
-+ [Frederic DONNAT <frederic.donnat zencod.com>]
-+
-+ *) Always emit Vary header if mod_deflate is involved in the
-+ request. [Andre Malo <nd perlig.de>]
-+
-+ *) mod_isapi: Stop unsetting the 'empty' query string result with
-+ a NULL argument in ecb->lpszQueryString, eliminating segfaults
-+ for some ISAPI modules. PR 14399
-+ [Detlev Vendt <detlev.vendt brillit.de>]
-+
-+ *) mod_isapi: Fix an issue where the HSE_REQ_DONE_WITH_SESSION
-+ notification is received before the HttpExtensionProc() returns
-+ HSE_STATUS_PENDING. This only affected isapi .dll's configured
-+ with the ISAPIFakeAsync on directive. PR 11918
-+ [John DeSetto <jdesetto radiantsystems.com>, William Rowe]
-+
-+ *) mod_isapi: Fix the issue where all results from mod_isapi would
-+ run through the core die handler resulting in invalid responses
-+ or access log entries. PR 10216 [William Rowe]
-+
-+ *) Improves the user friendliness of the CacheRoot processing
-+ over my last pass. This version avoids the pool allocations
-+ but doesn't avoid all of the runtime checks. It no longer
-+ terminates during post-config processing. An error is logged
-+ once per worker, indicating that the CacheRoot needs to be set.
-+ [Paul J. Reder]
-+
-+ *) Fix a bug where we keep files open until the end of a
-+ keepalive connection, which can result in:
-+ (24)Too many open files: file permissions deny server access
-+ especially on threaded servers. [Greg Ames, Jeff Trawick]
-+
-+ *) Fix a bug in which mod_proxy sent an invalid Content-Length
-+ when a proxied URL was invoked as a server-side include within
-+ a page generated in response to a form POST. [Brian Pane]
-+
-+ *) Added code to process min and max file size directives and to
-+ init the expirychk flag in mod_disk_cache. Added a clarifying
-+ comment to cache_util. [Paul J. Reder]
-+
-+ *) The value emitted by ServerSignature now mimics the Server HTTP
-+ header as controlled by ServerTokens. [Francis Daly <deva daoine.org>]
-+
-+ *) Gracefully handly retry situations in the SSL input filter,
-+ by following the SSL libraries' retry semantics.
-+ [William Rowe]
-+
-+ *) Terminate CGI scripts when the client connection drops. This
-+ fix only applies to some normal paths in mod_cgi. mod_cgid
-+ is still busted. PR 8388 [Jeff Trawick]
-+
-+ *) Fix a bug where 416 "Range not satisfiable" was being
-+ returned for content that should have been redirected.
-+ [Greg Ames]
-+
-+ *) Fix memory leak in mod_ssl from internal SSL library allocations
-+ within SSL_get_peer_certificate and X509_get_pubkey.
-+ [Zvi Har'El <rl math.technion.ac.il>
-+ Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
-+
-+ *) mod_ssl uses free() inappropriately in several places, to free
-+ memory which has been previously allocated inside OpenSSL.
-+ Such memory should be freed with OPENSSL_free(), not with free().
-+ [Nadav Har'El <nyh math.technion.ac.il>,
-+ Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
-+
-+ *) Emit a message to the error log when we return 404 because
-+ the URI contained '%2f'. (This was previously nastily silent
-+ and difficult to debug.) [Ken Coar]
-+
-+ *) Fix streaming output from an nph- CGI script. CGI:IRC now
-+ works. PR 8482 [Jeff Trawick]
-+
-+ *) More accurate logging of bytes sent in mod_logio when
-+ the client terminates the connection before the response
-+ is completely sent [Bojan Smojver <bojan rexursive.com>]
-+
-+ *) Fix some problems in the perchild MPM.
-+ [Jonas Eriksson <jonas webkonsulterna.com>]
-+
-+ *) Change the CacheRoot processing to check for a required
-+ value at config time. This saves a lot of wasted processing
-+ if the mod_disk_cache module is loaded but no CacheRoot
-+ was provided. This fix also adds code to log an error
-+ and avoid useless pallocs and procesing when the computed
-+ cache file name cannot be opened. This also updates the
-+ docs accordingly. [Paul J. Reder]
-+
-+ *) Introduce the EnableSendfile directive, allowing users of NFS
-+ shares to disable sendfile mechanics when they either fail
-+ outright or provide intermitantly corrupted data. PR
-+ [William Rowe]
-+
-+ *) Resolve the error "An operation was attempted on something
-+ that is not a socket. : winnt_accept: AcceptEx failed.
-+ Attempting to recover." for users of various firewall and
-+ anti-virus software on Windows. PR 8325 [William Rowe]
-+
-+ *) Add the ProxyBadHeader directive, which gives the admin some
-+ control on how mod_proxy should handle bogus HTTP headers from
-+ proxied servers. This allows 2.0 to "emulate" 1.3's behavior if
-+ desired. [Jim Jagielski]
-+
-+ *) Change the LDAP modules to export their symbols correctly
-+ during a Windows build. Add dsp files for Windows. Update
-+ README.ldap file for Windows build instructions.
-+ [Andre Schild <A.Schild aarboard.ch>]
-+
-+ *) Performance improvements for the code that generates HTTP
-+ response headers [Brian Pane]
-+
-+ *) Add -S as a synonym for -t -DDUMP_VHOSTS.
-+ [Thom May <thom planetarytramp.net>]
-+
-+ *) Fix a bug with dbm rewrite maps which caused the wrong value to
-+ be used when the key was not found in the dbm. PR 13204
-+ [Jeff Trawick]
-+
-+ *) Fix a problem with streaming script output and mod_cgid.
-+ [Jeff Trawick]
-+
-+ *) Add ap_register_provider/ap_lookup_provider API.
-+ [John K. Sterling <john sterls.com>, Justin Erenkrantz]
-+
-+Changes with Apache 2.0.43
-+
-+ *) SECURITY [CAN-2002-0840]: HTML-escape the address produced by
-+ ap_server_signature() against this cross-site scripting
-+ vulnerability exposed by the directive 'UseCanonicalName Off'.
-+ Also HTML-escape the SERVER_NAME environment variable for CGI
-+ and SSI requests. It's safe to escape as only the '<', '>',
-+ and '&' characters are affected, which won't appear in a valid
-+ hostname. Reported by Matthew Murphy <mattmurphy kc.rr.com>.
-+ [Brian Pane]
-+
-+ *) Fix a core dump in mod_cache when it attemtped to store uncopyable
-+ buckets. This happened, for instance, when a file to be cached
-+ contained SSI tags to execute a CGI script (passed as a pipe
-+ bucket). [Paul J. Reder]
-+
-+ *) Ensure that output already available is flushed to the network
-+ when the content-length filter realizes that no new output will
-+ be available for a while. This helps some streaming CGIs as
-+ well as some other dynamically-generated content. [Jeff Trawick]
-+
-+ *) Fix a mutex problem in mod_ssl session cache support which
-+ could lead to an infinite loop. PR 12705
-+ [Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]
-+
-+ *) SECURITY [CAN-2002-1156] (cve.mitre.org):
-+ Fix the exposure of CGI source when a POST request is sent to
-+ a location where both DAV and CGI are enabled. [Ryan Bloom]
-+
-+ *) Allow the UserDir directive to accept a list of directories.
-+ This matches what Apache 1.3 does. Also add documentation for
-+ this feature. [Jay Ball <jay veggiespam.com>]
-+
-+ *) New Module: mod_logio. adds the ability to log bytes sent and
-+ received. [Bojan Smojver <bojan rexursive.com>]
-+
-+ *) SuExec needs to use the same default directory as the rest of
-+ server, namely /usr/local/apache2.
-+ [SangBeom han <sbhan os.korea.ac.kr>]
-+
-+ *) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN.
-+ [Thomas Bennett <thomas.bennett eds.com>, Graham Leggett]
-+
-+ *) Make sure the contents of the WWW-Authenticate header is
-+ passed on a 4xx error by proxy. Previously all headers
-+ were dropped, resulting in the browser being unable to
-+ authenticate. [Dr Richard Reiner <rreiner fscinternet.com>,
-+ Richard Danielli <rdanielli fscinternet.com>, Graham Wiseman
-+ <gwiseman fscinternet.com>, David Henderson
-+ <dhenderson fscinternet.com>]
-+
-+ *) Make mod_cache's CacheMaxStreamingBuffer directive work
-+ properly for virtual hosts that override server-wide mod_cache
-+ setttings. [Matthieu Estrade <estrade-m ifrance.com>]
-+
-+ *) Add -p option to apxs to allow programs to be compiled with apxs.
-+ [Justin Erenkrantz]
-+
-+Changes with Apache 2.0.42
-+
-+ *) mod_dav: Check for versioning hooks before using them.
-+ [Greg Stein]
-+
-+Changes with Apache 2.0.41
-+
-+ *) The protocol version (eg: HTTP/1.1) in the request line parsing
-+ is now case insensitive. [Jim Jagielski]
-+
-+ *) Allow AddOutputFilterByType to add multiple filters per directive.
-+ [Justin Erenkrantz]
-+
-+ *) Remove warnings with Sun's Forte compiler. [Justin Erenkrantz]
-+
-+ *) Fixed mod_disk_cache's generation of 304s
-+ [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
-+
-+ *) Add support for using fnmatch patterns in the final path
-+ segment of an Include statement (eg.. include /foo/bar/*.conf).
-+ and remove the noise on stderr during config dir processing.
-+ [Joe Orton <jorton redhat.com>]
-+
-+ *) mod_cache: cache_storage.c. Add the hostname and any request
-+ args to the key generated for caching. This provides a unique
-+ key for each virtual host and for each request with unique
-+ args. [Paul J. Reder, args code provided by Kris Verbeeck]
-+
-+ *) mod_cache: Do not cache responses to GET requests with query
-+ URLs if the origin server does not explicitly provide an
-+ Expires header on the response (RFC 2616 Section 13.9)
-+ [Kris Verbeeck <krisv be.ubizen.com>]
-+
-+ *) Fix memory leak in core_output_filter. [Justin Erenkrantz]
-+
-+ *) Update OpenSSL detection to work on Darwin.
-+ [Sander Temme <sctemme covalent.net>]
-+
-+ *) Update the xslt and css to give the documentation a more
-+ modern style.
-+ [André Malo <nd perlig.de>, Gernot Winkler <greh o3media.de>]
-+
-+ *) Fix some bucket memory leaks in the chunking code
-+ [Joe Schaefer <joe+apache sunstarsys.com>]
-+
-+ *) Add ModMimeUsePathInfo directive. [Justin Erenkrantz]
-+
-+ *) mod_cache: added support for caching streamed responses (proxy,
-+ CGI, etc) with optional CacheMaxStreamingBuffer setting [Brian Pane]
-+
-+ *) Add image/x-icon to httpd.conf PR 10993.
-+ [Ian Holsman, Peter Bieringer <pb bieringer.de>]
-+
-+ *) Fix FileETags none operation. PR 12207.
-+ [Justin Erenkrantz, Andrew Ho <andrew tellme.com>]
-+
-+ *) Restored the experimental leader/followers MPM to working
-+ condition and converted its thread synchronization from
-+ mutexes to atomic CAS. [Brian Pane]
-+
-+ *) Fix Logic on non-html file removal in mod_deflate
-+ [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
-+
-+ *) Fix "ab -g"'s truncated year: the last digit was cut off.
-+ [Leon Brocard <acme astray.com>]
-+
-+ *) mod_rewrite can now sets cookies in err_headers, uses the correct
-+ expiry date, and can now set the path as well
-+ PR 12132,12181,12172.
-+ [Ian Holsman / Rob Cromwell <apachechangelog robcromwell.com>]
-+
-+ *) The content-length filter no longer tries to buffer up
-+ the entire output of a long-running request before sending
-+ anything to the client. [Brian Pane]
-+
-+ *) Win32: Lower the default stack size from 1MB to 256K. This will
-+ allow around 8000 threads to be started per child process.
-+ 'EDITBIN /STACK:size apache.exe' can be used to change this
-+ value directly in the apache.exe executable.
-+ [Bill Stoddard]
-+
-+ *) Win32: Implement ThreadLimit directive in the Windows MPM.
-+ [Bill Stoddard]
-+
-+ *) Remove CacheOn config directive since it is set but never checked.
-+ No sense wasting cycles on unused code. Besides, the only truly
-+ bug free code is deleted code. :) [Paul J. Reder]
-+
-+ *) BufferLogs are now run-time enabled, and the log_config now has 2 new
-+ callbacks to allow a 3rd party module to actually do the writing of the
-+ log file [Ian Holsman]
-+
-+ *) Correct ISAPIReadAheadBuffer to default to 49152, per mod_isapi docs.
-+ [André Malo, Astrid Keßler <kess kess-net.de>]
-+
-+ *) Fix Segfault in mod_cache. [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
-+
-+ *) Fix a null pointer dereference in the merge_env_dir_configs
-+ function of the mod_env module. PR 11791
-+ [Paul J. Reder]
-+
-+ *) New option to ServerTokens 'maj[or]'. Only show the major version
-+ Also Surfaced this directive in the standard config (default FULL)
-+ [Ian Holsman]
-+
-+ *) Change mod_rewrite to use apr-util's dbm support for dbm rewrite
-+ maps. The dbm type (e.g., ndbm, gdbm) can be specified on the
-+ RewriteMap directive. PR 10644 [Jeff Trawick]
-+
-+ *) Fixed mod_rewrite's RewriteMap prg: support so that request/response
-+ pairs will no longer get out of sync with each other. PR 9534
-+ [Cliff Woolley]
-+
-+ *) Fixes required to get quoted and escaped command args working in
-+ mod_ext_filter. PR 11793 [Paul J. Reder]
-+
-+ *) mod-proxy: handle proxied responses with no status lines
-+ [JD Silvester <jsilves uwo.ca>, Brett Huttley <brett huttley.net>]
-+
-+ *) Fix bug where environment or command line arguments containing
-+ non-ASCII-7 characters would cause the Win32 child process creation
-+ to fail. PR 11854 [William Rowe]
-+
-+ *) Bug #11213.. make module loading error messages more informative
-+ [Ian Darwin <Ian779 darwinsys.com>]
-+
-+ *) thread safety & proxy-ftp [Alexey Panchenko <alexey liwest.ru>, Ian Holsman]
-+
-+ *) mod_disk_cache works much better. This module should still
-+ be considered experimental. [Eric Prud'hommeaux]
-+
-+ *) Performance improvement for keepalive requests: when setting
-+ aside a small file for potential concatenation with the next
-+ response on the connection, set aside the file descriptor rather
-+ than copying the file into the heap. [Brian Pane]
-+
-+ *) Modified version check on openssl so that it finds the executable
-+ first and then performs a check of the version, only warning the
-+ user if they chose, or we selected, an old version of OpenSSL.
-+ This change also allows the code to work for non-openssl libraries
-+ selected via the --with-ssl=dir option, which can override the
-+ automated library check in any case. [Roy Fielding]
-+
-+Changes with Apache 2.0.40
-+
-+ *) SECURITY [CAN-2002-0661] (cve.mitre.org):
-+ Close a very significant security hole that
-+ applies only to the Win32, OS2 and Netware platforms. Unix was not
-+ affected, Cygwin may be affected. Certain URIs will bypass security
-+ and allow users to invoke or access any file depending on the system
-+ configuration. Without upgrading, a single .conf change will close
-+ the vulnerability. Add the following directive in the global server
-+ httpd.conf context before any other Alias or Redirect directives;
-+ RedirectMatch 400 "\\\.\."
-+ Reported by Auriemma Luigi <bugtest sitoverde.com>.
-+ [Brad Nicholes]
-+
-+ *) SECURITY [CAN-2002-0654] (cve.mitre.org):
-+ Close a path-revealing exposure in multiview type
-+ map negotiation (such as the default error documents) where the
-+ module would report the full path of the typemapped .var file when
-+ multiple documents or no documents could be served based on the mime
-+ negotiation. Reported by Auriemma Luigi <bugtest sitoverde.com>.
-+ [William Rowe]
-+
-+ *) SECURITY [CAN-2002-0654] (cve.mitre.org):
-+ Close a path-revealing exposure in cgi/cgid when we
-+ fail to invoke a script. The modules would report "couldn't create
-+ child process /path-to-script/script.pl" revealing the full path
-+ of the script. Reported by Jim Race <jrace qualys.com>.
-+ [Bill Stoddard]
-+
-+ *) Set aside the apr-iconv and apr_xlate() features for the Win32
-+ build of 2.0.40 so development can be completed. A patch, from
-+ <http://www.apache.org/dist/httpd/patches/apply_to_2.0.40/>
-+ will be available for those that wish to work with apr-iconv.
-+ [William Rowe]
-+
-+ *) Fix proxy so that it is possible to access ftp: URLs via a proxy
-+ chain. [Peter Van Biesen <peter.vanbiesen vlafo.be>]
-+
-+ *) mod-deflate now checks to make sure that 'gzip-only-text/html' is
-+ set to 1, so we can exclude things from the general case with
-+ browsermatch. [Ian Holsman, Andre Schild <A.Schild aarboard.ch>]
-+
-+ *) Accept multiple leading /'s for requests within the DocumentRoot.
-+ PR 10946 [William Rowe, David Shane Holden <dpejesh yahoo.com>]
-+
-+ *) Solved the reports of .pdf byterange failures on Win32 alone.
-+ APR's sendfile for the win32 platform collapses header and trailer
-+ buffers into a single buffer. However, we destroyed the pointers
-+ to the header buffer if a trailer buffer was present. PR 10781
-+ [William Rowe]
-+
-+ *) mod_ext_filter: Add the ability to enable or disable a filter via
-+ an environment variable. Add the ability to register a filter of
-+ type other than AP_FTYPE_RESOURCE. [Jeff Trawick]
-+
-+ *) Restore the ability to specify host names on Listen directives.
-+ PR 11030. [Jeff Trawick, David Shane Holden <dpejesh yahoo.com>]
-+
-+ *) When deciding on the default address family for listening sockets,
-+ make sure we can actually bind to an AF_INET6 socket before
-+ deciding that we should default to AF_INET6. This fixes a startup
-+ problem on certain levels of OpenUNIX. PR 10235. [Jeff Trawick]
-+
-+ *) Replace usage of atol() to parse strings when we might want a
-+ larger-than-long value with apr_atoll(), which returns long long.
-+ This allows HTTPD to deal with larger files correctly.
-+ [Shantonu Sen <ssen apple.com>]
-+
-+ *) mod_ext_filter: Ignore any content-type parameters when checking if
-+ the response should be filtered. Previously, "intype=text/html"
-+ wouldn't match something like "text/html;charset=8859_1".
-+ [Jeff Trawick]
-+
-+ *) mod_ext_filter: Set up environment variables for external programs.
-+ [Craig Sebenik <craig netapp.com>]
-+
-+ *) Modified the HTTP_IN filter to immediately append the EOS (end of
-+ stream) bucket for C-L POST bodies, saving a roundtrip and allowing
-+ the caller to determine that no content remains without prefetching
-+ additional POST body. [William Rowe]
-+
-+ *) Get proxy ftp to work over IPv6. [Shoichi Sakane <sakane kame.net>]
-+
-+ *) Look for OpenSSL libraries in /usr/lib64. [Peter Poeml <poeml suse.de>]
-+
-+ *) Update SuSE layout. [Peter Poeml <poeml suse.de>]
-+
-+ *) Changes to the internationalized error documents:
-+ Comment them out in the default config file to make the default
-+ install as simple as possible; Correct the english 500 error to
-+ be more understandable; Add a Swedish translation.
-+ [Thomas Sjogren <thomas northernsecurity.net>,
-+ Erik Abele <erik codefaktor.de>, Rich Bowen, Joshua Slive]
-+
-+ *) Increase the limit on file descriptors per process in apachectl.
-+ [Brian Pane]
-+
-+ *) Fix a dependency error when building ApacheMonitor, so that Win32
-+ and MSVC now trust that the project is current (when it is).
-+ [James Cox <imajes php.net>]
-+
-+ *) mod_ext_filter: don't segfault if content-type is not set. PR 10617.
-+ [Arthur P. Smith <apsmith aps.org>, Jeff Trawick]
-+
-+ *) APR-Util Renames pending have been completed [Thom May]
-+
-+ *) Performance improvements for the code that reads request
-+ headers (ap_rgetline_core() and related functions) [Brian Pane]
-+
-+ *) Add a new directive: MaxMemFree. MaxMemFree makes it possible
-+ to configure the maximum amount of memory the allocators will
-+ hold on to for reuse. Anything over the MaxMemFree threshold
-+ will be free()d. This directive is useful when uncommon large
-+ peaks occur in memory usage. It should _not_ be used to mask
-+ defective modules' memory use. [Sander Striker]
-+
-+ *) Fixed the Content-Length filter so that HTTP/1.0 requests to CGI
-+ scripts would not result in a truncated response.
-+ [Ryan Bloom, Justin Erenkrantz, Cliff Woolley]
-+
-+ *) Add a filter_init parameter to the filter registration functions
-+ so that a filter can execute arbitrary code before the handlers
-+ are invoked. This resolves a problem where mod_include requests
-+ would incorrectly return a 304. [Justin Erenkrantz]
-+
-+ *) Fix a long-standing bug in 2.0, CGI scripts were being called
-+ with relative paths instead of absolute paths. Apache 1.3 used
-+ absolute paths for everything except for SuExec, this brings back
-+ that standard. [Ryan Bloom]
-+
-+ *) Fix infinite loop due to two HTTP_IN filters being present for
-+ internally redirected requests. PR 10146. [Justin Erenkrantz]
-+
-+ *) Switch conn_rec->keepalive to an enumeration rather than a bitfield.
-+ [Justin Erenkrantz]
-+
-+ *) Fix mod_ext_filter to look in the main server for filter definitions
-+ when running in a vhost if the filter definition is not found in
-+ the vhost. PR 10147 [Jeff Trawick]
-+
-+ *) Support WinNT CGI invocation through ScriptInterpreterSource
-+ 'registry' for script interpreter paths and names with non-ascii
-+ characters in the executable filepath. [William Rowe]
-+
-+ *) Support the -w flag on to keep the Win32 console open on error.
-+ [William Rowe]
-+
-+ *) Normalize the hostname value in the request_rec to all-lowercase
-+ [Perry Harrington <pedward webcom.com>]
-+
-+ *) Fix WinNT cgi 500 errors when QUERY_ARGS or other strings include
-+ extended characters (non US-ASCII) in non-utf8 format. This brings
-+ Win32 back into CGI/1.1 compliance, and leaves charset decoding up
-+ to the cgi application itself. [William Rowe]
-+
-+ *) Major overhaul of mod_dav, mod_dav_fs and the experimental/cache
-+ modules to bring them up to the current apr/apr-util APIs.
-+ [William Rowe]
-+
-+ *) Fix segfault in mod_mem_cache most frequently observed when
-+ serving the same file to multiple clients on an MP machine.
-+ [Bill Stoddard]
-+
-+ *) mod_rewrite can now set cookies (RewriteRule (.*) - [CO=name:$1:.domain])
-+ [Brian Degenhardt <bmd mp3.com>, Ian Holsman]
-+
-+ *) Fix perchild to work with apachectl by adding -k support to perchild.
-+ PR 10074 [Jeff Trawick]
-+
-+ *) Fix a silly htpasswd.c logic error that incorrectly reported that
-+ both -c and -n had been used. PR 9989 [Cliff Woolley]
-+
-+ *) Fixed a mod_include error case in which no HTTP response was sent
-+ to the client if an shtml document contained an unterminated SSI
-+ directive [Brian Pane]
-+
-+ *) Improve ap_get_client_block implementation by using APR-util brigade
-+ helper functions and relying on current filter assumptions.
-+ [Justin Erenkrantz]
-+
-+Changes with Apache 2.0.39
-+
-+ *) Fixed a build problem in htpasswd.c on Win32.
-+ [Guenter Knauf <eflash gmx.net>, Cliff Woolley]
-+
-+Changes with Apache 2.0.38
-+
-+ *) Rewrite htpasswd to use APR. The removes the annoying warning about
-+ tmpnam being unsafe. [Ryan Bloom]
-+
-+ *) We must set the MIME-type for .shtml files to text/html if we want them
-+ to be parsed for SSI tags. Add the config for that to the default
-+ config file so that it is easier to enable .shtml parsing.
-+ [Dave Dyer <ddyer real-me.net>]
-+
-+ *) Fixed a problem with 'make install' on ReliantUnix.
-+ [Jean-frederic Clere <jfrederic.clere fujitsu-siemens.com>]
-+
-+ *) Make the default_handler catch all requests that aren't served by
-+ another handler. This also gets us to return a 404 if a directory
-+ is requested, there is no DirectoryIndex, and mod_autoindex isn't
-+ loaded. [Justin Erenkrantz]
-+
-+ *) Fixed the handling of nested if-statements in shtml files.
-+ PR 9866 [Brian Pane]
-+
-+ *) Allow 'make install DESTDIR=/path'. This allows packagers to install
-+ into a directory different from the one that was configured. This
-+ also mirrors the root= feature from 1.3. We cannot use prefix=,
-+ because both APR and APR-util resolve their installation paths at
-+ configuration time. This means that there is no variable prefix
-+ to replace. [Andreas Hasenack <andreas netbank.com.br>]
-+
-+ *) AIX 4.3.2 and above: Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
-+ These levels of AIX don't have a thundering herd problem with
-+ accept(). [Jeff Trawick]
-+
-+ *) prefork MPM: Ignore mutex errors during graceful restart. For
-+ certain types of mutexes (particularly SysV semaphores), we
-+ should expect to occasionally fail to obtain or release the
-+ mutex during restart processing. [Jeff Trawick]
-+
-+ *) Fix install-bindist.sh so that it finds any perl instead of just
-+ early perl 5.x versions. This is consistent with a build/install
-+ from source, and it allows the perl scripts installed by a bindist
-+ to work on systems with perl 5.6. [Jeff Trawick]
-+
-+ *) Fix apxs so that the makefile created by "apxs -g" works on AIX and
-+ Tru64 (and probably some other platforms). [Jeff Trawick]
-+
-+ *) Allow CGI scripts to return their Content-Length. This also fixes a
-+ hang on HEAD requests seen on certain platforms (such as FreeBSD).
-+ [Justin Erenkrantz]
-+
-+ *) Added log rotation based on file size to the RotateLog support
-+ utility. [Brad Nicholes]
-+
-+ *) Fix some casting in mod_rewrite which broke random maps.
-+ PR 9770 [Allan Edwards, Greg Ames, Jeff Trawick]
-+
-+Changes with Apache 2.0.37
-+
-+ *) allow POST method over SSL when per-directory client cert
-+ authentication is used with 'SSLOptions +OptRenegotiate' enabled
-+ and a client cert was found in the ssl session cache.
-+
-+ *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl
-+ session cache when there is no cert chain in the cache. prior to
-+ the fix this situation would result in a FORBIDDEN response and
-+ error message "Cannot find peer certificate chain"
-+ [Doug MacEachern]
-+
-+ *) ap_finalize_sub_req_protocol() shouldn't send an EOS bucket if
-+ one was already sent. PR 9644 [Jeff Trawick]
-+
-+ *) Fix the display of the default name for the mime types config
-+ file. PR 9729 [Matthew Brecknell <mbrecknell orchestream.com>]
-+
-+ *) Fix the working directory *for WinNT/2K/XP services only* to
-+ change to the Apache directory (one level above the location
-+ of Apache.exe, in the case that Apache.exe resides in bin/.)
-+ Solves the case of ServerRoot /foo paths where /foo was not
-+ on the same drive as /winnt/system32. [William Rowe]
-+
-+ *) Make 2.0's "AcceptMutex" startup message now "completely"
-+ match how 1.3 does it. [Jim Jagielski]
-+
-+ *) Implement a fixed size memory cache using a priority queue
-+ [Ian Holsman]
-+
-+ *) Fix apxs to allow "apxs -q installbuilddir" and to allow
-+ querying certain other variables from config_vars.mk. PR 9316
-+ [Jeff Trawick]
-+
-+ *) Added the "detached" attribute to the cgi_exec_info_t internals
-+ so that Win32 and Netware won't create a new window or console
-+ for each CGI invoked. PR 8387
-+ [Brad Nicholes, William Rowe]
-+
-+ *) Consolidated the command line parameters and attributes that are
-+ manipulated by the optional function ap_cgi_build_command() in
-+ mod_cgi into a single structure.
-+ [Brad Nicholes]
-+
-+ *) Get rid of uninitialized value errors with "apxs -q" on certain
-+ variables. [Stas Bekman <stas stason.org>]
-+
-+ *) Fix apxs to allow it to work when the build directory is somewhere
-+ besides server-root/build. PR 8453
-+ [Jeff Trawick and a host of others]
-+
-+ *) Allow ap_discard_request_body to be called multiple times in the
-+ same request. Essentially, ap_http_filter keeps track of whether
-+ it has sent an EOS bucket up the stack, if so, it will only ever
-+ send an EOS bucket for this request.
-+ [Ryan Bloom, Justin Erenkrantz, Greg Stein]
-+
-+ *) Remove all special mod_ssl URIs. This also fixes the bug where
-+ redirecting (.*) will allow an SSL protected page to be viewed
-+ without SSL. [Ryan Bloom]
-+
-+ *) Fix the binary build install script so that the build logic
-+ created by "apxs -g" will work when the user has a binary
-+ build. [Jeff Trawick]
-+
-+ *) Allow instdso.sh to work with full paths to the shared module.
-+ [Justin Erenkrantz]
-+
-+ *) NetWare: Enabled CGI functionality and added mod_cgi as a built
-+ in module for NetWare [Brad Nicholes]
-+
-+ *) Changed cgi and piped log behavior to accept 65536 characters
-+ on Win32 (matching Linux) before deadlocking between outputing
-+ client stdin, slurping the output from stdout and then the stderr
-+ stream. PR 8179 [William Rowe]
-+
-+ *) Fixed Win32 wintty.exe support to assure the window title is valid.
-+ Elimiates possible gpfault or garbage title without the -t option.
-+ [William Rowe]
-+
-+ *) Rewrite mod_cgi, mod_cgid, and mod_proxy input handling to use
-+ brigades and input filters. [Justin Erenkrantz]
-+
-+ *) Allow ap_http_filter (HTTP_IN) to return EOS when there is no request
-+ body. [Justin Erenkrantz]
-+
-+ *) NetWare: Piping log entries through RotateLogs using the
-+ CustomLogs directive is finally supported now that we have
-+ the pipes and spawning functionality working.
-+ [Brad Nicholes]
-+
-+ *) SECURITY [CVE-2002-0392] (cve.mitre.org) [CERT VU#944335]:
-+ Detect overflow when reading the hex bytes forming a chunk line.
-+ [Aaron Bannert]
-+
-+ *) Allow RewriteMap prg:'s to take command-line arguments. PR 8464.
-+ [James Tait <JTait wyrddreams.demon.co.uk>]
-+
-+ *) Correctly return 413 when an invalid chunk size is given on
-+ input. Also modify ap_discard_request_body to not do anything
-+ on sub-requests or when the connection will be dropped.
-+ [Justin Erenkrantz]
-+
-+ *) Fix the TIME_* SSL var lookups to be threadsafe. PR 9469.
-+ [Cliff Woolley]
-+
-+ *) Ensure that apr_brigade_write() flushes in all of the cases that
-+ it should to avoid conditions in some modules that could cause
-+ large amounts of data to be buffered. [Cliff Woolley]
-+
-+ *) Fix problem where mod_cache/mod_disk_cache was incorrectly
-+ stripping the content_type from cached responses.
-+ [Bill Stoddard]
-+
-+ *) apachectl passes through any httpd options. Note: apachectl
-+ should be used in preference to httpd since it ensures that any
-+ appropriate environment variables have been set up.
-+ [Jeff Trawick]
-+
-+ *) Fix the combination of mod_cgid, mod_setuexec, and mod_userdir.
-+ PR 7810 [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
-+
-+ *) Fix suexec execution of CGI scripts from mod_include.
-+ PR 7791, 8291 [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
-+
-+ *) Fix segfaults at startup on some platforms when mod_auth_digest,
-+ mod_suexec, or mod_ssl were used as DSO's due to the way they
-+ were tracking the current init phase since DSO's get completely
-+ unloaded and reloaded between phases. PR 9413.
-+ [Tsuyoshi Sasamoto <nazonazo super.win.ne.jp>, Brad Nicholes]
-+
-+ *) Fix mod_include's handling of regular expressions in
-+ "<!--#if" directives [Julius Gawlas <julius_gawlas hp.com>]
-+
-+ *) Fix the worker MPM deadlock problem [Brian Pane]
-+
-+ *) Modify the module documentation to allow for translations.
-+ [Yoshiki Hayashi, Joshua Slive]
-+
-+ *) Fix a file permissions problem which prevented mod_disk_cache
-+ from working on Unix. [Jeff Trawick]
-+
-+ *) Add "-k start|restart|graceful|stop" support to httpd for the Unix
-+ MPMs. These have semantics very similar to the old apachectl
-+ commands of the same name. [Justin Erenkrantz, Jeff Trawick]
-+
-+ *) Make sure that the runtime dir is created by make install.
-+ PR 9233. [Jeff Trawick]
-+
-+ *) Fix an unusual set of ./configure arguments that could cause
-+ mod_http to be built as a DSO, which it currently doesn't
-+ support. PR 9244.
-+ [Cliff Woolley, Robin Johnson <robbat2 orbis-terrarum.net>]
-+
-+ *) Win32: Fix bug in apr_sendfile() that caused incorrect operation
-+ of the %X, %b and %B logformat options. PR 8253, 8996.
-+ [Bill Stoddard]
-+
-+ *) If content-encoding is already present, do not run deflate (PR 9222)
-+ [Kazuhisa ASADA <kaz asada.sytes.net>]
-+
-+ *) The APLOG_NOERRNO flag to ap_log_[r]error() is now deprecated.
-+ It is currently ignored and it will be removed in a future release
-+ of Apache. [Jeff Trawick]
-+
-+ *) Removed documentation references to the no-longer-supported
-+ "make certificate" feature of mod_ssl for Apache 1.3.x. Test
-+ certificates, if truly desired, can be generated using openssl
-+ commands. PR 8724. [Cliff Woolley]
-+
-+ *) Remove SSLLog and SSLLogLevel directives in favor of having
-+ mod_ssl use the standard ErrorLog directives. [Justin Erenkrantz]
-+
-+ *) OS/390: LIBPATH no longer has to be manually uncommented in
-+ envvars to get apachectl to set up httpd properly. [Jeff Trawick]
-+
-+ *) mod_isapi: All mod_isapi directives, excluding ISAPICacheFile,
-+ may now be specified to the <File/Directory > container, rather
-+ than by vhost. [William Rowe]
-+
-+ *) mod_isapi: Experimental support for faux async support for ISAPI
-+ modules. [William Rowe]
-+
-+ *) mod_isapi: Major refactoring of the code to rely on apr internals
-+ rather than MS APIs (using our own mod_isapi.h headers for ISAPI
-+ symbol definitions.) [William Rowe]
-+
-+ *) mod_isapi: Fixed the return string length from GetServerVariable
-+ callback, it was not including the trailing null in the consumed
-+ buffer size. This was particularly bad for Delphi 6.0 users.
-+ PR 8934 [Sebastian Hantsch <sebastian.hantsch gmx.de>]
-+
-+ *) Fixed Win32 builds for Microsoft VisualStudio 7.0 (.net).
-+ [William Rowe]
-+
-+ *) Make apxs look in the correct directory for envvars. It was
-+ broken when sbindir != bindir. PR 8869
-+ [Andreas Sundström <sunkan zappa.cx>]
-+
-+ *) Fix mod_deflate corruption when using multiple buckets. PR 9014.
-+ [Asada Kazuhisa <kaz asada.sytes.net>]
-+
-+ *) Performance enhancements for access logger when using
-+ default timestamp formatting [Brian Pane]
-+
-+ *) Added EnableMMAP config directive to enable the server
-+ administrator to disable memory-mapping of delivered files
-+ on a per-directory basis. [Brian Pane]
-+
-+ *) Performance enhancements for mod_setenvif [Brian Pane]
-+
-+ *) Fix a mod_ssl build problem on OS/390. [Jeff Trawick]
-+
-+ *) Fixed If-Modified-Since on Win32, which would give false positives
-+ because of the sub-second resolution of file timestamps on that
-+ platform. [Cliff Woolley]
-+
-+ *) Reverse the hook ordering for mod_userdir and mod_alias so
-+ that Alias/ScriptAlias will override Userdir. PR 8841
-+ [Joshua Slive]
-+
-+ *) Move mod_deflate out of experimental and into filters.
-+ [Justin Erenkrantz]
-+
-+ *) Get proxy CONNECT basically working. [Jeff Trawick]
-+
-+ *) Fix mod_rewrite hang when APR uses SysV Semaphores and
-+ RewriteLogLevel is set to anything other than 0. PR: 8143
-+ [Aaron Bannert, Cliff Woolley]
-+
-+ *) Fix byterange requests from returning 416 when using dynamic data
-+ (such as filters like mod_include). [Justin Erenkrantz]
-+
-+ *) Allow mod_rewrite's set of "int:" internal RewriteMap functions
-+ to be extended by third-party modules via an optional function.
-+ [Tahiry Ramanamampanoharana <nomentsoa hotmail.com>, Cliff Woolley]
-+
-+ *) Fix mod_include expression parser's handling of unquoted strings
-+ followed immediately by a closing paren. PR 8462. [Brian Pane]
-+
-+ *) Remove autom4te.cache in 'make distclean'.
-+ [Thom May <thom planetarytramp.net>]
-+
-+ *) Fix generated httpd.conf to respect layout for LoadModule lines.
-+ PR 8170. [Thom May <thom planetarytramp.net>]
-+
-+ *) Win32: During a graceful restart, threads in the new process
-+ were accessing scoreboard slots still in use by active threads in
-+ the old process. [Bill Stoddard]
-+
-+Changes with Apache 2.0.36
-+
-+ *) Fix some minor formatting issues with ab. Part of this is
-+ in reference to PR 8544, the rest I noticed while testing
-+ the PR fix. [Paul J. Reder]
-+
-+ *) Fix a case where an invalid pass phrase is entered and an
-+ error message is given, but the prompt is not shown again.
-+ This left the user in an ambiguous state. PR 8320 [Paul J. Reder]
-+
-+ *) Close sockets on worker MPM when doing a graceless restart.
-+ [Aaron Bannert]
-+
-+ *) Reverted a minor optimization in mod_ssl.c that used the vhost ID
-+ as the session id context rather that a MD5 hash of that vhost ID,
-+ because it caused very long vhost id's to be unusable with mod_ssl.
-+ PR 8572. [Cliff Woolley]
-+
-+ *) Fix the link to the description of the CoredumpDirectory
-+ directive in the server-wide document. PR 8643. [Jeff Trawick]
-+
-+ *) Fixed SHMCB session caching. [Aaron Bannert, Cliff Woolley]
-+
-+ *) Synced with remaining changes from mod_ssl 2.8.8-1.3.24:
-+ - Avoid SIGBUS on sparc machines with SHMCB session caches
-+ - Allow whitespace between the pipe and the name of the
-+ program in SSLLog "| /path/to/program". [Cliff Woolley]
-+
-+ *) Introduce mod_ext_filter and mod_deflate experimental modules
-+ to the Win32 build (zlib sources must be in srclib\zlib.)
-+ [William Rowe]
-+
-+ *) Changes to the worker MPM's queue management and thread
-+ synchronization code to reduce mutex contention [Brian Pane]
-+
-+ *) Don't install *.in configuration files since we already install
-+ *-std.conf files. [Aaron Bannert]
-+
-+ *) Many improvements to the threadpool MPM. [Aaron Bannert]
-+
-+ *) Fix subreqs that are promoted via fast_redirect from having invalid
-+ frec->r structures. This would cause subtle errors later on in
-+ request processing such as seen in PR 7966. [Justin Erenkrantz]
-+
-+ *) More efficient pool recycling logic for the worker MPM [Brian Pane]
-+
-+ *) Modify the worker MPM to not accept() new connections until
-+ there is an available worker thread. This prevents queued
-+ connections from starving for processing time while long-running
-+ connections were hogging all the available threads. [Aaron Bannert]
-+
-+ *) Convert the worker MPM's fdqueue from a LIFO back into a FIFO.
-+ [Aaron Bannert]
-+
-+ *) Get basic HTTP proxy working on EBCDIC machines. [Jeff Trawick]
-+
-+ *) Allow mod_unique_id to work on systems with no IPv4 address
-+ corresponding to their host name. [Jeff Trawick]
-+
-+ *) Fix suexec behavior with user directories. PR 7810.
-+ [Colm <colmmacc redbrick.dcu.ie>]
-+
-+ *) Reject a blank UserDir directive since it is ambiguous. PR 8472.
-+ [Justin Erenkrantz]
-+
-+ *) Make mod_mime use case-insensitive matching when examining
-+ extensions on all platforms. PR 8223. [Justin Erenkrantz]
-+
-+ *) Add an intelligent error message should no proxy submodules be
-+ valid to handle a request. PR 8407 [Graham Leggett]
-+
-+ *) Major improvements in concurrent processing for AB by enabling
-+ non-blocking connect()s and preventing APR from doing blocking
-+ read()s. Also implement fatal error checking for apr_recv().
-+ [Aaron Bannert]
-+
-+ *) Fix Win32 NTFS Junctions (symlinks). PR 8014 [William Rowe]
-+
-+ *) Fix Win32 'short name' aliases in httpd.conf directives.
-+ PR 8009 [William Rowe]
-+
-+ *) Fix generation of default httpd.conf when the layout paths are
-+ disjoint. PR 7979, 8227. [Justin Erenkrantz]
-+
-+ *) Swap downgrade-1.0 and force-response-1.0 conditional checks so
-+ that downgraded responses can have force-response. PR 8357.
-+ [Justin Erenkrantz]
-+
-+ *) Fix perchild MPM so that it can be configured with the move to the
-+ experimental directory. [Scott Lamb <slamb slamb.org>]
-+
-+ *) Fix perchild MPM so that it uses ap_gname2id for groups instead of
-+ ap_uname2id. [Scott Lamb <slamb slamb.org>]
-+
-+ *) Fix AcceptPathInfo. PR 8234 [Cliff Woolley]
-+
-+ *) SECURITY: Added the APLOG_TOCLIENT flag to ap_log_rerror() to
-+ explicitly tell the server that warning messages should be sent
-+ to the client in addition to being recorded in the error log.
-+ Prior to this change, ap_log_rerror() always sent warning
-+ messages to the client. In one case, a faulty CGI script caused
-+ the server to send a warning message to the client that contained
-+ the full path to the CGI script. This could be considered a
-+ minor security exposure. [Bill Stoddard]
-+
-+ *) mod_autoindex output when SuppressRules was specified would
-+ omit the first carriage return so the first item in the list
-+ would appear to the right of the column headings instead of
-+ underneath them. PR 8016 [David Shane Holden <dpejesh yahoo.com>]
-+
-+ *) Moved the call to apr_mmap_dup outside the error branch so
-+ that it would actually get called. This fixes a core dump
-+ at init everytime you use the MMapFile directive. PR 8314
-+ [Paul J. Reder]
-+
-+ *) Trigger an error when a LoadModule directive attempts to
-+ load a module which is built-in. This is a common error when
-+ switching from a DSO build to a static build. [Jeff Trawick]
-+
-+ *) Change instdso.sh to use libtool --install everywhere and then
-+ clean up some stray files and symlinks that libtool leaves around
-+ on some platforms. This gets subversion building properly since
-+ it needed a re-link to be performed by libtool at install time,
-+ and the old instdso.sh logic to simply cp the DSO didn't handle
-+ that requirement. [Sander Striker]
-+
-+ *) Allow VPATH builds to succeed when configured from an empty
-+ directory. [Thom May <thom planetarytramp.net>]
-+
-+ *) Fix 'control reaches end of non-void function' warning in
-+ server/log.c. [Ben Collins-Sussman <sussman collab.net>]
-+
-+ *) Perchild MPM is now correctly deemed as experimental and is now
-+ located in server/mpm/experimental. [Justin Erenkrantz]
-+
-+ *) Fix segfault in mod_mem_cache when garabge collecting an expired
-+ cache entry. [Bill Stoddard]
-+
-+ *) Introduced -E startup_logfile_name option to httpd to allow admins
-+ to begin logging errors immediately. This provides Win32 users
-+ an alternative to sending startup errors to the event viewer, and
-+ allows other daemon tool authors an alternative to logging to stderr.
-+ [William Rowe]
-+
-+ *) Fix subreqs with non-defined Content-Types being served improperly.
-+ [Justin Erenkrantz]
-+
-+ *) Merge in latest GNU config.guess and config.sub files. PR 7818.
-+ [Justin Erenkrantz]
-+
-+ *) Move 100 - Continue support to the HTTP_IN filter so that filters
-+ are guaranteed to support 100 - Continue logic without any
-+ intervention. [Justin Erenkrantz]
-+
-+ *) Add HTTP chunked input trailer support. [Justin Erenkrantz]
-+
-+ *) Rename and export get_mime_headers as ap_get_mime_headers.
-+ [Justin Erenkrantz]
-+
-+ *) Allow empty Host: header arguments. PR 7441. [Justin Erenkrantz]
-+
-+ *) Properly substitute sbindir as httpd's location in apachectl. PR 7840.
-+ [Andreas Hasenack <andreas netbank.com.br>]
-+
-+ *) Allow Win32 shebang scripts to follow the path (or omit the .exe
-+ suffix from the shebang command), and allow ScriptInterpreterSource
-+ Registry or RegistryStrict to override shebang lines, as 1.3 did.
-+ PR 8004 [William Rowe]
-+
-+ *) worker MPM: Fix a situation where a child exited without releasing
-+ the accept mutex. Depending on the OS and mutex mechanism this
-+ could result in a hang. [Jeff Trawick]
-+
-+ *) Update the instructions for how to get started with mod_example.
-+ [Stas Bekman]
-+
-+ *) Fix PidFile to default to rel_runtimedir instead of
-+ rel_logfiledir. PR 7841. [Andreas Hasenack <andreas netbank.com.br>]
-+
-+ *) Win32: Fix problem that caused rapid performance degradation
-+ when number of connecting clients exceeded ThreadsPerChild.
-+ [Bill Stoddard]
-+
-+ *) Fixed a segfault parsing large SSIs on non-mmap systems.
-+ [Brian Havard]
-+
-+ *) Proxy was bombing out every second keepalive request, caused by a
-+ stray CRLF before the second response's status line. Proxy now
-+ tries to read one more line if it encounters a CRLF where it
-+ expected a status. PR 10010 [Graham Leggett]
-+
-+ *) Deprecated the apr_lock.h API. Please see the following files
-+ for the improved thread and process locking and signaling:
-+ apr_proc_mutex.h, apr_thread_mutex.h, apr_thread_rwlock.h,
-+ apr_thread_cond.h, and apr_global_mutex.h. [Aaron Bannert]
-+
-+ *) Change mod_status to use scoreboard accessor functions so it can
-+ be used in any MPM without having to be recompiled.
-+ [Ryan Morgan <rmorgan covalent.net>]
-+
-+ *) Fix parsing of some AP_DECLARE_DATA declarations so that the filter
-+ handle declarations are recognized. This fixes problems loading
-+ mod_autoindex on some platforms. [Brian Havard]
-+
-+ *) add optional fixup hook to proxy [Daniel Lopez <daniel covalent.net>]
-+
-+ *) Remind the admin about the User and Group directives when we are
-+ unable to set permissions on a semaphore. PR 7812 [Jeff Trawick]
-+
-+ *) fix possible compilation problem in ssl_engine_kernel.c. PR 7802
-+ [Doug MacEachern]
-+
-+ *) fix possible infinite loop in mod_ssl triggered by certain
-+ netscape clients [Doug MacEachern]
-+
-+ *) fix ProxyPass when frontend is https and backend is http
-+ [Doug MacEachern]
-+
-+ *) Add DASL support to mod_dav
-+ [Sung Kim <hunkim cse.ucsc.edu>]
-+
-+Changes with Apache 2.0.35
-+
-+ *) mod_rewrite: updated to use the new APR global mutex type.
-+ [Aaron Bannert]
-+
-+ *) Fixes for mod_include errors on boundary conditions in which
-+ "<!--#" occurs at the very end of a bucket
-+ [Paul Reder, Brian Pane]
-+
-+ *) worker, prefork, perchild, beos MPMs: Add -DFOREGROUND switch to
-+ cause the Apache parent process to run in the foreground (similar to
-+ -DNO_DETACH except that it doesn't switch session ids).
-+ [Jeff Trawick]
-+
-+ *) Added support for Posix semaphore mutex locking (AcceptMutex posixsem)
-+ for those platforms that support it. If using the default
-+ implementation, this is between pthread and sysvsem in priority.
-+ This implies it's the new default for Darwin. [Jim Jagielski]
-+
-+ *) AIX: Fix the syntax for setting the LDR_CNTRL and AIXTHREAD_SCOPE
-+ environment variables in the envvars file. [Jeff Trawick]
-+
-+ *) worker MPM: Don't create a listener thread until we have a worker
-+ thread. Otherwise, in situations where we'll have to wait a while
-+ to take over scoreboard slots from a previous generation, we'll be
-+ accepting connections we can't process yet. [Jeff Trawick]
-+
-+ *) Allow worker MPM to build on systems without pthread_kill().
-+ [Pier Fumagalli, Jeff Trawick]
-+
-+ *) Prevent ap_add_output_filters_by_type from being called in
-+ ap_set_content_type if the content-type hasn't changed.
-+ [Justin Erenkrantz]
-+
-+ *) Performance: implemented the bucket allocator made possible by the
-+ API change in 2.0.34. [Cliff Woolley]
-+
-+ *) Don't allow initialization to succeed if we can't get a socket
-+ corresponding to one of the Listen statements. [Jeff Trawick]
-+
-+Changes with Apache 2.0.34
-+
-+ *) Allow all Perchild directives to accept either numerical UID/GID
-+ or logical user/group names. [Scott Lamb <slamb slamb.org>]
-+
-+ *) Make Perchild compile cleanly and serve pages again. [Ryan Bloom]
-+
-+ *) implement ssl proxy to support ProxyPass / https:// and the
-+ SSLProxy* directives [Doug MacEachern]
-+
-+ *) Update mod_cgid to not do single-byte socket reads for CGI headers
-+ [Brian Pane]
-+
-+ *) Made AB's use of the Host: header rfc2616 compliant
-+ by Taisuke Yamada <tai iij.ad.jp> [Dirk-Willem van Gulik].
-+
-+ *) The old, legacy (and unused) code in which the scoreboard was totally
-+ and completely contained in a file (SCOREBOARD_FILE) has been
-+ removed. This does not affect scoreboards which are *mapped* to
-+ files using named-shared-memory. [Jim Jagielski]
-+
-+ *) Change bucket brigades API to allow a "bucket allocator" to be
-+ passed in at certain points. This allows us to implement freelists
-+ so that we can stop using malloc/free so frequently.
-+ [Cliff Woolley, Brian Pane]
-+
-+ *) Add support for macro expansion within the variable names in
-+ <!--#echo--> and <!--#set--> directives [Brian Pane]
-+
-+ *) Fix some mod_include segfaults [Cliff Woolley, Brian Pane, Brad Nicholes]
-+
-+ *) Update the "RedHat" Layout to match Red Hat Linux version 7. PR BZ-7422
-+ [Joe Orton]
-+
-+ *) add compat layer to support RSA SSLC 1.x and 2.x in mod_ssl
-+ [Jon Travis, John Barbee, William Rowe, Ryan Bloom, Doug MacEachern]
-+
-+ *) Add a new parameter to the quick_handler hook to instruct
-+ quick handlers to optionally do a lookup rather than actually
-+ serve content. This is the first of several changes required fix
-+ several problems with how quick handlers work with subrequests.
-+ [Bill Stoddard]
-+
-+ *) worker MPM: Get MaxRequestsPerChild to work again. [Jeff Trawick]
-+
-+ *) [APR-related] The ordering of the default accept mutex method has
-+ been changed to better match what's done in Apache 1.3. The ordering
-+ is now (highest to lowest): pthread -> sysvsem -> fcntl -> flock.
-+ [Jim Jagielski]
-+
-+ *) Ensure that the build/ directory is created when using VPATH.
-+ [Justin Erenkrantz]
-+
-+ *) Add some popular types to the mime magic file. PR 7730.
-+ [Linus Walleij <triad df.lth.se>, Justin Erenkrantz]
-+
-+ *) Remove the single-byte socket reads for CGI headers [Brian Pane]
-+
-+ *) When a proxied site was being served, Apache was replacing
-+ the original site Server header with it's own, which is not
-+ allowed by RFC2616. Fixed. [Graham Leggett]
-+
-+ *) Fix a mod_cgid problem that left daemon processes stranded
-+ in some server restart scenarios. [Jeff Trawick]
-+
-+ *) Added exp_foo and rel_foo variables to config_vars.mk for
-+ all Apache and Autoconf path variables (like --sysconfdir,
-+ --sbindir, etc). exp_foo is the "expanded" version, which means
-+ that all internal variable references have been interpolated.
-+ rel_foo is the same as $exp_foo, only relative to $prefix if they
-+ share a common path. [Aaron Bannert]
-+
-+ *) Fix some restart/terminate problems in the worker MPM. Don't
-+ drop connections during graceful restart. [Jeff Trawick]
-+
-+ *) Change the header merging behaviour in proxy, as some headers
-+ (like Set-Cookie) cannot be unmerged due to stray commas in
-+ dates. [Graham Leggett]
-+
-+ *) Be more vocal about what AcceptMutex values we allow, to make
-+ us closer to how 1.3 does it. [Jim Jagielski]
-+
-+ *) Get nph- CGI scripts working again. PRs 8902, 8907, 9983
-+ [Jeff Trawick]
-+
-+ *) Upgraded PCRE library to latest version 3.9 [Brian Pane]
-+
-+ *) Add accessor function to set r->content_type. From now on,
-+ ap_rset_content_type() should be used to set r->content_type.
-+ This change is required to properly implement the
-+ AddOutputFilterByType configuration directive.
-+ [Bill Stoddard, Sander Striker, Ryan Bloom]
-+
-+ *) Add new M_FOO symbols for the WebDAV/DeltaV methods specified by
-+ RFC 3253. Improved the method name/number mapping functions.
-+ [Greg Stein]
-+
-+ *) remove sock_enable_linger from connection.c [Ian Holsman]
-+
-+ *) Fix for virtual host processing where the requested hostname
-+ has a '.' at the end (PR 9187) [Ryan Cruse <ryan estara.com>]
-+
-+ *) mod_dav's APIs for REPORT response handling was changed so that
-+ providers can generate the content directly into the output filter
-+ stack, rather than buffering the response into memory. [Greg Stein]
-+
-+ *) Fix a hang condition with graceful restart and prefork MPM
-+ in the situation where MaxClients is very high but
-+ much fewer servers are actually started at the time of the
-+ restart. [Jeff Trawick]
-+
-+ *) Small performance fixes for mod_include [Brian Pane]
-+
-+ *) Performance improvement for the error logger [Brian Pane]
-+
-+ *) Change configure so that Solaris 8 and above have
-+ SINGLE_LISTEN_UNSERIALIZED_ACCEPT defined by default.
-+ according to sun people solaris 8+ doesn't have a thundering
-+ herd problem [Ian Holsman]
-+
-+ *) Allow URIs specifying CGI scripts to include '/' at the end
-+ (e.g., /cgi-bin/printenv/) on AIX and Solaris (and other OSs
-+ which ignore '/' at the end of the names of non-directories).
-+ PR 10138 [Jeff Trawick]
-+
-+ *) implement SSLSessionCache shmht and shmcb based on apr_rmm and
-+ apr_shm. [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
-+
-+ *) Fix apxs -g handling. Move config_vars.mk from the top build
-+ directory to the build directory. PR 10163 [Jeff Trawick]
-+
-+ *) Fix some mod_include problems which broke evaluation of some
-+ expressions. PR 10108 [Jeff Trawick]
-+
-+ *) Fix the calculation of request time in mod_status. [Stas Bekman]
-+
-+ *) Fix the calculation of thread_num in the worker score structure.
-+ [Stas Bekman]
-+
-+ *) Use apr_atomic operations in managing the mod_mem_cache
-+ cache_objects for SMP scalability. (see USE_ATOMICS
-+ preprocessor directive in mod_file_cache)
-+ [Bill Stoddard]
-+
-+ *) Add filehandle caching to mod_mem_cache. (see CACHE_FD
-+ preprocessor directive in mod_file_cache)
-+ [Bill Stoddard]
-+
-+ *) Implement prototype mod_disk_cache for use with mod_cache.
-+ [Bill Stoddard]
-+
-+ *) Add a missing manualdir entry in the Debian config.layout.
-+ [Thom May <thom planetarytramp.net>]
-+
-+ *) Stop installing libtool for APR and tell APR where it should place
-+ its copy of libtool (via our installbuildpath layout variable).
-+ [Justin Erenkrantz]
-+
-+ *) New directive ProxyIOBufferSize. Sets the size of the buffer used
-+ when reading from a remote HTTP server in proxy. [Graham Leggett]
-+
-+ *) Modify receive/send loop in proxy_http and proxy_ftp so that
-+ should it be necessary, the remote server socket is closed before
-+ transmitting the last buffer (set by ProxyIOBufferSize) to the
-+ client. This prevents the backend server from being forced to hang
-+ around while the last few bytes are transmitted to a slow client.
-+ Fix the case where no error checking was performed on the final
-+ brigade in the loop. [Graham Leggett]
-+
-+ *) Scrap CacheMaxExpireMin and CacheDefaultExpireMin. Change
-+ CacheMaxExpire and CacheDefaultExpire to use seconds rather than
-+ hours. [Graham Leggett, Bill Stoddard]
-+
-+ *) New Directive SSIUndefinedEcho. to change the '(none)' echoed
-+ for a undefined variable. [Ian Holsman]
-+
-+ *) Proxy HTTP and CONNECT: Keep trying other addresses from the DNS
-+ when we can't get a socket in the specified address family. We may
-+ have gotten back an IPv6 address first and yet our system is not
-+ configured to allow IPv6 sockets. [Jeff Trawick]
-+
-+ *) Be more careful about recursively removing CVS directories. Make
-+ sure that we aren't cd'ing to their home directory first. PR: 9993
-+ [Aaron Bannert, James LewisMoss <dres lewismoss.net>]
-+
-+ *) Add a missing errordir entry in the Debian config.layout. PR: 10067
-+ [Dirk-Jan Faber <dirk-jan selwerd.nl>, Aaron Bannert,
-+ Thom May <thom planetarytramp.net>]
-+
-+ *) Rename the filter ordering priorities. The recent filtering fixes
-+ have showcased problems with their usage. Therefore, we need to
-+ rename them to increase the clarity. (CONTENT->RESOURCE,
-+ HTTP_HEADER->CONTENT_SET/PROTOCOL) [Justin Erenkrantz]
-+
-+Changes with Apache 2.0.33
-+
-+ *) Fix a problem in the new --enable-layout functionality where
-+ it wouldn't allow overrides from variables like --prefix,
-+ --bindir, etc. [Thom May <thom planetarytramp.net>]
-+
-+ *) Fix a bug in the core input filter for AP_MODE_EXHAUSTIVE. It
-+ no longer hangs around waiting for the socket to close before
-+ returning exhaustive data. [Aaron Bannert]
-+
-+ *) rename apr_exploded_time_t to apr_time_exp_t (as per renames pending)
-+ [Thom May <thom planetarytramp.net>]
-+
-+ *) Change mod_ssl to always do a full startup/teardown on restarts.
-+ this allows mod_ssl to be added to a server that is already
-+ running and makes it possible to add/change certs/keys after the
-+ server has been started. [Doug MacEachern]
-+
-+ *) Introduce PassPhraseDialog "|/path/to/pipe" mechanism to mod_ssl.
-+ This pipe must be a bidirectional 'console' style relay, which
-+ mod_ssl prints all prompts to the pipe's stdin, and reads the
-+ passphrases from the pipe's stdout. [William Rowe]
-+
-+ *) Fix bug where --sysconfdir and --localstatedir were being
-+ ignored. [Thom May <thom planetarytramp.net>, Aaron Bannert]
-+ PR 9888
-+
-+ *) Fix --enable-layout to work again. Caution: When specifying
-+ --enable-layout, common arguments like --prefix, --exec-prefix,
-+ etc. will be ignored and the settings from the layout will be
-+ used instead. [Thom May <thom planetarytramp.net>, Aaron Bannert]
-+ PR 9124, 9873, 9885
-+
-+ *) New Directive for mod_proxy: ProxyRemoteMatch. This provides
-+ regex pattern matching for the determination of which requests
-+ to use the remote proxy for. [Jim Jagielski]
-+
-+ *) Fix CustomLog bytes-sent with HTTP 0.9. [Justin Erenkrantz]
-+
-+ *) Prevent Apache from ignoring SIGHUP due to some lingering 1.3
-+ cruft in piped logs and rewritemap child processes.
-+ [William Rowe]
-+
-+ *) All instances of apr_lock_t have been removed and converted
-+ to one of the following new lock APIs: apr_thread_mutex.h,
-+ apr_proc_mutex.h, or apr_global_mutex.h. No new code should
-+ use the apr_lock.h API, as the old API will soon be deprecated.
-+ [Aaron Bannert]
-+
-+ *) Merged in changes to mod_ssl up through 2.8.7-1.3.23.
-+ [Ralf S. Engelschall, Cliff Woolley]
-+
-+ *) mod-include: make it handle flush'es and fix the 'false-alarm'
-+ [Justin Erenkrantz, Brian Pane, Ian Holsman]
-+
-+ *) ap_get_*_filter_handle() functions to allow 3rd party modules
-+ to lookup filter handles so they can bypass the filter name
-+ lookup when adding filters to a request (via ap_add_*_filter_handle())
-+ [Ryan Morgan <rmorgan covalent.net>]
-+
-+ *) Fix for multiple file buckets on Win32, where the first file
-+ bucket would cause the immediate closure of the socket on any
-+ non-keepalive requests. [Ryan Morgan <rmorgan covalent.net>]
-+
-+ *) Correct Win32 failure of mmap of a segment beyond start of the
-+ file; fixes large SSL and similar transfers. [William Rowe]
-+ PR 9898
-+
-+ *) Implement apr_proc_detach changes and allow -DNO_DETACH in the
-+ multi-process mode to not "daemonize" while detaching from the
-+ controlling terminal. This is necessary for Apache to work with
-+ process-management tools like AIX's "System Resource Controller"
-+ as well as Dan Bernstein's "daemontools".
-+ [Jos Backus <josb cncdsl.com>, Aaron Bannert]
-+
-+ *) Convert mod_auth_digest to use the new apr_global_mutex_t
-+ type. [Aaron Bannert]
-+
-+ *) fix bug in mod-include where it wouldn't send a unmatched
-+ part if it was at the end of a bucket [Ian Holsman]
-+
-+ *) worker MPM: Improve logging of errors with the interface between
-+ the listener thread and worker threads. [Jeff Trawick]
-+
-+ *) Some browsers ignore cookies that have been merged into a
-+ single Set-Cookie header. Set-Cookie and Set-Cookie2 headers
-+ are now unmerged in the http proxy before being sent to the
-+ client. [Graham Leggett]
-+
-+ *) Fix a problem with proxy where each entry of a duplicated
-+ header such as Set-Cookie would overwrite and obliterate the
-+ previous value of the header, resulting in multiple header
-+ values (like cookies) going missing.
-+ [Graham Leggett, Joshua Slive]
-+
-+ *) Add the server-limit and thread-limit values to the scoreboard
-+ for the sake of third-party applications.
-+ [Adam Sussman <myddryn vishnu.vidya.com>]
-+
-+ *) Fix segfault when proxy recieves an invalid HTTP response [Ian Holsman]
-+
-+ *) OS/390: Get make install to properly copy DSO modules.
-+ [Jeff Trawick]
-+
-+ *) Win32: Fix bug in mod_status with displaying "Restart Time"
-+ and "Server uptime".
-+ [Bill Stoddard]
-+
-+ *) Fix IPv6 name-based virtual hosts. [Jeff Trawick]
-+
-+ *) Introduce AddOutputFilterByType directive. [Justin Erenkrantz]
-+
-+ *) Fix DEBUG_CGI support in mod_cgi. PR 9670, 9671.
-+ [David MacKenzie <djm pix.net>]
-+
-+ *) Fix incorrect check for script_in in mod_cgi. PR 9669.
-+ [David MacKenzie <djm pix.net>]
-+
-+ *) Fix segfault and display error when SSLMutex file can not be
-+ created. [Adam Sussman <myddryn vishnu.vidya.com>]
-+
-+ *) Add reference counting to mod_mem_cache cache objects to
-+ better manage removing objects from the cache.
-+ [Bill Stoddard]
-+
-+ *) Change the verbage on the ScoreBoardFile in our default configs.
-+ Also change the default to be commented out (unspecified) so we
-+ get anonymous shared memory by default. [Aaron Bannert]
-+
-+ *) Implement new ScoreBoardFile directive logic. This affects how
-+ we create the scoreboard's shared memory segment. If the directive
-+ is present, a name-based segment is created. If the directive is
-+ not present, first an anonymous segment is created, and if that
-+ fails, a name-based segment is created from a file of the name
-+ DEFAULT_SCOREBOARD. This gives third-party applications the
-+ ability to access our scoreboard. [Aaron Bannert]
-+
-+ *) Allow mod_deflate to work with non-GET requests and properly send
-+ Content-Lengths. [Sander Striker <striker apache.org>]
-+
-+ *) Fix ap_directory_merge() to correctly merge configs when there is
-+ no <Directory /> block. [Justin Erenkrantz, William Rowe]
-+
-+ *) Remove spurious debug messsages that are normal under HTTP
-+ keep-alive logic. [Jeff Trawick, Justin Erenkrantz]
-+
-+ *) Fix a bug in mod_cgid that would prevent proper shutdown death
-+ of the cgid process. [Aaron Bannert]
-+
-+ *) Add signal handling back in to the worker MPM for the one_process
-+ (-X, -DDEBUG, -DONE_PROCESS) case. [Aaron Bannert]
-+
-+ *) Performance: Reuse per-connection transaction pools in the
-+ worker MPM, rather than destroying and recreating them. [Brian Pane]
-+
-+ *) Remove all signals from the worker MPM's child process. Instead,
-+ the parent uses the Pipe of Death for all communication with the
-+ child processes. [Ryan Bloom]
-+
-+Changes with Apache 2.0.32
-+
-+ *) mod_negotiation: ForceLanguagePriority now uses 'Prefer' as the
-+ default if the directive is not specified. This mirrors older
-+ behavior without changes to the httpd.conf. [William Rowe]
-+
-+ *) Win32: solve the win32 service problems in 2.0.31-alpha, by fixing
-+ the service, mpm and logging code, and bugs in apr_file_open_stderr
-+ and apr_file_dup2 functions. Win2K/XP services have no handles
-+ associated for stdin/out/err, which caused unpredictable behavior
-+ in the prior release. [William Rowe, Bill Stoddard]
-+
-+ *) Win32: simplify the Application Event Log messages, since there isn't
-+ likely to be 'more information in the error log' before an error log
-+ has been opened. [William Rowe]
-+
-+ *) Win32: substantial cleanup to the mpm_winnt code for legibility and
-+ to follow the program flow of other MPMs. [Ryan Bloom, William Rowe]
-+
-+ *) Win32: apache -k shutdown now behaves like apache -k stop.
-+ [Bill Stoddard]
-+
-+ *) Fix prefork to not kill the parent if a child hits a resource shortage
-+ on accept(). [Greg Ames]
-+
-+ *) Fix seg faults that occur when what should be the httpd request line
-+ starts with \r\n followed by garbage. [Greg Ames]
-+
-+ *) Allow statically linked support binaries with the new
-+ --enable-static-support flag, and enable this behavior in
-+ the binbuild script. Also add a new --enable-static-htdbm
-+ flag. [Aaron Bannert]
-+
-+ *) Allow mod_autoindex to serve symlinks if permitted and attempt to
-+ do only one stat() call when generating the directory listings.
-+ [Justin Erenkrantz]
-+
-+ *) Fix resolve_symlink to save the original symlink name if known.
-+ [Justin Erenkrantz]
-+
-+ *) Be a bit more sane with regard to CanonicalNames. If the user has
-+ specified they want to use the CanonicalName, but they have not
-+ configured a port with the ServerName, then use the same port that
-+ the original request used. [Ryan Bloom and Ken Coar]
-+
-+ *) In core_input_filter, check for an empty brigade after
-+ APR_BRIGADE_NORMALIZE(). Otherwise, we can get segfaults if a
-+ client says it will post some data but we get FIN before any
-+ data arrives. [Jeff Trawick]
-+
-+ *) Not being able to bind to the socket is a fatal error. We should
-+ print an error to the console, and return a non-zero status code.
-+ With these changes, all of the Unix MPMs do that correctly.
-+ [Ryan Bloom]
-+
-+ *) suexec: Allow HTTPS and SSL_* environment variables to be passed
-+ through to CGI scripts. PR 9163
-+ [Brian Reid <breid customlogic.com>,
-+ Zvi Har'El <rl math.technion.ac.il>]
-+
-+ *) binbuild.sh: Make sure that we use the expat from our source
-+ tree so that there aren't any surprises on the target machine.
-+ [Jeff Trawick]
-+
-+ *) mod_cgid: Add retry logic for when the daemon can't fork fast
-+ enough to keep up with new requests. Start using
-+ HTTP_SERVER_UNAVAILABLE instead of HTTP_INTERNAL_SERVER_ERROR
-+ when we can't talk to the daemon. [Jeff Trawick]
-+
-+ *) apxs: LTFLAGS envvar can override default libtool options. Try
-+ "LTFLAGS=' ' apxs -c mod_foo.c" to see what libtool does under
-+ the covers. [Jeff Trawick]
-+
-+ *) The Location: response header field, used for external
-+ redirect, *must* be an absoluteURI. The Redirect directive
-+ tested for that, but RedirectMatch didn't -- it would allow
-+ almost anything through. Now it will try to turn an abs_path
-+ into an absoluteURI, but it will correctly varf like Redirect
-+ if the final redirection target isn't an absoluteURI. [Ken Coar]
-+
-+Changes with Apache 2.0.31
-+
-+ *) Create the scoreboard (in the parent) in a global pool context,
-+ so it survives graceful restarts. This fixes a SEGV during
-+ graceful restarts. [Aaron Bannert]
-+
-+ *) Add a timeout option to the proxy code 'ProxyTimeout'
-+ [Ian Holsman]
-+
-+ *) FTP directory listings are now always retrieved in ASCII mode.
-+ The FTP proxy properly escapes URI's and HTML in the generated
-+ listing, and escapes the path components when talking to the FTP
-+ server. It is now possible to browse the root directory by using
-+ a url like: ftp://user@host/%2f/ (ported from apache_1.3.24)
-+ Also, the last path component may contain wildcard characters
-+ '*' and '?', and if they do, a directory listing is created instead
-+ of a file retrieval. Example: ftp://user@host/httpd/server/*.c
-+ [Martin Kraemer]
-+
-+ *) Added single-listener unserialized accept support to the
-+ worker MPM [Brian Pane]
-+
-+ *) New Directive for mod_proxy: 'ProxyPreserveHost'. This passes
-+ the incoming host header through to the proxied server
-+ [Geoff <g.russell ieee.org>]
-+
-+ *) New Directive Option for ProxyPass. It now can block a location
-+ from being proxied [Jukka Pihl <jukka.pihl entirem.com>]
-+
-+ *) Don't let the default handler try to serve a raw directory. At
-+ best you get gibberish. Much worse things can happen depending
-+ on the OS. [Jeff Trawick]
-+
-+ *) Change the pre_config hook to return a value. Modules can now emit
-+ an error message and then cause the server to quit gracefully during
-+ startup. This required a bump to the MMN. [Aaron Bannert]
-+
-+ *) Fix some unix socket descriptor leaks in the handler side of
-+ mod_cgid (the part that runs in the server process). Whack a
-+ silly "close(-1)" in the handler too. [Jeff Trawick]
-+
-+ *) Change the pre_mpm hook to return a value, so that scoreboard
-+ init errors percolate up to code that knows how to exit
-+ cleanly. This required a bump to the MMN. [Jeff Trawick]
-+
-+ *) Add the socket back to the conn_rec and remove the create_connection
-+ hook. The create_connection hook had a design flaw that did not
-+ allow creating connections based on vhost info. [Bill Stoddard]
-+
-+ *) Fixed PATH_INFO and QUERY_STRING from mod_negotiation results.
-+ Resolves the common case of using negotation to resolve the request
-+ /script/foo for /script.cgi/foo. [William Rowe]
-+
-+ *) Added new functions ap_add_(input|output)_filter_handle to
-+ allow modules to bypass the usual filter name lookup when
-+ adding hard-coded filters to a request [Brian Pane]
-+
-+ *) caching should now work on subrequests (still very experimental)
-+ [Ian Holsman]
-+
-+ *) The Win32 mpm_winnt now has a shared scoreboard. [William Rowe]
-+
-+ *) Change ap_get_brigade prototype to use apr_off_t instead of apr_off_t*.
-+ [Justin Erenkrantz]
-+
-+ *) Refactor ap_rgetline so that it does not use an internal brigade.
-+ Change ap_rgetline's prototype to return errors. [Justin Erenkrantz]
-+
-+ *) Remove mod_auth_db. [Justin Erenkrantz]
-+
-+ *) Do not install unnecessary pcre headers like config.h and internal.h.
-+ [Joe Orton <joe manyfish.co.uk>]
-+
-+ *) Change in quick_hanlder behavior for subrequests. it now passes DONE
-+ (as it does for a normal request). quick_handled sub-requests now work
-+ in mod-include [Ian Holsman]
-+
-+ *) Change SUBREQ_CORE so that it is a 'HTTP_HEADER' filter instead of
-+ 'CONTENT' one, as it needs to run AFTER all content headers
-+
-+ *) Rename BeOS MPM directive RequestsPerThread to MaxRequestsPerThread.
-+ [Lars Eilebrecht]
-+
-+ *) Split out blocking from the mode in the input filters.
-+ [Justin Erenkrantz]
-+
-+ *) Fix a segfault in mod_include. [Justin Erenkrantz, Jeff Trawick]
-+
-+ *) Cause Win32 to capture all child-worker process errors in
-+ Apache to the main server error log, until the child can
-+ open its own error logs. [William Rowe]
-+
-+ *) HPUX 11.*: Do not kill the child process when accept()
-+ returns ENOBUFS on HPUX 11.*. (ported from th 1.3 patch)
-+ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>, Bill Stoddard]
-+
-+ *) Fix a problem in the parsing of the <Proxy foo> directive.
-+ [Jeff Trawick]
-+
-+ *) rewrite of mod_ssl input filter for better performance and less
-+ memory usage [Doug MacEachern]
-+
-+ *) allow quick_handler to be run on subrequests. [Ian Holsman]
-+
-+ *) mod_dav now asks its provider to place content directly into the
-+ filter stack when handling a GET request. The mod_dav/provider
-+ API has changed, so providers need to be updated. [Greg Stein]
-+
-+ *) Clear the output socket descriptor in unixd_accept() to make sure
-+ we don't supply a bogus socket to the caller if the accept fails.
-+ This caused problems with the worker MPM, which tried to process
-+ the returned socket if it was non-NULL. [Brian Pane]
-+
-+ *) Move a check for an empty brigade to the start of core input filter
-+ to avoid segfaults. [Justin Erenkrantz, Jeff Trawick]
-+
-+ *) Add FileETag directive to allow configurable control of what
-+ data are used to form ETag values for file-based URIs. MMN
-+ bumped to 20020111 because of fields added to the end of
-+ the core_dir_config structure. [Ken Coar]
-+
-+ *) Fix a segfault in mod_rewrite's logging code caused by passing the
-+ wrong config to ap_get_remote_host(). [Jeff Trawick]
-+
-+ *) Allow mod_cgid to work from a binary distribution install by
-+ using 755 for the permissions on the log directory instead of
-+ 750. [Jeff Trawick]
-+
-+ *) Fixed a segfault that happened during graceful shutdown (or when
-+ the httpd ran out of file descriptors) with the worker MPM [Brian Pane]
-+
-+ *) Split all Win32 modules [excluding the core components mod_core,
-+ mod_so, mod_win32 and the winnt mpm] into individual loadable
-+ modules, so the administrator may individually disable the former
-+ compiled-in modules by simply commenting out their LoadModule
-+ directives. [William Rowe]
-+
-+ *) Saved Win32 module authors and porters many future headaches, by
-+ duplicating the appropriate .h files such as os.h into the include
-+ directory, including in the build tree. [William Rowe]
-+
-+ *) mod_ssl adjustments to help with using toolkits other than OpenSSL:
-+ Use SSL functions/macros instead of directly dereferencing SSL
-+ structures wherever possible.
-+ Add type-casts for the cases where functions return a generic pointer.
-+ Add $SSL/include to configure search path.
-+ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
-+
-+ *) Moved several pointers out of the shared Scoreboard so it is
-+ more portable, and will present the vhost name across server
-+ generation restarts. [William Rowe]
-+
-+ *) Fix SSLPassPhraseDialog exec: and SSLRandomSeed exec:
-+ [Doug MacEachern]
-+
-+Changes with Apache 2.0.30
-+
-+ *) Fix the main bug for FreeBSD and threaded MPM's. There are
-+ still issues (see STATUS) but at least the server will now
-+ run without crashing the machine.
-+ [David Reid, Aaron Bannert, Justin Erenkrantz]
-+
-+ *) Fix a typo in mod_deflate's m4 config section.
-+ [albert chin <china thewrittenword.com>]
-+
-+ *) Fix a couple of mod_proxy problems forwarding HTTP connections
-+ and handling CONNECT:
-+ (1) PR #9190 Proxy failed to connect to IPv6 hosts.
-+ (2) Proxy failed to connect when the first IP address returned by
-+ the resolver was unreachable but a secondary IP address was.
-+ [Jeff Trawick]
-+
-+ *) Fix the module identifer as shown in the docs for various core
-+ modules (e.g., the identifer for mod_log_config was previously
-+ listed as config_log_module). PR #9338
-+ [James Watson <ap2bug sowega.org>]
-+
-+ *) Fix LimitRequestBody directive by placing it in the HTTP
-+ filter. [Justin Erenkrantz]
-+
-+ *) Fix mod_proxy seg fault when the proxied server returns
-+ an HTTP/0.9 response or a bogus status line.
-+ [Adam Sussman]
-+
-+ *) Prevent mod_proxy from truncating one character off the
-+ end of the status line returned from the proxied server.
-+ [Adam Sussman, Bill Stoddard]
-+
-+ *) Eliminate loop in ap_proxy_string_read().
-+ [Adam Sussman, Bill Stoddard]
-+
-+ *) Provide $0..$9 results from mod_include regex parsing.
-+ [William Rowe]
-+
-+ *) Allow mod-include to look for alternate start & end tags [Ian Holsman]
-+
-+ *) Introduced the ForceLanguagePriority directive, to prevent
-+ returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases,
-+ when using Multiviews. [William Rowe]
-+
-+ *) Fix a problem which prevented mod_cgid and suexec from working
-+ together reliably [Greg Ames]
-+
-+ *) Remove the call to exit() from within mod_auth_digest's post_config
-+ phase. [Aaron Bannert]
-+
-+ *) Fix a problem in mod_auth_digest that could potentially cause
-+ problems with initialized static data on a system that uses DSOs.
-+ [Aaron Bannert]
-+
-+ *) Fix a segfault in the worker MPM that could happen during
-+ child process exits. [Brian Pane, Aaron Bannert]
-+
-+ *) Allow mod_auth_dbm to handle multiple DBM types [Ian Holsman]
-+
-+ *) Fix matching of vhosts by ip address so we find IPv4
-+ vhost address when target address is v4-mapped form of
-+ that address. [Jeff Trawick]
-+
-+ *) More performance tweaks to the BNDM string-search algorithm
-+ used to find "<!--#" tokens in mod_include [Brian Pane]
-+
-+ *) Miscellaneous small performance fixes: optimized away various
-+ string copy operations and removed large temp buffers from
-+ the stack [Brian Pane]
-+
-+ *) Fixed startup segfault that occurred when a VirtualHost
-+ directive had a port but no address [Brian Pane]
-+
-+ *) Allow htdbm to work with multiple DBM types [Ian Holsman]
-+
-+ *) Win32: Made change to apr_sendfile() to return APR_ENOTIMPL
-+ if oslevel < WINNT. This should fix several problems reported
-+ Against 2.0.28 on Windows 98 [Bill Stoddard]
-+
-+ *) Win32: Fix bug that could cause CGI scripts with QUERY_STRINGS
-+ to fail. [Bill Stoddard]
-+
-+ *) Change core code to allow an MPM to set hard thread/server
-+ limits at startup. prefork, worker, and perchild MPMs now have
-+ directives to set these limits. [Jeff Trawick]
-+
-+ *) Win32: The async AcceptEx() event should be autoreset upon
-+ successful completion of a wait (WaitForSingleObject). This
-+ eliminates a number of spurious
-+ setsockopt(SO_UPDATE_ACCEPT_CONTEXT) failed." messages.
-+ [Bill Stoddard]
-+
-+ *) Move any load library path environment variables out of
-+ apachectl and into a separate environment variable file which
-+ can be more easily tailored by the admin. The environment
-+ variable file as built by Apache may have additional system-
-+ specific settings. For example, on OS/390 we tailor the heap
-+ settings to allow lots of threads. [Jeff Trawick]
-+
-+ *) Use the new APR pool code to reduce pool-related lock
-+ contention in the worker MPM. [Sander Striker]
-+
-+ *) The POD no longer assumes the child is listening on 127.0.0.1
-+ and now pulls the first hostname in the list of listeners to
-+ perform the dummy connect on. This fixes a bug when the user
-+ had configured the Listen directive for an IP other than
-+ 127.0.0.1. This would result in undead children and error
-+ messages such as "Connection refused: connect to listener".
-+ [Aaron Bannert]
-+
-+ *) The worker MPM now respects the LockFile setting, needed to
-+ avoid locking problems with NFS. [Jeff Trawick]
-+
-+ *) Fix segfault when worker MPM receives SIGHUP.
-+ [Ian Holsman, Aaron Bannert, Justin Erenkrantz]
-+
-+ *) Fix bug that could potentially prevent the perchild MPM from
-+ working with more than one vhost/uid. [Aaron Bannert]
-+
-+ *) Change make install and apxs -i processing of DSO modules to
-+ perform special handling on platforms where libtool doesn't install
-+ mod_foo.so. This fixes some wonkiness on HP-UX, Tru64, and AIX
-+ which prevented standard LoadModule statements from working.
-+ [Jeff Trawick]
-+
-+ *) Whenever mod_so is enabled (not just when there are DSOs for
-+ our modules), do whatever special magic is required for compiling/
-+ loading third-party modules. This allows third-party DSOs to
-+ be used on an AIX build when there were no built-in modules
-+ built as DSOs. (This should help on OS/390 and BeOS as well.)
-+ [Jeff Trawick]
-+
-+ *) Allow apxs to be used to build DSOs on AIX without requiring the
-+ user to hard-code the list of import files. (This should help
-+ on OS/390 and BeOS as well.) [Jeff Trawick]
-+
-+ *) Resolved segfault in mod_isapi when configuring with ISAPICacheFile.
-+ PR 8563, 8919 [William Rowe]
-+
-+ *) Get binary builds working when libapr and libaprutil are built
-+ shared [Greg Ames]
-+
-+ *) Get shared builds of libapr and libaprutil, as well as Apache DSOs,
-+ working on AIX. [Aaron Bannert, Dick Dunbar <RLDunbar pacbell.net>,
-+ Gary Hook <ghook us.ibm.com>, Victor Orlikowski, Jeff Trawick]
-+
-+ *) Fix the handling of SSI directives in which the ">" of the
-+ terminating "-->" is the last byte in a file [Brian Pane]
-+
-+ *) Add back in the "suEXEC mechanism enabled (wrapper: /path/to/suexec)"
-+ message that we had back in apache-1.3 and still have scattered
-+ throughout our docs. [Aaron Bannert]
-+
-+ *) Prevent the Win32 port from continuing after encountering an
-+ error in the command line args to apache. [William Rowe]
-+
-+ *) On a error in the proxy, make it write a line to the error log
-+ [Ian Holsman]
-+
-+ *) Various mod_ssl performance improvements [Doug MacEachern]
-+
-+Changes with Apache 2.0.29
-+
-+ *) Add buffering in core_output_filter to ensure that long
-+ lists of small buckets don't cause small packet writes.
-+ [Brian Pane, Ryan Bloom]
-+
-+ *) Fix the installation target to make sure that the manual is
-+ installed in the correct location.
-+ [Yoshifumi Hiramatsu <hiramatu boreas.dti.ne.jp> and
-+ Gomez Henri <hgomez slib.fr>]
-+
-+ *) Fix the cmd command for mod_include. When we are processing
-+ a cmd command, we do not want to use the r->filename to set
-+ the command name. The command comes from the SSI tag. To do this,
-+ I added a variable to the function that builds the command line
-+ in mod_cgi. This allows the include_cmd function to specify
-+ the command line itself. [Ryan Bloom]
-+
-+ *) Change open_logs hook to return a value, allowing you
-+ to flag a error while opening logs
-+ [Ian Holsman, Doug MacEachern]
-+
-+ *) Change post_config hook to return a value, allowing you
-+ to flag a error post config
-+ [Ian Holsman, Jeff Trawick]
-+
-+ *) Allow SUEXEC_BIN (the path to the suexec binary that is
-+ hard-coded into the server) to be specified to the configure
-+ script by the --with-suexec-bin parameter. [Aaron Bannert]
-+
-+ *) Fix segv in worker MPM following accept on pipe-of-death
-+ [Brian Pane]
-+
-+ *) Add mod_deflate to experimental.
-+ [Ian Holsman, Justin Erenkrantz]
-+
-+ *) Bail out at configure time if an invalid MPM was specified.
-+ [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>]
-+
-+ *) Prevent segv in ap_note_basic_auth_failure() when no AuthName is
-+ configured [John Sterling <sterling covalent.net>]
-+
-+ *) Fix apxs to use sbindir. [Henri Gomez <hgomez slib.fr>]
-+
-+ *) Fix a problem with IPv6 vhosts. PR #8118 [Jeff Trawick]
-+
-+ *) Optimization for the BNDM string-search function in
-+ mod_include. [Brian Pane]
-+
-+ *) Fixed the behavior of the XBitHack directive.
-+ [Taketo Kabe <kabe sra-tohoku.co.jp>, Cliff Woolley] PR#8804
-+
-+ *) The threaded MPM for Unix has been removed. Use the worker
-+ MPM instead. [various]
-+
-+ *) APR-ize the resolver logic in mod_unique_id. This fixes a bug
-+ in logging the error from a failed DNS lookup. [Jeff Trawick]
-+
-+ *) Added the missing macros AP_INIT_TAKE13 and AP_INIT_TAKE123.
-+ [Cliff Woolley]
-+
-+ *) Get mod_cgid killed when a MPM exits due to a fatal error.
-+ [Jeff Trawick]
-+
-+ *) Fix a file descriptor leak in mod_include. When we include a
-+ file, we use a sub-request, but we didn't destroy the sub-request
-+ immediately, instead we waited until the original request was
-+ done. This patch closes the sub-request as soon as the data is
-+ done being generated. [Brian Pane <bpane pacbell.net>]
-+
-+ *) Allow modules that add sockets to the ap_listeners list to
-+ define the function that should be used to accept on that
-+ socket. Each MPM can define their own function to use for
-+ the accept function with the MPM_ACCEPT_FUNC macro. This
-+ also abstracts out all of the Unix accept error handling
-+ logic, which has become out of synch across Unix MPMs.
-+ [Ryan Bloom]
-+
-+ *) Fix a bug which would cause the response headers to be omitted
-+ when sending a negotiated ErrorDocument because the required
-+ filters were attached to the wrong request_rec.
-+ [John Sterling <sterling covalent.net>]
-+
-+ *) Remove commas from the end of the macros that define
-+ directives that are used by MPMs. Prior to this patch,
-+ you would use these macros without commas, which was unlike
-+ the macros for any other directives. Now, the caller provides
-+ the comma rather than the macro providing it. This makes
-+ the macros look more like the rest of the directives.
-+ [Ryan Bloom and Cliff Woolley]
-+
-+ *) Add 'redirect-carefully' environment option to disable sending
-+ redirects under special circumstances. This is helpful for
-+ Microsoft's WebFolders when accessing a directory resource via
-+ DAV methods. [Justin Erenkrantz]
-+
-+ *) Begin to abstract out the underlying transport layer.
-+ The first step is to remove the socket from the conn_rec,
-+ the server now lives in a context that is passed to the
-+ core's input and output filters. This forces us to be very
-+ careful when adding calls that use the socket directly,
-+ because the socket isn't available in most locations.
-+ [Ryan Bloom]
-+
-+ *) Really reset the MaxClients value in worker and threaded
-+ when the configured value is not a multiple of the number
-+ of threads per child. We said we did previously but we
-+ forgot to. [Jeff Trawick]
-+
-+ *) Add Debian layout. [Daniel Stone <daniel sfarc.net>]
-+
-+ *) If shared modules are requested and mod_so is not available,
-+ produce a fatal config-time error. [Justin Erenkrantz]
-+
-+ *) Improve http2env's performance by cutting the work it has to
-+ do. [Brian Pane <bpane pacbell.net>]
-+
-+ *) use new 'apr_hash_merge' function in mod_mime (performance fix)
-+ [Brian Pane <bpane pacbell.net>]
-+
-+Changes with Apache 2.0.28
-+
-+ *) Fix infinite loop in mod_cgid.c.
-+ [Dale Ghent <daleg elemental.org>, Brian Pane <bpane pacbell.net>]
-+
-+ *) When no port is given in a "ServerName host" directive, the
-+ server_rec->port is now set to zero, not 80. That allows for
-+ run-time deduction of the correct server port (depending on
-+ SSL/plain, and depending also on the current setting of
-+ UseCanonicalName). This change makes redirections
-+ work, even with https:// connections. As in Apache-1.3, the
-+ connection's actual port number is never used, only the ServerName
-+ setting or the client's Host: setting. Documentation updated
-+ to reflect the change. [Martin Kraemer]
-+
-+ *) Add a '%{note-name}e' argument to mod-headers, which works in
-+ the same way as mod_log_confg. [Ian Holsman]
-+
-+ *) Fix the spelling of the AP_MPMQ_MIN_SPARE_DAEMONS and
-+ AP_MPMQ_MAX_REQUESTS_DAEMON macros in ap_mpm.h and all standard
-+ MPMs. [Cliff Woolley]
-+
-+ *) Introduce htdbm, a user management utility for db/dbm authorization
-+ databases. [Mladen Turk <mturk mappingsoft.com>]
-+
-+ *) Optimize usage of strlen and strcat in ap_directory_walk.
-+ [Brian Pane <bpane pacbell.net>]
-+
-+Changes with Apache 2.0.27
-+
-+ *) Introduce an Apache mod_ssl initial configuration template
-+ (ssl.conf, generated from ssl-std.conf). [Ralf S. Engelschall]
-+
-+ *) Fixed a memory leak in the getline parsing code that could
-+ be triggered by arbitrarily large header lines. Requests
-+ from the core input filter for single lines are now limited
-+ to HUGE_STRING_LEN (8192 bytes). [Aaron Bannert]
-+
-+ *) Fix a truncation bug in how we print the port on the Via: header.
-+ The routine that prints the Via: header now takes a length for
-+ the port string. [Zvi Har'El <rl math.technion.ac.il>]
-+
-+ *) Some syntax errors in mod_mime_magic's magic file can result
-+ in a 500 error, which previously was unlogged. Now we log the
-+ error. [Jeff Trawick]
-+
-+ *) Add the support/checkgid helper app, which checks the run-time
-+ validity of group identifiers usable in the Group directive.
-+ [Ken Coar]
-+
-+ *) Various --enable-so options have been fixed: --enable-so is
-+ treated as "static"; explicit --enable-so=shared issues an error;
-+ and explicit --enable-so fails with error on systems without
-+ APR_HAS_DSO. [Aaron Bannert]
-+
-+ *) Fix a segfault in the core input filter when the client socket
-+ gets disconnected unexpectedly. [Cliff Woolley]
-+
-+ *) Fix the reporting for child processes that die. This removes
-+ all of the non-portable W* macros from Apache.
-+ [Jeff Trawick and Ryan Bloom]
-+
-+ *) Win32: Track and display "Parent Server Generation:" in
-+ mod_status output. The generation will be bumped at
-+ server graceful restart, when the child process exits
-+ by hitting MaxRequestsPerChild or if the child
-+ process exits abnormally. [Bill Stoddard]
-+
-+ *) Win32: Fix problem where MaxRequestsPerChild directive was
-+ not being picked up in favor of the default. Enable
-+ the parent to start up a new child process immediately upon
-+ the old child starting shutdown.
-+ [Bill Stoddard]
-+
-+ *) Fix some bungling of the remote port in rfc1413.c so that
-+ IdentityCheck retrieves the proper user id instead of failing
-+ and thus always returning "nobody."
-+ [Dick Streefland <Dick.Streefland xs4all.nl>]
-+
-+ *) Introduced thread saftey for mod_rewrite's internal cache.
-+ [Brian Pane <bpane pacbell.net>]
-+
-+ *) Simplified mod_env's directives to behave as most directives are
-+ expected, in that UnsetEnv will not unset a SetEnv and PassEnv
-+ directive following that UnsetEnv within the same container.
-+ Also provides a runtime startup warning if a PassEnv configured
-+ environment value is undefined. [William Rowe]
-+
-+ *) The worker MPM is now completely ported to APR's new lock API. It
-+ uses native APR types for thread mutexes, cross-process mutexes,
-+ and condition variables. [Aaron Bannert]
-+
-+ *) Sync up documentation to remove all references to the now deprecated
-+ Port directive. [Justin Erenkrantz]
-+
-+ *) Moved all ldap modules from the core to httpd-ldap sub-project
-+ [Ryan Bloom]
-+
-+ *) Exit when we can't listen on any of the configured ports. This
-+ is the same behavior as 1.3, and it avoids having the MPMs to
-+ deal with bogus ap_listen_rec structures. [Jeff Trawick]
-+
-+ *) Cleanup the proxy code that creates a request to the origin
-+ server. This change adds an optional hook, which allows modules
-+ to gain control while the request is created if the proxy module
-+ is loaded. The purpose of this hook is to allow modules to add
-+ input and/or output filters to the request to the origin. While
-+ I was at it, I made the core use this hook, so that proxy request
-+ creation uses some of the code from the core. This can still be
-+ greatly improved, but this is a good start. [Ryan Bloom]
-+
-+Changes with Apache 2.0.26
-+
-+ *) Port the MaxClients changes from the worker MPM to the threaded
-+ MPM. [Ryan Bloom]
-+
-+ *) Fix mod_proxy so that it handles chunked transfer-encoding and works
-+ with the new input filtering system. [Justin Erenkrantz]
-+
-+ *) Introduce the MultiviewsMatch directive, to allow the operator
-+ to be flexible in recognizing Handlers and Filters filename
-+ extensions as part of the Multiviews matching logic, strict with
-+ MultiviewsMatch NegotiatedOnly to accept only filename extentions
-+ that designate negotiated parameters, (content type, charset, etc.)
-+ or MultiviewsAll for the 1.3 behavior of matching any files, even
-+ if they have unregistered extensions. [William Rowe]
-+
-+ *) Fixed the configure script to add a LoadModule directive to
-+ the default httpd.conf for any module that was compiled
-+ as a DSO. [Aaron Bannert <aaron clove.org>]
-+
-+ *) rewrite mod_ssl input filtering to work with the new input filtering
-+ system. [Justin Erenkrantz]
-+
-+ *) prefork: Don't segfault when we are able to listen on some but
-+ not all of the configured ports. [Jeff Trawick]
-+
-+ *) Build mod_so even if no core modules are built shared.
-+ [Aaron Bannert <aaron clove.org>]
-+
-+ *) Introduce ap_directory_walk rewrite (with further optimizations
-+ required) to adapt to the ap_process_request_internal() changes.
-+ Optimized so subrequests and redirects now reuse previous section
-+ merges, until we mismatch with the original directory_walk, and
-+ precomputed r->finfo results will cause directory_walk to skip
-+ the most expensive phases of the function. [William Rowe]
-+
-+ *) Allow ApacheMonitor to connect to and control Apache on other
-+ WinNT/2K machines. [Mladen Turk <mturk mappingsoft.com>]
-+
-+ *) Remove the Port directive. In it's place, the Listen directive
-+ is now a required directive, which tells Apache what port to
-+ listen on. The ServerName directive has also been extended
-+ to accept an optional port. If the port is specified to the
-+ ServerName, the server will report that port whenever it
-+ reports the port that it is listening on. This change was
-+ made to ease configuration errors that stem from having a Port
-+ directive, and a Listen directive. In that situation, the server
-+ would only listen to the port specified by the Listen command,
-+ which caused a lot of confusion to users. [Ryan Bloom]
-+
-+ *) Added mod_mime_magic, mod_unique_id and mod_vhost_alias to the Win32
-+ build, as loadable modules. [William Rowe]
-+
-+ *) Fix --enable-mods-shared processing. If most is specified,
-+ then all modules that can be compiled as shared modules are.
-+ [Aaron Bannert <aaron clove.org>]
-+
-+ *) Update the mime.types file to map video/vnd.mpegurl to mxu
-+ and add commonly used audio/x-mpegurl for m3u extensions.
-+ [Heiko Recktenwald <uzs106 uni-bonn.de>, Lars Eilebrecht]
-+
-+ *) Eliminate the depreciated r->content_language, in favor of the array
-+ r->content_languages introduced many years ago. Module authors must
-+ substantially overhaul their modules, so this needs to be upgraded
-+ if the module still relied on backwards-brokeness. [William Rowe]
-+
-+ *) Allow configure help strings to work with autoconf 2.50+ and 2.13.
-+ [Justin Erenkrantz]
-+
-+ *) Rewrite the input filtering mechanisms to consolidate and reorganize
-+ code. In short, core_input_filter does something now and
-+ ap_http_filter is now only concerned with HTTP. [Justin Erenkrantz]
-+
-+ *) Update the Win32 build to re-absorb mod_proxy and family.
-+ [William Rowe]
-+
-+ *) Resolved the build failure on Win32 using MSVC 5.0 (without the
-+ current SDK.) [William Rowe]
-+
-+ *) Some style changes to the code that does ProxyErrorOverride. Fixed
-+ config merge behaviour. [Graham Leggett]
-+
-+ *) Allow support programs to be compiled against a static version
-+ of libapr. This allows the smaller support programs to be
-+ relocated. [Aaron Bannert <aaron clove.org>]
-+
-+ *) Update the mime.types file to the registered media types as
-+ of 2001-09-25, and add mapping for xsl extension [Mark Cox]
-+
-+ *) Fix MaxClients in the Worker MPM, so that it specifies the maximum
-+ number of clients that can connect at the same time, instead of
-+ specifying the maximum number of child processes.
-+ [Aaron Bannert <aaron clove.org>]
-+
-+ *) Switch proc_pthread AcceptMutex configuration directive to pthread to
-+ be consistent with 1.3. [Justin Erenkrantz]
-+
-+ *) Cache apr_explode_localtime() value for 15 seconds.
-+ [Brian Pane <bpane pacbell.net>]
-+
-+ *) Fix mod_include to not return ETag or Last-Modified headers.
-+ [Ian Holsman <ianh cnet.com>]
-+
-+ *) Fix worker MPM's scoreboard logic. [Aaron Bannert <aaron clove.org>]
-+
-+ *) Eliminate the wasteful run-time conversion of method names from strings
-+ to numbers in places where the methods are known at compile time.
-+ [Brian Pane <bpane pacbell.net>]
-+
-+ *) Turn the worker MPM's queue into a LIFO. This may
-+ improve cache-hit performance under some conditions.
-+ [Aaron Bannert <aaron clove.org>]
-+
-+ *) Switch back to SIGUSR1 for graceful restarts on all platforms that
-+ support it. [Justin Erenkrantz]
-+
-+ *) Cleanup the worker MPM. We no longer re-use transaction
-+ pools. This incurs less overhead than shuffling the pools
-+ around so that they can be re-used. Remove one of the
-+ queue's condition variables. We just redefined the API to
-+ state that you can't try to add more stuff than you allocated
-+ segments for. [Aaron Bannert <aaron clove.org>]
-+
-+ *) Fix SSL VPATH builds [Cody Sherr <csherr covalent.net>]
-+
-+ *) Fixed persistent connections when a request contains a body.
-+ [Greg Stein]
-+
-+ *) mod_dav uses a new API to speak to the backend provider for dead
-+ property management. [Greg Stein]
-+
-+ *) Remove the Win32 script-processing exception from mod_cgi, and
-+ roll build_command_line/build_argv_list into a unified, overrideable
-+ ap_cgi_build_command optional function. [William Rowe]
-+
-+ *) Rewrite find_start_sequence to use a better search algorithm
-+ to find the start tag. [Justin Erenkrantz]
-+
-+ *) Fix a seg fault in mod_include. When we are generating an
-+ internal redirect, we must set r->uri to "", not a bogus
-+ string, and not NULL. [Ryan Bloom]
-+
-+ *) Optimized location_walk, so subrequests, redirects and second passes
-+ now reuse previous section merges on a <Location > by <Location >
-+ basis, until we mismatch with the original location_walk.
-+ [William Rowe]
-+
-+ *) Back out the 1.45 change to util_script.c. This change made
-+ us set the environment variable REQUEST_URI to the redirected
-+ URI, instead of the originally requested URI.
-+ [Taketo Kabe <kabe sra-tohoku.co.jp>]
-+
-+ *) Make mod_include do lazy evaluation of potentially expensive to
-+ compute variables. [Brian Pane <bpane pacbell.net>]
-+
-+ *) Fix logging of bytes sent for HEAD requests. %b and %B should
-+ log either - or 0, before this patch, they were both logging
-+ the file size. [Taketo Kabe <kabe sra-tohoku.co.jp>]
-+
-+ *) Make mod_include check for BYTE_CHECK_THRESHOLD per bucket rather
-+ than per character. [Brian Pane <bpane pacbell.net>]
-+
-+ *) Normalize the primary request, redirects and sub-requests to
-+ run the same ap_process_request_internal for consistency in
-+ robustness, behavior and security. [William Rowe]
-+
-+ *) Fix a segfault with mod_include when r->path_info is not set
-+ (which is the case with mod_proxy). [Ian Holsman <ianh cnet.com>]
-+
-+ *) Add -X functionality back. This indicates to all MPMs and any other
-+ part of Apache that it should run in "debug" mode. [Justin Erenkrantz]
-+
-+ *) Some initial support for the cygwin platform [prefork only].
-+ This is not to be confused with support for the WinNT/Win32
-+ platform, which is the recommended configuration for native
-+ Win32 users. The cygwin platform support is recommended for
-+ cygwin platform users. [Stipe Tolj <tolj wapme-systems.de>]
-+
-+ *) Changed syntax of Set{Input|Output}Filter. The list of filters
-+ must be semicolon delimited (if more than one filter is given.)
-+ The Set{Input|Output}Filter directive now overrides a parent
-+ container's directive (e.g. SetInputFilter in <Directory /web/foo>
-+ will override any SetInputFilter directive in <Directory /web>.)
-+ This new syntax is more consistent with Add{Input|Output}Filter
-+ directives defined in mod_mime. Also cures a bug in prior releases
-+ where the Set{Input|Output}Filter directive would corrupt the
-+ global configuration if the multiple directives were nested.
-+ [William Rowe]
-+
-+ *) Cured what's ailed mime for quite some time. If an AddSomething
-+ was given in the configuration (Language, Charset, Handler or
-+ Encoding) Apache would set the content type as given by AddType,
-+ but refused to check the mime.types file if AddType wasn't given
-+ for that specific extension. Setting the AddHandler for .html
-+ without setting the AddType text/html html would cause Apache to
-+ use the default content type. [William Rowe]
-+
-+ *) Added some bulletproofing to memory allocation in the LDAP cache
-+ code. [Graham Leggett]
-+
-+Changes with Apache 2.0.25
-+
-+ *) Move the installed /manual directory out of the /htdocs/ tree, so
-+ that it can be kept more independently from the remaining document
-+ root. The "Alias /manual ..." already allowed for easy projection
-+ into existing private document trees. [Martin Kraemer]
-+
-+ *) Add specified user attributes to the environment when using
-+ mod_auth_ldap. This allows you to use mod_include to embed specified
-+ user attributes in a page like so:
-+ Hello <!--#echo var="AUTHENTICATE_CN"-->, how are you?
-+ [Graham Leggett]
-+
-+ *) Fix a performance problem with the worker MPM. We now create
-+ transaction pools once, and re-use them for each connection.
-+ [Aaron Bannert <aaron clove.org>]
-+
-+ *) Modfied mod_mime to prevent mod_negotation from serving a multiview
-+ of a 'handler' or 'filter', so that any filename extension that does
-+ not contribute to the negotiated metadata can't be served without
-+ an explicit request. E.g., if the .Z extension is associated with
-+ an unzip filter, the user request somefile.Z.html, mod_negotiation
-+ won't serve it. It can serve somefile.Z.html when somefile.Z is
-+ requested, since the .Z extension is explictly requested, if the
-+ .html extension is associated with ContentType text/html.
-+ [William Rowe]
-+
-+ *) Introduce the AddInputFilter filter[;filter...] ext [ext...]
-+ and corresponding AddOutputFilter syntax, to insert one or more
-+ filters by mod_mime filename extension processing.
-+ [William Rowe]
-+
-+ *) Fix a growing connection pool in core_output_filter() for
-+ keepalive requests. [Jeff Trawick]
-+
-+ *) Moved split_and_pass_pretag_buckets back to being a
-+ macro at Ryans's request. Removed the return from it
-+ by setting and returning a return code instead. Updated
-+ the code to check the return code from the macro and
-+ do the right thing. [Paul J. Reder]
-+
-+ *) Fix a segfault when a numeric value was received for Host:.
-+ [Jeff Trawick]
-+
-+ *) Add a function ap_remove_input_filter. This is to match
-+ up with ap_remove_output_filter. [Ryan Bloom]
-+
-+ *) Clean up location_walk, so that this step performs a minimum
-+ amount of redundant effort (it must be run twice, but it will no
-+ longer reparse all <Location > blocks when the request uri
-+ hadn't changed.) [William Rowe]
-+
-+ *) Eliminate proxy: (and all other 'special') processing from the
-+ ap_directory_walk() phase. Modules that want to use special
-+ walk logic should refer to the mod_proxy map_to_location example,
-+ with it's proxy_walk and proxysection implementation. This makes
-+ either directory_walk flavor much more legible, since that phase
-+ only runs against real <Directory > blocks.
-+ [William Rowe]
-+
-+ *) SECURITY: Fix a security problem in mod_include which would allow
-+ an SSI document to be passed to the client unparsed.
-+ [Cliff Woolley, Brian Pane]
-+
-+ *) Introduce the map_to_storage hook, which allows modules to bypass
-+ the directory_walk and file_walk for non-file requests. TRACE
-+ shortcut moved to http_protocol.c as APR_HOOK_MIDDLE, and the
-+ directory_walk/file_walk happen as APR_HOOK_VERY_LAST in core.c.
-+ [William Rowe]
-+
-+ *) Add the ability for mod_include to add the INCLUDES filter
-+ if the file is configured for the server-parsed handler.
-+ This makes the configuration for .shtml files much easier
-+ to understand, and allows mod_include to honor Apache 1.3
-+ config files. Based on Doug MacEachern's patch to PHP
-+ to do the same thing. [Ryan Bloom]
-+
-+ *) force OpenSSL to ignore process local-caching and to always
-+ get/set/delete sessions using mod_ssl's callbacks
-+ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>,
-+ Geoff Thorpe <geoff geoffthorpe.net>]
-+
-+ *) Make the worker MPM shutdown and restart cleanly. This also
-+ cleans up some race conditions, and gets the worker using
-+ pools more cleanly. [Aaron Bannert <aaron clove.org>]
-+
-+ *) Implement CRYPTO_set_locking_callback() in terms of apr_lock
-+ for mod_ssl
-+ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
-+
-+ *) Fix for mod_include. Ryan's patch to check error
-+ codes put a return in the wrong place. Also, the
-+ include handler return code wasn't being checked.
-+ I don't like macros with returns, so I converted
-+ SPLIT_AND_PASS_PRETAG_BUCKETS into a function.
-+ [Paul J. Reder <rederpj raleigh.ibm.com>]
-+
-+ *) fix segv in mod_mime if no AddTypes are configured
-+ [John Sterling <sterling covalent.net>]
-+
-+ *) Enable ssl client authentication at SSL_accept time
-+ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
-+
-+ *) Fix a segfault in mod_include when the original request has no
-+ associated filename (e.g., we're filtering the error document for
-+ a bad URI). [Jeff Trawick]
-+
-+ *) Fix a storage leak (a strdup() call) in mod_mime_magic. [Jeff Trawick]
-+
-+ *) The prefork and OS/2 MPMs are overwriting the pid file when a second copy
-+ of httpd is started and shuts down due to socket conflict. Moving the
-+ call to ap_log_pid solves the problem.
-+
-+ *) Changed the late-1.3 log_config substitution %c to %X, to log the
-+ status of the closed connection, as it conflicts with the far more
-+ common, historical ssl logging directive %...{var}c. [William Rowe]
-+
-+ *) Added the common error/ tree to the build/install targets
-+ (similar to the common icons/ tree) for the multi-language error
-+ messages that Lars committed earlier. [William Rowe]
-+
-+ *) Added a multi process, multi threaded OS/2 MPM mpmt_os2. [Brian Havard]
-+
-+ *) Added a default commented-out mod_ldap and mod_auth_ldap
-+ configuration to httpd-std.conf and httpd-win.conf
-+ [Graham Leggett]
-+
-+ *) Added documentation for mod_ldap and mod_auth_ldap.
-+ [Graham Leggett]
-+
-+ *) Enabled negative caching on attribute comparisons in the LDAP cache.
-+ Fixed a problem where the default cache TTL was set in milliseconds
-+ not microseconds causing the cache to time out almost immediately.
-+ [Graham Leggett]
-+
-+ *) Fixed all the #if APR_HAS_SHARED_MEMORY checks within the LDAP
-+ module code to follow APR. [Graham Leggett]
-+
-+ *) Fixed LDAP cleanup on graceful restarts. LDAP connections are now
-+ cleaned up when the connection pool pool is cleaned up.
-+ [Graham Leggett]
-+
-+ *) Fix a minor issue with Jeff Trawick's mod_include
-+ patch. Without this patch, the code will just allocate
-+ more bytes in get_combined_directive than are needed.
-+ [Paul Reder]
-+
-+ *) Added the LDAP authentication module mod_auth_ldap.
-+ [Dave Carrigan <dave rudedog.org>, Graham Leggett]
-+
-+ *) Added the LDAP cache and connection pooling module mod_ldap.
-+ [Dave Carrigan <dave rudedog.org>, Graham Leggett]
-+
-+ *) Fix --enable-modules=all breakage with mod_auth_db and mod_auth_digest
-+ by allowing a module to disable itself if its prerequisites are not
-+ met. [Justin Erenkrantz]
-+
-+Changes with Apache 2.0.24
-+
-+ *) Fix a couple of issues in mod_include when the tag appeared at
-+ offsets near 8192 in the file being parsed. [Jeff Trawick]
-+
-+ *) Fix an assertion failure in mod_ssl when the keepalive timeout is
-+ reached. [Jeff Trawick]
-+
-+ *) Numerous improvements to the Win32 build system. Introduced command line
-+ builds without requiring .mak files for MSVC 6.0 and later versions.
-+ Improved .dsp file compatibility for both Visual Studio 5.0 and 6.0 users.
-+ [William Rowe]
-+
-+ *) Assorted corrections and improvements to the winnt_mpm startup code. Better
-+ reporting of uninstalled services and other error conditions, and changed the
-+ default service name to Apache2. [William Rowe]
-+
-+ *) Numerous improvements to the Win32 ApacheMonitor utility, including winnt_mpm
-+ compatibility with existing Apache 1.3 Win32 Apache management utilites.
-+ [Mladen Turk <mturk mappingsoft.com>, William Rowe]
-+
-+ *) Fixed the segfaults in mod_mime introduced by hash tables in 2.0.20.
-+ [William Rowe, Greg Ames]
-+
-+ *) Rounded out the mod_mime Add/Remove pairs by adding RemoveLanguage
-+ and RemoveCharset directives. [William Rowe]
-+
-+ *) The Unix MPMs other than perchild now allow child server
-+ processes to use the accept mutex when starting as root and
-+ using SysV sems for the accept mutex. Previously, this
-+ combination would lead to fatal errors in the child server
-+ processes. perchild can't use SysV sems because of security
-+ issues. [Jeff Trawick, Greg Ames]
-+
-+ *) Added Win32 revision stamp resources to all http binaries
-+ (including modules/ and support/ tools.) PR7322 [William Rowe]
-+
-+ *) Fix ap_rvprintf to support more than 4K of data at one time.
-+ [Cody Sherr <csherr covalent.net>]
-+
-+ *) We have always used the obsolete/deprecated Netscape syntax
-+ for our tracking cookies; now the CookieStyle directive
-+ allows the Webmaster to choose the Netscape, RFC2109, or
-+ RFC2965 format. The new CookieDomain directive allows the
-+ setting of the cookie's Domain= attribute, too. PR #s 5006,
-+ 5023, 5920, 6140 [Ken Coar]
-+
-+ *) Tweak server/Makefile so that the rules for generating exports.c
-+ are compatible with make utilities which don't expand wildcards
-+ in a dependency list (e.g., OS/390 make, certain levels of GNU
-+ make). [Jeff Trawick]
-+
-+ *) Install the SSL headers. [John Sterling <sterling covalent.net>]
-+
-+ *) Begin to sanitize the MPM configuration directives. Now, all
-+ MPMs use the same functions for all common MPM directives. This
-+ should make it easier to catch all bugs in these directives once.
-+ [Cody Sherr <csherr covalent.net>]
-+
-+ *) Close a major resource leak. Every time we had issued a
-+ graceful restart, we leaked a socket descriptor.
-+ [Ryan Bloom]
-+
-+ *) Fix a problem with the new method code. We need to cast
-+ the 1 to an apr_int64_t or it will be treated as a 32-bit
-+ integer, and it will wrap after being shifted 32 times.
-+ [Cody Sherr <csherr covalent.net> and Ryan Morgan <rmorgan covalent.net>]
-+
-+ *) Fix a bug in mod_expires. Previous to this patch, if you
-+ told mod_expires to add 604800 seconds to the last-modified
-+ time, it actually added 604800 usec's to the last-modified time,
-+ so that when looking at the response it looked like nothing
-+ had been done. The root of the problem was that we always compute
-+ time in usec's, but we ask users to input sec's. This means we
-+ need to convert to usec's before using those values.
-+ [Ryan Bloom]
-+
-+ *) The worker MPM now handles shutdown and restart requests. It
-+ definitely isn't perfect, but we do stop the servers correctly.
-+ The biggest problem right now is that SIGHUP causes the server to
-+ just die. [Ryan Bloom]
-+
-+Changes with Apache 2.0.23
-+
-+ *) Use the prefork MPM by default on Unix. [various]
-+
-+ *) Added a systray icon monitor application for Win32.
-+ [Mladen Turk <mturk mappingsoft.com>]
-+
-+ *) mod_rewrite: Fix the line ending on some non-Unix systems for
-+ messages written to the rewrite log.
-+ [Richard Labennett <rlabenn us.ibm.com>]
-+
-+ *) All mod_autoindex query parsing is now quietly quashed with the
-+ IndexOption IgnoreClient. The IndexOption SuppressColumnSorting
-+ still drops the column sort <a href>'s for the column headers, but
-+ IgnoreClient is required to ignore these Query options entirely.
-+ [William Rowe]
-+
-+ *) Introduced new mod_autoindex query argument parsing for F=[0|1|2]
-+ to allow the client to select plain, FancyIndexing or HTMLTable
-+ formatting, V=[0|1] to inhibit or enable version sorting, and
-+ P=pattern to return only specific files. The old Query Arguments
-+ were reorganized as C=f for sorting column 'f' (same N, D, S, or M
-+ as before), and O=A|D for ordering ascending or descending.
-+ [William Rowe]
-+
-+ *) Fixed an error in mod_include's directive parsing routines which
-+ caused #if, #elif, and #else expressions containing backslashes
-+ to be improperly evaluated. [Cliff Woolley]
-+
-+ *) Introduced new mod_autoindex IndexOptions flags: SuppressIcon to
-+ drop the icon column, SuppressRules to drop the <hr> elements,
-+ and HTMLTable to create rudimentary HTML table listings (implies
-+ FancyIndexing). [William Rowe]
-+
-+ *) Re-introduced the mod_autoindex IndexOptions flag TrackModified
-+ from Apache 1.3.15. This is needed for two reasons, first, given
-+ multiple machines within a server farm, ETags and Last-Modified
-+ stamps won't correspond from machine to machine, and second, many
-+ Unixes don't capture changes to the date or time stamp of existing
-+ files, since these don't modify the dirent itself. [William Rowe]
-+
-+ *) Re-introduced the mod_autoindex IndexOptions flag FoldersFirst
-+ and DirectoryWidth options from Apache 1.3.10.
-+ [William Rowe, Ken Coar]
-+
-+ *) Eliminated FancyIndexing directive, deprecated early in Apache
-+ 1.3 by the IndexOptions FancyIndexing syntax. [William Rowe]
-+
-+ *) mod_autoindex now excludes any file names that would result in
-+ an error, other than a success or redirect. Also optimized
-+ the parent directory, always included except in the URI '/'.
-+ [William Rowe]
-+
-+ *) Refactored mod_negotiation and mod_mime to help mod_dir accept
-+ negotiated index pages, and prevent the server from defaulting
-+ to an autoindex of the directory. mod_negotiation will now die
-+ with a 500 Internal Error if it could match some filenames
-+ (e.g. for mod_dir) but none can be served. mod_negotation now
-+ refuses to serve any file with an extention that mod_mime doesn't
-+ recognize, and wasn't part of the request. [William Rowe]
-+
-+ *) Eliminate mod_cgi's handling of .exe files without the .exe file
-+ extension. This is already handled by multiviews, if the admin
-+ wishes to AddHandler .exe or define a content type handler and
-+ associate .exe files with that content type. Multiviews must be
-+ enabled to allow these to be served. [William Rowe]
-+
-+ *) Speed up the server's response to a spike in incoming workload
-+ or restarts by assigning empty scoreboard slots to new processes
-+ when they are available. [Greg Ames]
-+
-+ *) Add a handler to mod_includes.c. This handler is designed to
-+ implement the XbitHack directive. This can't be done with a
-+ fixup, because we need to check the content-type, which is
-+ only available in the handler phase. [Ryan Bloom]
-+
-+ *) Make the includes filter check return codes from filters lower in
-+ the filter chain. If a lower level filter returns an error, then
-+ the request needs to stop immediately. This allows mod_include to
-+ stop parsing data once a lower filter recognizes an error.
-+ [Ryan Bloom]
-+
-+ *) Add the ability to extend the methods that Apache understands
-+ and have those methods <limit>able in the httpd.conf. It uses
-+ the same bit mask/shifted offset as the original HTTP methods
-+ such as M_GET or M_POST, but expands the total bits from an int to
-+ an ap_int64_t to handle more bits for new request methods than
-+ an int provides. [Cody Sherr <csherr covalent.net>]
-+
-+ *) Fix broken mod_mime behavior in merging its arguments. Possible
-+ cause of unexplicable crashes introduced in 2.0.20. [William Rowe]
-+
-+ *) Solve many mod_ssl porting issues (too many to detail) with
-+ help from the whole team, but most notably [Ralf S. Engelschall,
-+ Madhusudan Mathihalli <madhusudan_mathihalli hp.com>,
-+ Doug MacEachern, William Rowe, Cliff Woolley]
-+
-+ *) More stall fixes for the threaded & worker mpm's.
-+ Make mod_status output more accurate. Don't
-+ count workers in processes which aren't actively
-+ serving requests. [Greg Ames]
-+
-+ *) Win32: Get SSI exec cgi tag working. [Bill Stoddard]
-+
-+ *) Add a single listener/multiple worker MPM. This MPM is
-+ definately not fully correct, but it allows us to solve many
-+ of the problems that exist in the threaded MPM. This is a
-+ modified version of the threaded MPM. [Ryan Bloom]
-+
-+ *) Improve content generation throughout Apache, providing closer
-+ compliance with HTML 3.2, HTML 4.01 Transitional and XHTML 1.0
-+ Transitional specifications. [William Rowe]
-+
-+Changes with Apache 2.0.22
-+
-+ *) Fix a problem where the threaded MPM stalls after restarts or
-+ segfaults. Also prevent multiple active processes from using
-+ the same scoreboard slot. [Greg Ames]
-+
-+ *) Apache/Win32 now fills in the service description with Apache's
-+ server version string, including loaded and advertised modules.
-+ [William Rowe]
-+
-+ *) Improved support for the Win32 build, to recover gracefully from
-+ missing apr or apr-util directories or the awk interpreter,
-+ create the proper cgi-bin examples, including a test-cgi.bat, and
-+ fix the perl shebang line for printenv.pl, when installing from
-+ the build environment. [William Rowe]
-+
-+ *) Fix a segfault in threaded.c caused by passing uninitialized
-+ apr_thread_t * to apr_thread_join(). [Jeff Trawick]
-+
-+ *) Use new APR number conversion functions to reduce CPU consumption
-+ when setting the content length, and in mod_log_config.
-+ [Brian Pane]
-+
-+ *) Fix problem reported by Taketo Kabe <kabe sra-tohoku.co.jp>
-+ where HEAD response headers were being repeated twice for
-+ files greater than 32K bytes (4*AP_MIN_BYTES_TO_WRITE). This
-+ problem in the http_header filter was exposed by the recent rewrite
-+ of the content_length filter. [Taketo Kabe, Bill Stoddard]
-+
-+ *) Fix seg faults in mod_status with ExtendedStatus enabled, after
-+ restarts. A garbage pointer to a vhost's server_rec from the
-+ previous generation was being left around under certain
-+ conditions. [Greg Ames]
-+
-+ *) Fix a cosmetic problem with mod_include. Non-existant SSI vars
-+ used to appear as '(none', without the closing paren.
-+ [Günter Knauf <eflash gmx.net>]
-+
-+ *) Improve the exports generating awk script. In the past, we had
-+ work around problems in the awk script by avoiding some #if and
-+ #ifdefs. This has bitten us many times in generating the exports.c
-+ file. This improvement allows corrects the header file parsing.
-+ [Sander Striker <striker apache.org>]
-+
-+Changes with Apache 2.0.21
-+
-+ *) Resolve the Win32 htpasswd bug, where a file that existed would be
-+ overwritten, regardless of the -c flag.
-+ [William Rowe, Mladen Turk <mladen.turk mail.inet.hr>]
-+
-+ *) Introduce connection sub-pools into ab. Truncating the lifetime
-+ of these allocations means that ab no longer perpetually grows
-+ its working set, running out of memory on large request attempts.
-+ [William Rowe]
-+
-+ *) Make scoreboard creation a hook. This allows management
-+ modules to have access to the scoreboard at the time that it is
-+ created, and at every restart request.
-+ [Cody Sherr <csherr covalent.net>]
-+
-+ *) Changed AP_MPMQ_MAX_DAEMONS to refer to MaxClients and
-+ added an AP_MPMQ_MAX_DAEMON_USED to refer to the highest
-+ daemon index actually used in the scoreboard. I also
-+ updated the pertinent calls. [Paul J. Reder]
-+
-+ *) Win32: Prevent listening sockets from being inherited by
-+ the Apache child process, CGI scripts, rotatelog process
-+ etc. If the Apache child process segfaults, any processes
-+ that the child started are not reaped. Prior to this fix,
-+ these processes inherited the listening sockets which sometimes
-+ prevented the restarted Apache child process from accepting
-+ connections (ie, the server would hang).
-+ [Bill Stoddard]
-+
-+ *) Provide vhost and request strings when ExtendedStatus is on.
-+ [Greg Ames]
-+
-+ *) Fix some issues with the pod and prefork: check the pod *after*
-+ processing a connection so that a server processing a time-
-+ consuming request bails out as soon as practical; when the
-+ parent process wakes up a server process via connect(), use an
-+ APR timeout on the connect() so that we don't hang for a long
-+ time if there aren't server processes around to do accept().
-+ [Jeff Trawick, Greg Ames]
-+
-+ *) Performance improvement to mod_mime.c. find_ct() in mod_mime,
-+ spends a lot of time in apr_table_get calls. Using the default
-+ httpd.conf, the tables for languages and charsets are somewhat
-+ large, so the time spent scanning them on each request is
-+ significant. Replacing the tables with hash tables provides
-+ a nice speedup. [Brian Pane <bpane pacbell.net>]
-+
-+ *) Add two functions to allow modules to access random parts of the
-+ scoreboard. This allows modules compiled for one MPM to access the
-+ scoreboard, even if it the server was compiled for another MPM.
-+ [Harrie Hazewinkel <harrie covalent.net>]
-+
-+Changes with Apache 2.0.20
-+
-+ *) Fix problem in content-length filter where the filter would
-+ buffer all the output from a CGI before sending any bytes
-+ down the filter stack to the network. This problem would cause
-+ significant memory consumption if the CGIs generated
-+ lots of bytes. [Bill Stoddard]
-+
-+ *) Get non-blocking CGI pipe reads working with the bucket brigades.
-+ [Bill Stoddard]
-+
-+ *) Fix seg fault on Windows when serving files cached with mod_file_cache.
-+ [Bill Stoddard]
-+
-+ *) Fix a bug in the threaded MPM that would cause it to kill off all
-+ workers immediately after starting if the number of workers started
-+ was above a certain threshold. [Ryan Bloom, Bill Stoddard]
-+
-+Changes with Apache 2.0.19
-+
-+ *) Fix problem with threaded MPM. The problem was that if each child
-+ process was busy serving a single long-lived request and the server
-+ was sent a graceful restart signal, the server would stop serving
-+ requests. This would happen because each child process would wait to
-+ die until the last thread was done, and the parent wouldn't spawn any
-+ new children until a process died. Now, the parent looks at the fact
-+ that the children are dying gracefully, and starts new children.
-+ Those new children only start enough threads to compliment the number
-+ of threads in the other child process that shares the same spot in
-+ the scoreboard. In this way, we make sure to never go over
-+ MaxClients. [Ryan Bloom]
-+
-+ *) modified mod_negotiation and mod_autoindex to speed up by almost a
-+ factor of two on apr_dir_read()-enhanced platforms, such as Win32
-+ and OS2, by calling ap_sub_request_lookup_dirent() with the results
-+ already provided by apr_dir_read(). [William Rowe]
-+
-+ *) mod_file_cache is now more robust to filtering and serves requests
-+ slightly more efficiently. [Cliff Woolley]
-+
-+ *) Fix problem handling FLUSH bucket in the chunked encoding filter.
-+ Module was calling ap_rwrite() followed by ap_rflush() but the
-+ served content was not being displayed in the browser. Inspection
-+ of the output stream revealed that the first data chunk was
-+ missing the trailing CRLF required by the RFC. [Bill Stoddard]
-+
-+ *) apxs no longer generates ap_send_http_header() in the example handler
-+
-+ *) Fix an ab problem which could cause a divide-by-zero exception
-+ with certain invocations (e.g., ab -k -c 6 -n 100 localhost/).
-+ [Ian Holsman <ianh cnet.com>]
-+
-+ *) Solve case-insensitive platforms' confusion about negotiated
-+ filenames, allowing files of differnt case to match in choosing
-+ the document to serve. [William Rowe]
-+
-+ *) Fix brokenness when ThreadsPerChild is higher than the built-in
-+ limit. We left ap_threads_per_child at the higher value which
-+ led to segfaults when doing certain scoreboard operations.
-+ [Jeff Trawick]
-+
-+ *) Fix seg faults and/or missing output from mod_include. The
-+ default_handler was using the subrequest pool for files and
-+ MMAPs, even though the associated APR structures typically
-+ live longer than the subrequest. [Greg Ames]
-+
-+ *) Extend mod_setenvif to support specifying regular expressions
-+ on the SetEnvIf (and SetEnvIfNoCase) directive attribute field.
-+ Example: SetEnvIf ^TS* [a-z].* HAVE_TS
-+ will cause HAVE_TS to be set if any of the request headers begins
-+ with "TS" and has a value that begins with any character in the
-+ set [a-z]. [Bill Stoddard]
-+
-+ *) httpd children now re-bind themselves to a random CPU on
-+ multiprocessor systems on AIX via bindprocessor() in 2.0.
-+ [Victor J. Orlikowski]
-+
-+ *) Fix htdigest. It would go into a loop in getline when adding
-+ a second user. [Bill Stoddard]
-+
-+ *) Win32 platforms now fully support mod_userdir options. [Will Rowe]
-+
-+ *) Automatically generate httpd.exp for AIX.
-+ DSOs now work again on AIX in 2.0
-+ [Victor J. Orlikowski]
-+
-+ *) Add a new request hook, error_log. This phase allows modules
-+ to act on the error log string _after_ it has been written
-+ to the error log. The goal for this hook is to allow monitoring
-+ modules to send the error string to the monitoring agent.
-+ [Ryan Bloom]
-+
-+ *) Modify mod_echo to make it use filters for input and output.
-+ [Ryan Morgan <rmorgan covalent.net>]
-+
-+ *) Extend mod_headers to support conditional driven Header
-+ add, append and set. Use SetEnvIf to set an envar and conditionally
-+ add/append/set headers based on this envar thusly:
-+
-+ SetEnvIf TSMyHeader value HAVE_TSMyHeader
-+ Header add MyHeader "%t %D" env=HAVE_TSMyHeader
-+
-+ If the request contains header "TSMyHeader: value" then header
-+ MyHeader: "t=xxxxxxxxxx D=yyyy" will be sent on the response.
-+ [Bill Stoddard]
-+
-+ *) Extend mod_headers to support using format specifiers on Header
-+ add, append and set header values. Two format specifiers are supported:
-+
-+ %t - reports, in UTC microseconds since the epoch, when the
-+ request was received.
-+
-+ %D - reports the time, in microseconds, between when the request was
-+ received and the response sent.
-+
-+ Examples:
-+ Header add MyHeader "This request served in %D microseconds. %t"
-+
-+ results in a header being added to the response that looks like this:
-+
-+ MyHeader: This request served in D=5438 microseconds. t=991424704447256
-+
-+ [Bill Stoddard]
-+
-+ *) Fix reset_filter(). We need to be careful how we remove filters.
-+ If we set r->output_filters to NULL, we also have to reset the
-+ connection's filters. [John Sterling]
-+
-+ *) Optimise reset_filter() in http_protocol.c. [Greg Stein]
-+
-+ *) Add a check to ap_die() to make sure the filter stack is sane and
-+ contains the correct basic filters when an error occurs. This fixes
-+ a problem where headers are not being sent on error. [John Sterling]
-+
-+ *) New Header directive 'echo' option. "Header echo regex" will
-+ cause any headers received on the request that match regex to be
-+ echoed to (included in) the response headers.
-+ [Bill Stoddard]
-+
-+ *) include/ap_compat.h tested and set APR_COMPAT_H instead of AP_COMPAT_H.
-+ This prevented the inclusion of apr_compat.h. PR #7773
-+ [Oleg Broytmann <phd phd.pp.ru>]
-+
-+ *) Moved util_uri to the apr-util library. This required a bunch of
-+ apr_name changes for the uri utility functions. [Justin Erenkrantz]
-+
-+ *) Move the addition of default AP_HTTP_HTTP_HEADER filters to the
-+ insert_filter phase so that other filters are not bypassed by default.
-+ [Graham Leggett]
-+
-+ *) Reimplement mod_headers as an output filter. mod_headers can now
-+ add custom headers to inbound requests using the RequestHeader directive
-+ and to responses using the same old Header directive. [Graham Leggett]
-+
-+Changes with Apache 2.0.18
-+
-+ *) Fix command-line processing so that if a bad argument is specified
-+ Apache will exit. [Jeff Trawick]
-+
-+ *) Change the make targets and rules to be consistent in all of the
-+ Apache-owned source trees. [Roy Fielding]
-+
-+ *) Fix processing of the TRACE method. Previously we passed bogus
-+ parms to form_header_field() and it overlaid some vhost structures,
-+ resulting in a segfault in check_hostalias().
-+ [Greg Ames, Jeff Trawick]
-+
-+ *) Win32: Add support for reliable piped logs. If the logging process
-+ goes down, Apache will automatically restart it. This function has
-+ been part of Apache on Unix/Linux/BSD since the early v1.3 releases.
-+ [Bill Stoddard]
-+
-+ *) Do not start piped log processes during the config file
-+ preflight. This change also circumvents a problem on
-+ Windows where the rotatelog processes created during preflight
-+ was not getting cleaned up properly.
-+ [Bill Stoddard]
-+
-+ *) add "Request Phase Participation" info to mod_info
-+ [Doug MacEachern]
-+
-+ *) Make first phase changes to the scoreboard data structures in
-+ preparation for the rewriting of the scoreboard per my posted
-+ design notes. [Paul J. Reder]
-+
-+ *) Fix httpd's definition of LTFLAGS to be consistent with that of apr
-+ and apr-util, allow it to be overridden by the configure command-line
-+ (default="--silent") and introduce LT_LDFLAGS to replace what we were
-+ formerly abusing as LTFLAGS. [Roy Fielding]
-+
-+ *) Clean up the reporting of incorrect closing container tags.
-+ [Barrie Slaymaker <barries slaysys.com>]
-+
-+ *) Simplify the configure process by moving all libtool stuff to APR
-+ and moving hints.m4 inline. [Roy Fielding]
-+
-+ *) Add the AP_DECLARE()/AP_CORE_DECLARE macros on the return types
-+ of functions used by mod_proxy for export in the DLL
-+ [Ian Holsman <IanH cnet.com>]
-+
-+ *) Prevent a hang when a cgi handled by mod_cgid tries to read a
-+ request body from its stdin but no reqest body is being written to
-+ the cgi. [Jeff Trawick]
-+
-+ *) mod_log_config: %c connection status incorrectly logged
-+ as "-" (non-keepalive) when MaxKeepAliveRequests is set to 0.
-+ [Bill Stoddard]
-+
-+ *) Get mod_cern_meta working under Windows
-+ [Bill Stoddard]
-+
-+ *) Create Files, and thus MMAPs, out of the request pool, not the
-+ connection pool. This solves a small resource leak that had us
-+ not closing files until a connection was closed. In order to do
-+ this, at the end of the core_output_filter, we loop through the
-+ brigade and convert any data we have into a single HEAP bucket
-+ that we know will survive clearing the request_rec.
-+ [Ryan Bloom, Justin Erenkrantz <jerenkrantz ebuilt.com>,
-+ Cliff Woolley]
-+
-+ *) Completely revamp configure so that it preserves the standard make
-+ variables CPPFLAGS, CFLAGS, CXXFLAGS, LDFLAGS and LIBS by moving
-+ the configure additions to EXTRA_* variables. Also, allow the user
-+ to specify NOTEST_* values for all of the above, which eliminates the
-+ need for THREAD_CPPFLAGS, THREAD_CFLAGS, and OPTIM. Fix the setting
-+ of INCLUDES and EXTRA_INCLUDES. Check flags as they are added to
-+ avoid pointless duplications. Fix the order in which flags are given
-+ on the compile and link lines. Remove obsolete macros APR_DOEXTRA,
-+ AC_ADD_LIBRARY, AC_CHECK_DEFINE, APACHE_PASSTHRU, and APACHE_ONCE.
-+ Added APR_SAVE_THE_ENVIRONMENT and APR_RESTORE_THE_ENVIRONMENT macros.
-+ Renamed AC_TYPE_RLIM_T macro to APACHE_TYPE_RLIM_T. [Roy Fielding]
-+
-+ *) Get mod_tls to compile/work better on Windows. PR #7612
-+ [Bernhard Schrenk <b.schrenk improx.com>]
-+
-+ *) Fix shutdown/restart hangs in the threaded MPM.
-+ [Jeff Trawick, Greg Ames, Ryan Bloom]
-+
-+ *) Removed the keptalive boolean from conn_rec because it is now only
-+ used by a single routine and can be replaced by a local variable.
-+ [Greg Stein, Ryan Bloom, Roy Fielding]
-+
-+ *) Patch prefork to put enough of the signal processing back in so that
-+ signals are all handled properly now. The previous patch fixed the
-+ deadlock race condition, but broke the user directed signal handling.
-+ This fixes it to work the way it did before my previous prefork patch
-+ (primarily, SIGTERM is now working).
-+
-+ *) Change how input filters decide how much data is returned to the
-+ higher filter. We used to use a field in the conn_rec, with this
-+ change, we use an argument to ap_get_brigade to determine how much
-+ data is retrieved. [Ryan Bloom]
-+
-+ *) Fix seg fault at start-up introduced by Ryan's change to enable
-+ modules to specify their own logging tags. mod_log_config
-+ registers an optional function, ap_register_log_handler().
-+ ap_register_log_handler() was being called by http_core before
-+ the directive hash table was created. This patch creates the
-+ directive hash table before ap_register_log_handler() is
-+ registered as an optional function.
-+ [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>]
-+
-+ *) Add ap_set_int_slot() function
-+ [John K. Sterling <sterling covalent.net>]
-+
-+ *) Under certain circumstances, Apache did not supply the
-+ right response headers when requiring authentication.
-+ [Gertjan van Wingerde <Gertjan.van.Wingerde cmg.nl>] PR#7114
-+ (This is a port of the change that went into Apache 1.3.19.)
-+
-+ *) Allow modules to specify their own logging tags. This basically
-+ allows a module to tell mod_log_config that when %x is encountered
-+ a specific function should be called. Currently, x can be any single
-+ character. It may be more useful to make this a string at some point.
-+ [Ryan Bloom]
-+
-+Changes with Apache 2.0.17
-+
-+ *) If a higher-level filter handles the byterange aspects of a
-+ request, then the byterange filter should not try to redo the
-+ work. The most common case of this happening, is a byterange
-+ request going through the proxy, and the origin server handles
-+ the byterange request. The proxy should ignore it.
-+ [Graham Leggett <minfrin sharp.fm>]
-+
-+ *) Changed the threaded mpm to have child_main join to each of the
-+ worker threads to make sure the kids are all gone before child_main
-+ exits after a signal (cleanup from perform_idle_server_maintenance).
-+ This is an extension of Ryans recent commit to make the child_main
-+ the signal thread.
-+
-+ *) Add more options to the ap_mpm_query function. This also allows MPMs to
-+ report if their threads are dynamic or static. Finally, this also
-+ implements a new API, ap_show_mpm, which returns the MPM that was
-+ required into the core. [Harrie Hazewinkel <harrie covalent.net>]
-+
-+ *) Do not install the binaries from the support directory twice.
-+ [jun-ichiro hagino <itojun iijlab.net>]
-+
-+ *) The ap_f* functions should flush data to the filter that is passed
-+ in, not the filter after the one passed in.
-+ [Ryan Morgan <rmorgan covalent.net>]
-+
-+ *) Make ab work again by changing its native types to apr types and formats.
-+ [Justin Erenkrantz <jerenkrantz ebuilt.com>]
-+
-+ *) Move the byterange filter and all of the supporting functions back
-+ to the HTTP module. The byterange filter turned out to be very
-+ HTTP specific, and it belongs in the HTTP module. [Greg Stein]
-+
-+ *) Make clean, distclean, and extraclean consistently according to the
-+ Gnu makefile guidelines. [Justin Erenkrantz <jerenkrantz ebuilt.com>]
-+
-+ *) Fix errors in the renaming of the apr_threadattr_detach_xxx functions.
-+ This may have been causing problems stopping processes in the threaded
-+ mpm's. [Greg Ames]
-+
-+ *) Fix content-length in mod_negotiation to a long int representation.
-+ [William Rowe]
-+
-+ *) Remove BindAddress from the default config file.
-+ [<giles nemeton.com.au>]
-+
-+ *) Allow module authors to add a module to their Apache build using
-+ --with-module, without re-running buildconf. The syntax is:
-+ --with-module=module_type:/path/to/module.c
-+ The configure script will copy the module.c file to
-+ modules/module_type, and it will be added to the relevant Makefiles.
-+ currently, this only works for static modules. [Ryan Bloom]
-+
-+ *) Changes required to make prefork clean up idle children properly.
-+ There was a window during which a starting worker deadlocks when
-+ an idle cleanup arrives before it completes init. Apache then keeps
-+ trying to cleanup the same deadlocked worker forever (until higher
-+ pids come along, but it still will never reduce below the deadlocked
-+ pid). Thus the number of children would not reduce to the correct
-+ idle level. [Paul J. Reder]
-+
-+Changes with Apache 2.0.16
-+
-+ *) Change the default installation directory to /usr/local/apache2,
-+ as now defined by the "Apache" layout in config.layout. [Marc Slemko]
-+
-+ *) OS/2: Added support for building loadable modules as OS/2 DLLs.
-+ [Brian Havard]
-+
-+ *) Get MaxRequestsPerChild working with the Windows MPM.
-+ [Bill Stoddard]
-+
-+ *) Make generic hooks to work, with mod_generic_hook_import/export
-+ experimental modules. [Ben Laurie, Will Rowe]
-+
-+ *) Fix segfaults for configuration file syntax errors such as
-+ "<Directory>" followed by "</Directory" and
-+ "<Directory>" followed by "</Directoryz>". [Jeff Trawick]
-+
-+ *) Cleanup the --enable-layout option of configure. This makes
-+ us use a consistent location for the config.layout file, and it
-+ makes configure more portable.
-+ [jun-ichiro hagino <itojun iijlab.net>]
-+
-+ *) Changes to 'ab'; fixed int overrun's, added statistics, output in
-+ csv/gnuplot format, rudimentary ssl support and various other tweaks
-+ to make results more true to what is measured. The upshot of this it
-+ turns out that 'ab' has often underreported the true performance of
-+ apache. Often by a order of magnitude :-) See talk/paper of Sander
-+ Temme at April ApacheCon 2001 for details.
-+ [Dirk-Willem van Gulik]
-+
-+ *) Clean up mod_cgid's temporary request pool. Besides fixing a
-+ storage leak this ensures that some unnecessary pipes are closed.
-+ [Jeff Trawick]
-+
-+ *) Performance: Add quick_handler hook. This hook is called at the
-+ very beginning of the request processing before location_walk,
-+ translate_name, etc. This hook is useful for URI keyed content
-+ caches like Mike Abbott's Quick Shortcut Cache.
-+ [Bill Stoddard]
-+
-+ *) top_module global variable renamed to ap_top_module [Perl]
-+
-+ *) Move ap_set_last_modified to the core. This is a potentially
-+ controversial change, because this is kind of HTTP specific. However
-+ many protocols should be able to take advantage of this kind of
-+ information. I expect that headers will need one more layer of
-+ indirection for multi-protocol work, but this is a small step in
-+ the right direction. [Ryan Bloom]
-+
-+ *) Enable mod_status by default. This matches what Apache 1.3 does.
-+ [Ed Korthof]
-+
-+ *) Add a ScriptSock directive to the default config file. This is
-+ only enabled when mod_cgid is used.
-+ [Taketo Kabe <kabe sra-tohoku.co.jp>]
-+
-+Changes with Apache 2.0.15
-+
-+ *) Untangled the buildconf script and eliminated the need for build's
-+ aclocal.m4, generated_lists, build.mk, build2.mk, and a host of other
-+ libtool muck that is now under srclib/apr/build. [Roy Fielding]
-+
-+ *) Win32: Don't accept more connections than we have worker threads
-+ to handle.
-+ [Bill Stoddard]
-+
-+ *) Fix bug in the Unix threaded.c MPM that allowed child processes
-+ to fork() new child processes.
-+ [Bill Stoddard]
-+
-+ *) SECURITY: Fix a major security problem with double-reverse lookup
-+ checking. Previously, a client connecting over IPv4 would not be
-+ matched properly when the server had an IPv6 listening socket.
-+ PR #7407 [Taketo Kabe <kiabe sra-tohoku.co.jp>]
-+
-+ *) Change the way the beos MPM handles polling to allow it to stop and
-+ restart. Problem was the sockets being polled were being reset by
-+ the select call, so once it had accepted a connection it was no
-+ longer listening on the UDP socket we use for shutdown instructions.
-+ APR needs to be altered, patch on it's way. [David Reid]
-+
-+ *) Empty out the brigade shared by ap_getline()/ap_get_client_block()
-+ on error exit from ap_getline(). Some other code got upset because
-+ the wrong data was in the brigade. [Greg Ames, Jeff Trawick]
-+
-+ *) Handle ap_discard_request_body() being called more than once.
-+ [Greg Ames, Jeff Trawick]
-+
-+ *) Get rid of an inadvertent close of file descriptor 2 in
-+ mod_mime_magic. [Greg Ames, Jeff Trawick]
-+
-+ *) Add a hook, create_request. This hook allows modules to modify
-+ a request while it is being created. This hook is called for all
-+ request_rec's, main request, sub request, and internal redirect.
-+ When this hook is called, the r->main, r->prev, r->next
-+ pointers have been set, so modules can determine what kind of
-+ request this is. [Ryan Bloom]
-+
-+ *) Cleanup the build process a bit more. The Apache configure
-+ script no longer creates its own helper scripts, it just
-+ uses APR's.
-+ [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>]
-+
-+ *) Stop the forced downgrade of the connection to HTTP/1.0 for
-+ proxy requests. [Graham Leggett]
-+
-+ *) Avoid using sscanf to determine the HTTP protocol number in
-+ the common case because sscanf is a performance hog. From
-+ Mike Abbot's Accelerating Apache patch number 6.
-+ [Mike Abbot <mja trudge.engr.sgi.com>, Bill Stoddard]
-+
-+ *) SECURITY: Fix a security exposure in mod_access. Previously when
-+ IPv6 listening sockets were used, allow/deny-from-IPv4-address rules
-+ were not evaluated properly (PR #7407). Also, add the ability to
-+ specify IPv6 address strings with optional prefix length on Allow
-+ and Deny. [Jeff Trawick]
-+
-+ *) Enhance rotatelogs so that a UTC offset can be specified, and
-+ the logfile name can be formatted using strftime(3). (Brought
-+ forward from 1.3.) [Ken Coar]
-+
-+ *) Reimplement the Windows MPM (mpm_winnt.c) to eliminate calling
-+ DuplicateHandle on an IOCompletionPort (a practice which
-+ MS "discourages"). The new model does not rely on associating
-+ the completion port with the listening sockets, thus the
-+ completion port can be completely managed within the child
-+ process. A dedicated thread accepts connections off the network,
-+ then calls PostQueuedCompletionStatus() to wake up worker
-+ threads blocked on the completion port.
-+ [Bill Stoddard]
-+
-+ *) Bring forward the --suexec-umask option which allows the
-+ builder to preset the umask for suexec processes. [Ken Coar]
-+
-+ *) Add a -V flag to suexec, which causes it to display the
-+ compile-time settings with which it was built. (Only
-+ usable by root or the AP_HTTPD_USER username.) [Ken Coar]
-+
-+ *) Mod_include should always unset the content-length if the file is
-+ going to be passed through send_parsed_content. There is no to
-+ determine if the content will change before actually scanning the
-+ entire content. It is far safer to just remove the C-L as long
-+ as we are scanning it. [Ryan Bloom]
-+
-+ *) Make sure Apache sends WWW-Authenticate during a reverse proxy
-+ request and not Proxy-Authenticate.
-+ [Graham Leggett <minfrin sharp.fm>]
-+
-+Changes with Apache 2.0.14
-+
-+ *) Fix content-length computation. We ONLY compute a content-length if
-+ We are not in a 1.1 request and we cannot chunk, and this is a keepalive
-+ or we already have all the data. [Ryan Bloom]
-+
-+ *) Report unbounded containers in the config file. Previously, a typo
-+ in the </container> directive could result in the rest of the config
-+ file being silently ignored, with undesired defaults used.
-+ [Jeff Trawick]
-+
-+ *) Make the old_write filter use the ap_f* functions for the buffering.
-+ [Ryan Bloom]
-+
-+ *) Move more code from the http module into the core server. This
-+ is core code, basically the default handler, the default input
-+ and output filters, and all of the core configuration directives.
-+ All of this code is required in order for the server to work, with or
-+ without HTTP. The server is closer to working without the HTTP
-+ module, although there is still more to do. [Ryan Bloom]
-+
-+ *) Fix a number of SGI compile warnings throughout the server. Fix some
-+ bad parameters to apr_bucket_read(). Fix a bad statement in
-+ ap_method_in_list(). For the mod_rewrite cache use apr_time_t
-+ consistently; we were mixing apr_time_t and time_t in invalid ways
-+ before. In load_file(), call apr_dso_error() instead of
-+ apr_strerror() so that we get a more specific string on some platforms.
-+ PR #6980 [Jeff Trawick]
-+
-+ *) Allow modules to query the MPM about it's execution profile. This
-+ query API can and should be extended in the future, but for now,
-+ max_daemons, and threading or forking is a very good start.
-+ [Jon Travis <jtravis covalent.net>]
-+
-+ *) Modify mod_include to send blocks of data no larger than 9k.
-+ Without this, mod_include will wait until the whole file is parsed,
-+ or the first tag is found to send any data to the client.
-+ [Paul J. Reder <rederpj raleigh.ibm.com>]
-+
-+ *) Fix mod_info, so that <Directory> and <Location> directives are
-+ not displayed twice when displaying the current configuration.
-+ [Ryan Morgan <rmorgan covalent.net>]
-+
-+ *) Add config directives to override DEFAULT_ERROR_MSG and
-+ DEFAULT_TIME_FORMAT. This was sent in as PR 6193.
-+ [Dan Rench <drench xnet.com>]
-+
-+ *) Get mod_info building and loading on Win32. [William Rowe]
-+
-+ *) Begin to move protocol independant functions out of mod_http. The goal
-+ is to have only functions that are HTTP specific in the http directory.
-+ [Ryan Bloom]
-+
-+Changes with Apache 2.0.13
-+
-+ *) Don't assume that there will always be multiple calls to the byterange
-+ filter. It is possible that we will need to do byteranges with only
-+ one call to the filter. [Ryan Morgan <rmorgan covalent.net>]
-+
-+ *) Move the error_bucket definition from the http module to the
-+ core server. Every protocol will need this ability, not just
-+ HTTP. [Ryan Bloom]
-+
-+Changes with Apache 2.0.12
-+
-+ *) Modify mod_file_cache to save pre-formatted strings for
-+ content-length and last-modified headers for performance.
-+ [Mike Abbot <mja trudge.engr.sgi.com>]
-+
-+ *) Namespace protect IOBUFSIZ since it is exposed in the API.
-+ [Jon Travis <jtravis covalent.net>]
-+
-+ *) Use "Basic" authentication instead of "basic" in ab, as the spec
-+ says we should. [Andre Breiler <andre.breiler rd.bbc.co.uk>]
-+
-+ *) Fix a seg fault in mod_userdir.c. We used to use the pw structure
-+ without ever filling it out. This fixes PR 7271.
-+ [Taketo Kabe <kabe sra-tohoku.co.jp> and
-+ Cliff Woolley <cliffwoolley yahoo.com>]
-+
-+ *) Add a couple of GCC attribute tags to printf style functions.
-+ [Jon Travis <jtravis covalent.net>]
-+
-+ *) Add the correct language tag for interoperation with the Taiwanese
-+ versions of MSIE and Netscape. [Clive Lin <clive CirX.ORG>] PR#7142
-+
-+ *) Migrate the perchild MPM to use the new apr signal child, and
-+ APR thread functions. [Ryan Bloom]
-+
-+ *) Close one copy of the CGI's stdout before creating the new process.
-+ The CGI will still have stdout, because we have already dup'ed it.
-+ This keeps Apache from waiting forever to send the results of a CGI
-+ process that has forked a long-lived child process.
-+ [Taketo Kabe <kabe sra-tohoku.co.jp>]
-+
-+ *) Remove the rest of the pthreads functions from the threaded MPM.
-+ This requires the APR support for a signal thread that was just
-+ added. [Ryan Bloom]
-+
-+ *) Make mod_dir use a fixup for sending a redirect to the browser.
-+ Before this, we were using a handler, which doesn't make much
-+ sense, because the handler wasn't generating any data, it would
-+ either return a redirect error code, or DECLINED. This fits the
-+ current hooks better. [Ryan Morgan <rmorgan covalent.net>]
-+
-+ *) Make the threaded MPM use APR threads instead of pthreads.
-+ [Ryan Bloom]
-+
-+ *) Get mod_tls to the point where it actually appears to work in all cases.
-+ [Ben Laurie]
-+
-+ *) implement --enable-modules and --enable-mods-shared for "all" and
-+ "most". [Greg Stein]
-+
-+ *) Move the threaded MPM to use APR locks instead of pthread locks.
-+ [Ryan Bloom]
-+
-+ *) Rename mpmt_pthread to threaded. This is more in line with the
-+ fact that mpmt_pthread shouldn't be using pthreads directly, and
-+ it is a smaller name that doesn't tie into anything.
-+ [Ryan Bloom]
-+
-+ *) Rename the module structures so that the exported symbol matches
-+ the file name, and it is easier to automate the installation
-+ process (generating LoadModule directives from the module filenames).
-+ [Martin Kraemer]
-+
-+ *) Remove the coalesce filter. With the ap_f* functions, this filter
-+ is no longer needed. [Ryan Bloom]
-+
-+Changes with Apache 2.0.11
-+
-+ *) Remove the dexter MPM. Perchild is the same basic idea, but it has the
-+ added feature of allowing a uid/gid per child process. If no
-+ uid/gid is specified, then Perchild behaves exactly like dexter.
-+ [Ryan Bloom]
-+
-+ *) Get perchild building again. [Ryan Bloom]
-+
-+ *) Don't disable threads just because we are using the prefork MPM.
-+ If somebody wants to compile without threads, they must now add
-+ --disable-threads to the configure command line. [Ryan Bloom]
-+
-+ *) Begin to move the calls to update_child_status into common code, so
-+ that each individual MPM does not need to update the scoreboard itself.
-+ [Ryan Bloom]
-+
-+ *) Allow mod_tls to compile under Unix boxes where openssl has been
-+ installed to the system include files.
-+ [Gomez Henri <new-httpd slib.fr>]
-+
-+ *) Cleanup the mod_tls configure process. This should remove any need
-+ to hand-edit any files. We require OpenSSL 0.9.6 or later, but
-+ configure doesn't check that yet. [Ryan Bloom]
-+
-+ *) Add a very early prototype of SSL support (in mod_tls.c). It is
-+ vital that you read modules/tls/README before attempting to build
-+ it. [Ben Laurie]
-+
-+ *) Fix a potential seg fault on all platforms. David Reid fixed this
-+ on BEOS, but the problem could happen anywhere, so we don't want
-+ to #ifdef it. [Cliff Woolley <cliffwoolley yahoo.com>]
-+
-+ *) Add new LogFormat directive, %D, to log time it takes to serve a
-+ request in microseconds. [Bill Stoddard]
-+
-+ *) Change AddInputFilter and AddOutputFilter to SetInputFilter and
-+ SetOutputFilter. This corresponds nicely with the other Set
-+ directives, which operate on containers while the Add* directives
-+ tend to work directly on extensions. [Ryan Bloom]
-+
-+ *) Cleanup the header handling a bit. This uses the apr_brigade_*
-+ functions for the buffering so that we don't need to compute
-+ the length of the headers before we actually create the header
-+ buffer. [Ryan Bloom]
-+
-+ *) Allow filters to buffer data using the ap_f* functions. These have
-+ become macros that resolve directly to apr_brigade_*.
-+ [Ryan Bloom]
-+
-+ *) Get the Unix MPM's to do a graceful restart again. If we are going
-+ to register a cleanup with ap_cleanup_scoreboard, then we have to
-+ kill the cleanup with the same function, and that function can't be
-+ static. [Ryan Bloom]
-+
-+ *) Install all required header files. Without these, it was not
-+ possible to compile some modules outside of the server.
-+ [Ryan Bloom]
-+
-+ *) Fix the AliasMatch directive in Apache 2.0. When we brought a patch
-+ forward from 1.3 to 2.0, we missed a single line, which broke regex
-+ aliases. [Ryan Bloom]
-+
-+ *) We have a poor abstraction in the protocol. This is a temporary
-+ hack to fix the bug, but it will need to be fixed for real. If
-+ we find an error while sending out a custom error response, we back
-+ up to the first non-OK request and send the data. Then, when we send
-+ the EOS from finalize_request_protocol, we go to the last request,
-+ to ensure that we aren't sending an EOS to a request that has already
-+ received one. Because the data is sent on a different request than
-+ the EOS, the error text never gets sent down the filter stack. This
-+ fixes the problem by finding the last request, and sending the data
-+ with that request. [Ryan Bloom]
-+
-+ *) Make the server status page show the correct restart time, and
-+ thus the proper uptime. [Ryan Bloom]
-+
-+ *) Move the CGI creation logic from mod_include to mod_cgi(d). This
-+ should reduce the amount of duplicate code that is required to
-+ create CGI processes.
-+ [Paul J. Reder <rederpj raleigh.ibm.com>]
-+
-+ *) ap_new_connection() closes the socket and returns NULL if a socket
-+ call fails. Usually this is due to a connection which has been
-+ reset. [Jeff Trawick]
-+
-+ *) Move the Apache version information out of httpd.h and into release.h.
-+ This is in preparation for the first tag with the new tag and release
-+ system. [Ryan Bloom]
-+
-+ *) Begin restructuring scoreboard code to enable adding back in
-+ the ability to use IPC other than shared memory.
-+ Get mod_status working on Windows again. [Bill Stoddard]
-+
-+ *) Make mod_status work with 2.0. This will work for prefork,
-+ mpmt_pthread, and dexter. [Ryan Bloom]
-+
-+ *) Correct a typo in httpd.conf.
-+ [Kunihiro Tanaka <tanaka apache.or.jp>] PR#7154
-+
-+ *) Really fix mod_rewrite map lookups this time. [Tony Finch]
-+
-+ *) Get the correct IP address if ServerName isn't set and we can't
-+ find a fully-qualified domain name at startup.
-+ PR#7170 [Danek Duvall <dduvall eng.sun.com>]
-+
-+ *) Make mod_cgid work with SuExec. [Ryan Bloom]
-+
-+ *) Adopt apr user/group name features for mod_rewrite. Eliminates some
-+ 'extra' stat's for user/group since they should never occur, and now
-+ resolves the SCRIPT_USER and SCRIPT_GROUP, including on WinNT NTFS
-+ volumes. [William Rowe]
-+
-+ *) Adopt apr features to simplify mod_includes. This changes the
-+ behavior of the USER_NAME variable, unknown uid's are now reported
-+ as USER_NAME="<unknown>" rather than the old user#000 result.
-+ WinNT now resolves USER_NAME on NTFS volumes. [William Rowe]
-+
-+ *) Adopt apr features for simplifing mod_userdir, and accept the new
-+ Win32/OS2 exceptions without hiccuping. [William Rowe]
-+
-+ *) Replace configure --with-optim option by using and saving the
-+ environment variable OPTIM instead. This is needed because configure
-+ options do not support multiple flags separated by spaces.
-+ [Roy Fielding]
-+
-+ *) Fix some byterange handling. If we get a byte range that looks like
-+ "-999999" where that is past the end of the file, we should return
-+ a PARTIAL CONTENT status code, and return the whole file as one big
-+ byterange. This matches the 1.3 handling now. [Ryan Bloom]
-+
-+ *) Make the error bucket a real meta-data bucket. This means that the
-+ bucket length is 0, and a read returns NULL data. If one of these
-+ buckets is passed down after the headers are sent, this data will
-+ just be ignored. [Greg Stein]
-+
-+ *) The prefork MPM wasn't killing child processes correctly if a restart
-+ signal was received while the process was serving a request. The child
-+ process would become the equivalent of a second parent process. If
-+ we break out of the accept loop, then we need to do die after cleaning
-+ up after ourselves. [Ryan Bloom]
-+
-+ *) Change the Prefork MPM to use SIGWINCH instead of SIGUSR1 for graceful
-+ restarts. [Ryan Bloom]
-+
-+ *) Modify the apr_stat/lstat/getfileinfo calls within apache to use
-+ the most optimal APR_FINFO_wanted bits. This spares Win32 from
-+ performing very expensive owner, group and permission lookups
-+ and allows the server to function until these apr_finfo_t fields
-+ are implemented under Win32. [William Rowe]
-+
-+ *) Support for typedsafe optional functions - that is functions exported by
-+ optional modules, which, therefore, may or may not be present, depending
-+ on configuration. See the experimental modules mod_optional_fn_{ex,im}port
-+ for sample code. [Ben Laurie]
-+
-+ *) filters can now report an HTTP error to the server. This is done
-+ by sending a brigade where the first bucket is an error_bucket.
-+ This bucket is a simple bucket that stores an HTTP error and
-+ a string. Currently the string is not used, but it may be needed
-+ to output an error log. The http_header_filter will find this
-+ bucket, and output the error text, and then return
-+ AP_FILTER_ERROR, which informs the server that the error web page
-+ has already been sent. [Ryan Bloom]
-+
-+ *) If we get an error, then we should remove all filters except for
-+ those critical to serving a web page. This fixes a bug, where
-+ error pages were going through the byterange filter, even though
-+ that made no sense. [Ryan Bloom]
-+
-+ *) Relax the syntax checking of Host: headers in order to support
-+ iDNS. PR#6635 [Tony Finch]
-+
-+ *) Cleanup the byterange filter to use the apr_brigade_partition
-+ and apr_bucket_copy functions. This removes a lot of very messy
-+ code, and hopefully makes this filter more stable.
-+ [Ryan Bloom]
-+
-+ *) Remove AddModule and ClearModuleList directives. Both of these
-+ directives were used to ensure that modules could be enabled
-+ in the correct order. That requirement is now gone, because
-+ we use hooks to ensure that modules are in the correct order.
-+ [Ryan Bloom]
-+
-+ *) When SuExec is specified, we need to add it to the list of
-+ targets to be built. If we don't, then any changes to the
-+ configuration won't affect SuExec, unless 'make suexec' is
-+ specifically run. [Ryan Bloom]
-+
-+ *) Cleaned out open_file from mod_file_cache, as apr now accepts
-+ the APR_XTHREAD argument to open a file for consumption by
-+ parallel threads on win32. [William Rowe]
-+
-+ *) Correct a bug in determining when we follow symlinks. The code
-+ expected a stat -1 result, not an apr_status_t positive error.
-+ Also check if the APR_FINFO_USER fields are valid before we
-+ follow the link. [William Rowe]
-+
-+ *) Move initgroupgs, ap_uname2id and ap_gname2id from util.c to
-+ mpm_common.c. These functions are only valid on some platforms,
-+ so they should not be in the main-line code. [Ryan Bloom]
-+
-+ *) Remove ap_chdir_file(). This function is not thread-safe,
-+ and nobody is currently using it. [Ryan Bloom]
-+
-+ *) Do not try to run make depend if there are no .c files in the
-+ current directory, doing so makes `make depend` fail.
-+ [Ryan Bloom]
-+
-+ *) Update highperformance.conf to work with either prefork or
-+ pthreads mpms. [Greg Ames]
-+
-+ *) Stop checking to see if this is a pipelined request if we know
-+ for a fact that it isn't. Basically, if r->connection->keepalive == 0.
-+ This keeps us from making an extra read call when serving a 1.0
-+ request. [Ryan Bloom and Greg Stein]
-+
-+ *) Fix the handling of variable expansion look-ahead in mod_rewrite,
-+ i.e. syntax like %{LA-U:REMOTE_USER}, and also fix the parsing of
-+ more complicated nested RewriteMap lookups. PR#7087 [Tony Finch]
-+
-+ *) Fix the RFC number mentioned when complaining about a missing
-+ Host: header. PR#7079 [Alexey Toptygin <alexeyt wam.umd.edu>]
-+
-+ *) Fix an endless loop in ab which occurred when ab was posting
-+ and the server dropped the connection unexpectedly.
-+ [Jeff Trawick]
-+
-+ *) Fix a segfault while handling request bodies in ap_http_filter().
-+ This problem has been seen with mod_dav usage as well as with
-+ requests where the body was just being discarded. [Jeff Trawick]
-+
-+ *) Some adjustment on the handling and automatic setting (via
-+ hints.m4) of various compilation flags (eg: CFLAGS). Also,
-+ add the capability to specify flags (NOTEST_CFLAGS and
-+ NOTEST_LDFLAGS) which are used to compile Apache, but
-+ not used during the configuration process. Useful for
-+ flags like "-Werror". [Jim Jagielski]
-+
-+ *) Stop using environment variables to force debug mode or
-+ no detach. We now use the -D command line argument to
-+ specify the correct mode. -DONE_PROCESS and -DNO_DETACH.
-+ [Greg Stein, Ryan Bloom]
-+
-+ *) Change handlers to use hooks. [Ben Laurie]
-+
-+ *) Stop returning copies of filenames from both apr_file_t and
-+ apr_dir_t. We pstrdup the filenames that we store in the
-+ actual structures, so we don't need to pstrdup the strings again.
-+ [Ryan Bloom]
-+
-+ *) mod_cgi: Fix some problems where the wrong error value was being
-+ traced. [Jeff Trawick]
-+
-+ *) EBCDIC: Fix some missing ASCII conversion on some protocol data.
-+ [Jeff Trawick]
-+
-+ *) Add generic hooks. [Ben Laurie]
-+
-+ *) Use a real pool to dup the error log descriptor. [Ryan Bloom]
-+
-+ *) Fix a segfault caused by mod_ext_filter when the external filter
-+ program does not exist. [Jeff Trawick]
-+
-+ *) Fix an output truncation error when on an HTTP >= 1.0 request an
-+ object of size between DEFAULT_BUCKET_SIZE and AP_MIN_BYTES_TO_WRITE
-+ was served through mod_charset_lite (or anything else that would
-+ create a transient bucket in this size range). ap_bucket_make_heap()
-+ silently failed (fixed), transient_setaside() discovered it, but
-+ ap_save_brigade() ignored it (fixed). [Jeff Trawick]
-+
-+ *) Ignore \r\n or \n when using PEEK mode for input filters. The problem
-+ is that some browsers send extra lines at the end of POST requests, and
-+ we don't want to delay sending data back to the user just because the
-+ browser isn't well behaved. [Ryan Bloom]
-+
-+ *) Get SuEXEC working again. We can't send absolute paths to suExec
-+ because it refuses to execute those programs. SuEXEC also wasn't
-+ always recognizing configuration changes made using the autoconf
-+ setup. [Ryan Bloom]
-+
-+ *) Allow the buildconf process to find the config.m4 files in the correct
-+ order. Basically, we can now name config.m4 files as config\d\d.m4,
-+ and we will sort them correctly when inserting them into the build
-+ process. [Ryan Bloom]
-+
-+ *) Get mod_cgid to use apr calls for creating the actual CGI process.
-+ This also allows mod_cgid to use ap_os_create_priviledged_process,
-+ thus allowing for SuExec execution from mod_cgid. Currently, we do
-+ not support everything that standard SuExec supports, but at least
-+ it works minimally now. [Ryan Bloom]
-+
-+ *) Allow SuExec to be configured from the ./configure command line.
-+ [Ryan Bloom]
-+
-+ *) Update some of the docs in README and INSTALL to reflect some of
-+ the changes in Apache 2.0 [Cliff Woolley <cliffwoolley yahoo.com>]
-+
-+ *) If we get EAGAIN returned from the call to apr_sendfile, then we
-+ need to call sendfile again. This gets us serving large files
-+ such as apache_2.0a9.tar.gz on FreeBSD again. [Ryan Bloom]
-+
-+ *) Get the support programs building cleanly again.
-+ [Cliff Woolley <cliffwoolley yahoo.com>]
-+
-+ *) The Apache/Win32 Apache.exe and dll's now live in bin. The
-+ current directory logic now backs up over bin/ to determine the
-+ server root from the Apache.exe path.
-+
-+ *) Apache/Win32 now follows the standard conventions of mod_foo.so
-+ loadable modules, dynamic libs are all named libfoo.dll, and the
-+ makefile.win populates the include, lib and libexec directories.
-+
-+ *) Apache is now IPv6-capable. On systems where APR supports IPv6,
-+ Apache gets IPv6 listening sockets by default. Additionally, the
-+ Listen, NameVirtualHost, and <VirtualHost> directives support IPv6
-+ numeric address strings (e.g., "Listen [fe80::1]:8080").
-+ [Jeff Trawick]
-+
-+ *) Modify the install directory layout. Modules are now installed in
-+ modules/. Shared libraries should be installed in libraries/, but
-+ we don't have any of those on Unix yet. All install directories
-+ are modifyable at configure time. [Ryan Bloom]
-+
-+ *) Install all header files in the same directory on Unix. [Ryan Bloom]
-+
-+ *) Get the functions in server/linked into the server, regardless of
-+ which modules linked into the server. This uses the same hack
-+ for Apache that we use for APR and apr-util to ensure all of the
-+ necessary functions are linked. As a part of thise, the CHARSET_EBCDIC
-+ was renamed to AP_CHARSET_EBCDIC for namespace protection, and to make
-+ the scripts a bit easier.
-+ [Ryan Bloom]
-+
-+ *) Rework the RFC1413 handling to make it thread-safe, use a timeout
-+ on the query, and remove IPv4 dependencies. [Jeff Trawick]
-+
-+ *) Get all of the auth modules to the point that they will install and
-+ be loadable into the server. Our new build/install mechanism expects
-+ that all modules will have a common name format. The auth modules
-+ didn't use that format, so we didn't install them properly.
-+ [Ryan Bloom]
-+
-+ *) API routines ap_pgethostbyname() and ap_pduphostent() are no longer
-+ available. Use apr_getaddrinfo() instead. [Jeff Trawick]
-+
-+ *) Get "NameVirtualHost *" working in 2.0. [Ryan Bloom]
-+
-+ *) Return HTTP_RANGE_NOT_SATISFIABLE if the every range requested starts
-+ after the end of the response. [Ryan Bloom]
-+
-+ *) Get byterange requests working with responses that do not have a
-+ content-length. Because of the way byterange requests work, we have to
-+ have all of the data before we can actually do the byterange, so we
-+ can compute the content-length in the byterange filter.
-+ [Ryan Bloom]
-+
-+ *) Get exe CGI's working again on Windows.
-+ [Allan Edwards]
-+
-+ *) Get mod_cgid and mod_rewrite to work as DSOs by changing the way
-+ they keep track of whether or not their post config hook has been
-+ called before. Instead of a static variable (which is replaced when
-+ the DSO is loaded a second time), use userdata in the process pool.
-+ [Jeff Trawick]
-+
-+Changes with Apache 2.0a9
-+
-+ *) Win32 now requires perl to complete the final install step for users
-+ to build + install on Win32. Makefile.win now rewrites @@ServerRoot@
-+ and installs the conf, htdocs and htdocs/manual directories.
-+ [William Rowe]
-+
-+ *) Make mod_include use a hash table to associate directive tags with
-+ functions. This allows modules to implement their own SSI tags easily.
-+ The idea is simple enough, a module can insert it's own tag and function
-+ combination into a hash table provided by mod_include. While mod_include
-+ parses an SSI file, when it encounters a tag in the file, it does a
-+ hash lookup to find the function that implements that tag, and passes
-+ all of the relevant data to the function. That function is then
-+ responsible for processing the tag and handing the remaining data back
-+ to mod_include for further processing.
-+ [Paul J. Reder <rederpj raleigh.ibm.com>]
-+
-+ *) Get rid of ap_new_apr_connection(). ap_new_connection() now has
-+ fewer parameters: the local and remote socket addresses were removed
-+ from the parameter list because all required information is available
-+ via the APR socket. [Jeff Trawick]
-+
-+ *) Distribution directory structure reorganized to reflect a
-+ normal source distribution with external install targets.
-+ [Roy Fielding]
-+
-+ *) The MPMs that need multiple segments of shared memory now create
-+ two apr_shmem_t variables, one for each shared memory allocation.
-+ the problem is that we can't determine how much memory will be required
-+ for shared memory allocations once we try to allocate more than one
-+ variable. The MM code automatically aligns the shared memory allocations,
-+ so we end up needing to pad the amount of shared memory we want based
-+ on how many variables will be allocated out of the shared memory segment.
-+ It is just easier to create a second apr_shmem_t variable, and two
-+ shmem memory blocks.
-+ [Ryan Bloom]
-+
-+ *) Cleanup the export list a bit. This creates a single unified list of
-+ functions exported by APR. The export list is generated at configure
-+ time, and that list is then used to generate the exports.c file.
-+ Because of the way the export list is generated, we only export those
-+ functions that are valid on the platform we are building on.
-+ [Ryan Bloom]
-+
-+ *) Enable logging the cookie with mod_log_config
-+ [Sander van Zoest <sander covalent.net>]
-+
-+ *) Fix a segfault in mod_info when it reaches the end of the configuration.
-+ [Jeff Trawick]
-+
-+ *) Added lib/aputil/ as a placeholder for utility functions which are not
-+ specific to the Apache HTTP Server (but do not make sense with APR).
-+ The first utility is "apu_dbm": a set of functions to work with DBM
-+ files. This first version can be compiled for SDBM or GDBM databases.
-+ [Greg Stein]
-+
-+ *) Complete re-write of mod_include. This makes mod_include a filter that
-+ uses buckets directly. This has now served the FAQ correctly.
-+ [Paul Reder <rederpj raleigh.ibm.com>]
-+
-+ *) Allow modules to specify the first filter in a sub_request when
-+ making the sub_request. This keeps modules from having to change the
-+ output_filter immediately after creating the sub-request, and therefore
-+ skip the sub_req_output_filter. [Ryan Bloom]
-+
-+ *) Update ab to accept URLs with IPv6 literal address strings (in the
-+ format described in RFC 2732), and to build Host header fields in
-+ the same format. This allows IPv6 literal address strings to be
-+ used with ab. This support has been tested against Apache 1.3 with
-+ the KAME patch, but Apache 2.0 does not yet work with this format
-+ of the Host header field. [Jeff Trawick]
-+
-+ *) Accomodate an out-of-space condition in the piped logs and the
-+ rotatelogs.c code, and no longer churn log processes for this
-+ condition. [Victor J. Orlikowski]
-+
-+ *) Add support for partial writes with apr_sendfile() to core_output_filter.
-+ [Greg Ames]
-+
-+Changes with Apache 2.0a8
-+
-+ *) Add a directive to mod_mime so that filters can be associated with
-+ a given mime-type.
-+ [Ryan Bloom]
-+
-+ *) Get multi-views working again. We were setting the path_info
-+ field incorrectly if we couldn't find the specified file.
-+ [Ryan Bloom]
-+
-+ *) Fix 304 processing. The core should never try to send the headers
-+ down the filter stack. Always, just setup the table in the request
-+ record, and let the header filter convert it to data that is ready
-+ for the network.
-+ [Ryan Bloom]
-+
-+ *) More fixes for the proxy. There are still bugs in the proxy code,
-+ but this has now proxied www.yahoo.com and www.ntrnet.net (my ISP)
-+ successfully.
-+ [Ryan Bloom]
-+
-+ *) Fix params for apr_getaddrinfo() call in connect proxy handler.
-+ [Chuck Murcko]
-+
-+ *) APR: Add new apr_getopt_long function to handle long options.
-+ [B. W. Fitzpatrick <fitz red-bean.com>]
-+
-+ *) APR: Change apr_connect() to take apr_sockaddr_t instead of hostname.
-+ Add generic apr_create_socket(). Add apr_getaddrinfo() for doing
-+ hostname resolution/address string parsing and building
-+ apr_sockaddr_t. Add apr_get_sockaddr() for getting the address
-+ of one of the apr_sockaddr_t structures for a socket. Change
-+ apr_bind() to take apr_sockaddr_t. [David Reid and Jeff Trawick]
-+
-+ *) Remove the BUFF from the HTTP proxy. This is still a bit ugly, but
-+ I have proxied pages with it, cleanup will commence soon.
-+ [Ryan Bloom]
-+
-+ *) Make the proxy work with filters. This isn't perfect, because we
-+ aren't dealing with the headers properly. [Ryan Bloom]
-+
-+ *) Do not send a content-length iff the C-L is 0 and this is a head
-+ request. [Ryan Bloom]
-+
-+ *) Make cgi-bin work as a regular directory when using mod_vhost_alias
-+ with no VirtualScriptAlias directives. PR#6829 [Tony Finch]
-+
-+ *) Remove BUFF from the PROXY connect handling. [Ryan Bloom]
-+
-+ *) Get the default_handler to stop trying to deal with HEAD requests.
-+ The idea is to let the content-length filter compute the C-L before
-+ we try to send the data. If we can get the C-L correctly, then we
-+ should send it in the HEAD response.
-+ [Ryan Bloom]
-+
-+ *) The Header filter can now determine if a body should be sent based
-+ on r->header_only. The general idea of this is that if we delay
-+ deciding to send the body, then we might be able to compute the
-+ content-length correctly, which will help caching proxies to cache
-+ our data better. Any handler that doesn't want to try to compute
-+ the content-length can just send an EOS bucket without data and
-+ everything will just work.
-+ [Ryan Bloom]
-+
-+ *) Add the referer to the error log if one is available.
-+ [Markus Gyger <mgyger itr.ch>]
-+
-+ *) Mod_info.c has now been ported to Apache 2.0. As a part of this
-+ change, the root of the configuration tree has been exposed to modules
-+ as ap_conftree.
-+ [Ryan Morgan <rmorgan covalent.net>]
-+
-+ *) Get the core_output_filter to use the bucket interface directly.
-+ This keeps us from calling the content-length filter multiple times
-+ for a simple static request.
-+ [Ryan Bloom]
-+
-+ *) We are sending the content-type correctly now.
-+ [Ryan Bloom and Will Rowe]
-+
-+ *) APR on FreeBSD: Fix a bug in apr_sendfile() which caused us to report
-+ a bogus bytes-sent value when the only thing being sent was trailers
-+ and writev() returned an error (or EAGAIN). [Jeff Trawick]
-+
-+ *) Get SINGLE_LISTEN_UNSERIALIZED_ACCEPT working again. This uses the
-+ hints file to determine which platforms define
-+ SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
-+ [Ryan Bloom]
-+
-+ *) APR: add apr_get_home_directory() [Jeff Trawick]
-+
-+ *) Initial import of 1.3-current mod_proxy. [Chuck Murcko]
-+
-+ *) Not all platforms have INADDR_NONE defined by default. Apache
-+ used to make this check and define INADDR_NONE if appropriate,
-+ but APR needs the check too, and I suspect other applications will
-+ as well. APR now defines APR_INADDR_NONE, which is always a valid
-+ value on all platforms.
-+ [Branko Èibej <brane xbc.nu>]
-+
-+ *) Destroy the pthread mutex in lock_intra_cleanup() for PR#6824.
-+ [Shuichi Kitaguchi <ki hh.iij4u.or.jp>]
-+
-+ *) Relax the syntax checking of Host: headers in order to support
-+ iDNS. PR#6635 [Tony Finch]
-+
-+ *) When reading from file buckets we convert to an MMAP if it makes
-+ sense. This also simplifies the default handler because the
-+ default handler no longer needs to try to create MMAPs.
-+ [Ryan Bloom]
-+
-+ *) BUFF has been removed from the main server. The BUFF code will remain
-+ in the code until it has been purged from the proxy module as well.
-+ [Ryan Bloom]
-+
-+ *) Byteranges have been completely re-written to be a filter. This
-+ has been tested, and I believe it is working correctly, but it could
-+ doesn't work for the Adobe Acrobat plug-in. The output almost matches
-+ the output from 1.3, the only difference being that 1.3 includes
-+ a content-length in the response, and this does not.
-+ [Ryan Bloom]
-+
-+ *) APR read/write functions and bucket read functions now operate
-+ on unsigned integers, instead of signed ones. It doesn't make
-+ any sense to use signed ints, because we return the error codes,
-+ so if we have an error we should report 0 bytes read or written.
-+ [Ryan Bloom]
-+
-+ *) Always compute the content length, whether it is sent or not.
-+ The reason for this, is that it allows us to correctly report
-+ the bytes_sent when logging the request. This also simplifies
-+ content-length filter a bit, and fixes the actual byte-reporing
-+ code in mod_log_config.c
-+ [Ryan Bloom]
-+
-+ *) Remove AP_END_OF_BRIGADE definition. This does not signify what
-+ it says, because it was only used by EOS and FLUSH buckets. Since
-+ neither of those are required at the end of a brigade, this was
-+ really signifying FLUSH_THE_DATA, but that can be determined better
-+ by checking AP_BUCKET_IS_EOS() or AP_BUCKET_IS_FLUSH. EOS and FLUSH
-+ buckets now return a length of 0, which is actually the amount of data
-+ read, so they make more sense.
-+ [Ryan Bloom]
-+
-+ *) Allow the core_output_filter to save some data past the end of a
-+ request. If we get an EOS bucket, we only send the data if it
-+ makes sense to send it. This allows us to pipeline request
-+ responses. As a part of this, we also need to allocate mmap
-+ buckets out of the connection pool, not the request pool. This
-+ allows the mmap to outlive the request.
-+ [Ryan Bloom]
-+
-+ *) Make blocking and non-blocking bucket reads work correctly for
-+ sockets and pipes. These are the only bucket types that should
-+ have non-blocking reads, because the other bucket types should
-+ ALWAYS be able to return something immediately.
-+ [Ryan Bloom]
-+
-+ *) In the Apache/Win32 console window, accept Ctrl+C to stop the
-+ server, but use Ctrl+Break to initiate a graceful restart
-+ instead of duplicating behavior. [John Sterling]
-+
-+ *) Patch mod_autoindex to set the Last-Modified header based on
-+ the directory's mtime, and add the ETag header. [William Rowe]
-+
-+ *) Merge the 1.3 patch to add support for logging query string in
-+ such a way that "%m %U%q %H" is the same as "%r".
-+ [Bill Stoddard]
-+
-+ *) Port three log methods from mod_log_config 1.3 to 2.0:
-+ CLF compliant '-' byte count, method and protocol.
-+ [Bill Stoddard]
-+
-+ *) Add a new LogFormat directive, %c, that will log connection
-+ status at the end of the response as follows:
-+ 'X' - connection aborted before the response completed.
-+ '+' - connection may be kept-alive by the server.
-+ '-' - connection will be closed by the server.
-+ [Bill Stoddard]
-+
-+ *) Expand APR for WinNT to fully accept and return utf-8 encoded
-+ Unicode file names and paths for Win32, and tag the Content-Type
-+ from mod_autoindex to reflect that charset if the feature
-+ macro APR_HAS_UNICODE_FS is true. [William Rowe]
-+
-+ *) Compute the content length (and add appropriate header field) for
-+ the response when no content length is available and we can't use
-+ chunked encoding. [Jeff Trawick]
-+
-+ *) Changed ap_discard_request_body() to use REQUEST_CHUNKED_DECHUNK,
-+ so that content input filters get dechunked data when using
-+ the default handler. Also removed REQUEST_CHUNKED_PASS.
-+ [Sascha Schumann]
-+
-+ *) Add mod_ext_filter as an experimental module. This module allows
-+ the administrator to use external programs as filters. Currently,
-+ only filtering of output is supported. [Jeff Trawick]
-+
-+ *) Most Apache functions work on EBCDIC machines again, as protocol
-+ data is now translated (again). [Jeff Trawick]
-+
-+ *) Introduce ap_xlate_proto_{to|from}_ascii() to clean up some of
-+ the EBCDIC support. They are noops on ASCII machines, so this
-+ type of translation doesn't have to be surrounded by #ifdef
-+ CHARSET_EBCDIC. [Jeff Trawick]
-+
-+ *) Fix mod_include. tag commands work again, and the server will
-+ send the FAQ again. This also allows mod_include to set aside
-+ buckets that include partial buckets.
-+ [Ryan Bloom and David Reid]
-+
-+ *) Add suexec support back. [Manoj Kasichainula]
-+
-+ *) Lingering close now uses the socket directly instead of using
-+ BUFF. This has been tested, but since all we can tell is that it
-+ doesn't fail, this needs to be really hacked on.
-+ [Ryan Bloom]
-+
-+ *) Allow filters to modify headers and have those headers be sent to
-+ the client. The idea is that we have an http_header filter that
-+ actually sends the headers to the network. This removes the need
-+ for the BUFF to send headers.
-+ [Ryan Bloom]
-+
-+ *) Charset translation: mod_charset_lite handles translation of
-+ request bodies. Get rid of the xlate version of ap_md5_digest()
-+ since we don't compute digests of filtered (e.g., translated)
-+ response bodies this way anymore. (Note that we don't do it at
-+ all at the present; somebody needs to write a filter to do so.)
-+ [Jeff Trawick]
-+
-+ *) Input filters and ap_get_brigade() now have a input mode parameter
-+ (blocking, non-blocking, peek) instead of a length parameter.
-+ [hackathon]
-+
-+ *) Update the mime.types file to the registered media types as
-+ of 2000-10-19. PR#6613 [Carsten Klapp <carsten.klapp home.net>,
-+ Tony Finch]
-+
-+ *) Namespace protect some macros declared in ap_config.h
-+ [Ryan Bloom]
-+
-+ *) Support HTTP header line folding with input filtering.
-+ [Greg Ames]
-+
-+ *) Mod_include works again. This should still be re-written, but at
-+ least now we can serve an SHTML page again.
-+ [Ryan Bloom]
-+
-+ *) Begin to remove BUFF from the core. Currently, we keep a pointer
-+ to both the BUFF and the socket in the conn_rec. Functions that
-+ want to use the BUFF can, functions that want to use the socket,
-+ can. They point to the same place.
-+ [Ryan Bloom]
-+
-+ *) apr_psprintf doesn't understand %lld as a format. Make it %ld.
-+ [Tomas "Ögren" <stric ing.umu.se>]
-+
-+ *) APR pipes on Unix and Win32 are now cleaned up automatically when the
-+ associated pool goes away. (APR pipes on OS/2 were already had this
-+ logic.) This resolvs a fatal file descriptor leak with CGIs.
-+ [Jeff Trawick]
-+
-+ *) The final line of the config file was not being read if there was
-+ no \n at the end of it. This was caused by apr_fgets returning
-+ APR_EOF even though we had read valid data. This is solved by
-+ making cfg_getline check the buff that was returned from apr_fgets.
-+ If apr_fgets return APR_EOF, but there was data in the buf, then we
-+ return the buf, otherwise we return NULL.
-+ [Ryan Bloom]
-+
-+ *) Piped logs work again in the 2.0 series.
-+ [Ryan Bloom]
-+
-+ *) Restore functionality broken by the mod_rewrite security fix:
-+ rewrite map lookup keys and default values are now expanded
-+ so that the lookup can depend on the requested URI etc.
-+ PR #6671 [Tony Finch]
-+
-+ *) SECURITY: Tighten up the syntax checking of Host: headers to fix a
-+ security bug in some mass virtual hosting configurations
-+ that can allow a remote attacker to retrieve some files
-+ on the system that should be inaccessible. [Tony Finch]
-+
-+ *) Add a pool bucket type. This bucket is used for data allocated out
-+ of a pool. If the pool is cleaned before the bucket is destroyed, then
-+ the data is converted to a heap bucket, allowing it to survive the
-+ death of the pool.
-+ [Ryan Bloom]
-+
-+ *) Add a flush bucket. This allows modules to signal that the filters
-+ should all flush whatever data they currently have. There is no way
-+ to actually force them to do this, so if a filter ignores this bucket,
-+ that's life, but at least we can try with this.
-+ [Ryan Bloom]
-+
-+ *) Add an output filter for sub-requests. This filter just strips the
-+ EOS bucket so that we don't confuse the main request's core output
-+ filter by sending multiple EOS buckets. This change also makes sub
-+ requests start to send EOS buckets when they are finished.
-+ [Ryan Bloom]
-+
-+ *) Make ap_bucket_(read|destroy|split|setaside) into macros. Also
-+ makes ap_bucket_destroy a return void, which is okay because it
-+ used to always return APR_SUCCESS, and nobody ever checked its
-+ return value anyway.
-+ [Cliff Woolley <cliffwoolley yahoo.com>]
-+
-+ *) Remove the index into the bucket-type table from the buckets
-+ structure. This has now been replaced with a pointer to the
-+ bucket_type. Also add some macros to test the bucket-type.
-+ [Ryan Bloom]
-+
-+ *) Renamed all MODULE_EXPORT symbols to AP_MODULE_DECLARE and all symbols
-+ for CORE_EXPORT to AP_CORE_DECLARE (namespace protecting the wrapper)
-+ and retitled API_EXPORT as AP_DECLARE and APR_EXPORT as APR_DECLARE.
-+ All _VAR_ flavors changes to _DATA to be absolutely clear.
-+ [William Rowe]
-+
-+ *) Add support for /, //, //servername and //server/sharename
-+ parsing of <Directory> blocks under Win32 and OS2.
-+ [Tim Costello, William Rowe, Brian Harvard]
-+
-+ *) Remove the function pointers from the ap_bucket type. They have been
-+ replaced with a global table. Modules are allowed to register bucket
-+ types and use then use those buckets.
-+ [Ryan Bloom]
-+
-+ *) mod_cgid: In the handler, shut down the Unix socket (only for write)
-+ once we finish writing the request body to the cgi child process;
-+ otherwise, the client doesn't hit EOF on stdin. Small request bodies
-+ worked without this change (for reasons I don't understand), but large
-+ ones didn't. [Jeff Trawick]
-+
-+ *) Remove file bucket specific information from the ap_bucket type.
-+ This has been moved to a file_bucket specific type that hangs off
-+ the data pointer in the ap_bucket type.
-+ [Ryan Bloom]
-+
-+ *) Input filtering now has a third argument. This is the amount of data
-+ to read from lower filters. This argument can be -1, 0, or a positive
-+ number. -1 means give me all the data you have, I'll deal with it and
-+ let you know if I need more. 0 means give me one line and one line
-+ only. A positive number means I want no more than this much data.
-+
-+ Currently, only 0 and a positive number are implemented. This allows
-+ us to remove the remaining field from the conn_rec structure, which
-+ has also been done.
-+ [Ryan Bloom]
-+
-+ *) Big cleanup of the input filtering. The goal is that http_filter
-+ understands two conditions, headers and body. It knows where it is
-+ based on c->remaining. If c->remaining is 0, then we are in headers,
-+ and http_filter returns a line at a time. If it is not 0, then we are
-+ in body, and http_filter returns raw data, but only up to c->remaining
-+ bytes. It can return less, but never more.
-+ [Greg Ames, Ryan Bloom, Jeff Trawick]
-+
-+ *) mod_cgi: Write all of the request body to the child, not just what
-+ the kernel would accept on the first write. [Jeff Trawick]
-+
-+ *) Back out the change that moved the brigade from the core_output_filters
-+ ctx to the conn_rec. Since all requests over a given connection
-+ go through the same core_output_filter, the ctx pointer has the
-+ correct lifetime.
-+ [Ryan Bloom]
-+
-+ *) Fix another bug in the send_the_file() read/write loop. A partial
-+ send by apr_send would cause unsent data in the read buffer to
-+ get clobbered. Complete making send_the_file handle partial
-+ writes to the network.
-+ [Bill Stoddard]
-+
-+ *) Fix a couple of type fixes to allow compilation on AIX again
-+ [Victor J. Orlikowski <v.j.orlikowski gte.net>]
-+
-+ *) Fix bug in send_the_file() which causes offset to be ignored
-+ if there are no headers to send.
-+ [Bill Stoddard]
-+
-+ *) Handle APR_ENOTIMPL returned from apr_sendfile in the core
-+ filter. Useful for supporting Windows 9* with a binary
-+ compiled on Windows NT.
-+ [Bill Stoddard]
-+
-+Changes with Apache 2.0a7
-+
-+ *) Reimplement core_output_filter to buffer/save bucket brigades
-+ across multiple calls to the core_filter. The brigade will be
-+ sent when either MIN_BYTES_TO_SEND or MAX_IOVEC_TO_WRITE
-+ thresholds are hit or the EOS bucket is received.
-+ [Bill Stoddard]
-+
-+ *) Create experimental filter (buffer_filter) that coalesces bytes
-+ into one large buffer before invoking the next filter in the
-+ chain. This filter is particularly useful with the current
-+ implementation of mod_autoindex when it inserted above the
-+ chunk_filter. mod_autoindex generates a lot of brigades that
-+ containing buckets holding just a few bytes each. The
-+ buffer_filter coalesces these buckets into a single large bucket.
-+ [Bill Stoddard]
-+
-+ *) Add apr_sendfile() support into the core_output_filter.
-+ [Bill Stoddard]
-+
-+ *) Add apr_sendv() support into the core_output_filter.
-+ [Bill Stoddard]
-+
-+ *) Fix mod_log_config so that it compiles cleanly with BUFFERED_LOGS
-+ [Mike Abbott <mja sgi.com>]
-+
-+ *) Remove ap_send_fb. This is no longer used in Apache, and it doesn't
-+ make much sense, because Apache uses buckets instead of BUFFs now.
-+ [Ryan Bloom]
-+
-+ *) send_the_file now falls back to a read/write loop on platforms that
-+ do not have sendfile.
-+ [Ryan Bloom and Brian Havard]
-+
-+ *) Install apachectl correctly, and substitute the proper values so
-+ that it works again. [Ryan Bloom]
-+
-+ *) Better(??) handle platforms that lack sendfile().
-+ [Jim Jagielski]
-+
-+ *) APR now has UUID generation/formatting/parsing support.
-+ [Greg Stein]
-+
-+ *) Begin the http_filter. This is an input filter that understands
-+ the absolute basic amount required to parse an HTTP Request. The
-+ goal is to be able to split headers from request body before passing
-+ the data back to the other filters.
-+ [Ryan Bloom]
-+
-+ *) Bring forward from 1.3.13 the config directory implementation
-+ [Jim Jagielski]
-+
-+ *) install apxs if it is created
-+ [Ryan Bloom]
-+
-+ *) Added APR_IS_STATUS_condition test macros to eliminate canonical error
-+ conversions. [William Rowe]
-+
-+ *) Now that we have ap_add_input_filter(), rename ap_add_filter() to
-+ ap_add_output_filter(). [Jeff Trawick]
-+
-+ *) Multiple build and configuration fixes
-+ Build process:
-+
-+ -add datadir and localstatedir substitutions
-+ -fix layout name
-+ -fix logfilename misspelling
-+ -fix evaluation of installation dir variables and
-+ -replace $foobar by $(foobar) to be usefull in the makefile
-+
-+ Cross compile:
-+
-+ -add rules for cross-compiling in rules.mk. Okay, rule to check for
-+ $CC_FOR_BUILD is still missing
-+ -use CHECK_TOOL instead of CHECK_PROG for ranlib
-+ -add missing "AR=@AR@" to severaly Makefile.in's
-+ -cache result for "struct rlimit"
-+ -compile all helper programs with native and cross compiler
-+ and use the native version to generate header file
-+ ["Rüdiger" Kuhlmann <Tadu gmx.de>]
-+
-+ *) Prepare our autoconf setup for autoconf 2.14a and for cross-
-+ compiling.
-+ ["Rüdiger" Kuhlmann <Tadu gmx.de>]
-+
-+ *) Fix a bug where a client which only sends \n to delimit header
-+ lines (netcat) gets a strange looking HTTP_NOT_IMPLEMENTED
-+ message. Start working on ebcdic co-existance with input
-+ filtering.
-+ [William Rowe, Greg Ames]
-+
-+ *) If mod_so is enabled in the server always create libexec, even
-+ if there are no modules installed in this directory. This is a
-+ requirement for APXS to work correctly.
-+ [Ryan Bloom]
-+
-+ *) Connection oriented output filters are now stored in the
-+ conn_rec instead of the request_rec. This allows us to add the
-+ output filter in the pre-connection phase instead of the
-+ post_read_request phase, which keeps us from trying to write an
-+ error page before we have a filter to write to the network.
-+ [Ryan Bloom, Jeff Trawick, and Greg Ames]
-+
-+ *) Cleaning up an mmap bucket no longer deletes the mmap. An
-+ mmap can be used across multiple buckets (default_handler with
-+ byte ranges, mod_file_cache, mod_mmap_static), so cleanup of
-+ the mmap itself can't be associated with the bucket.
-+ [Jeff Trawick]
-+
-+ *) Add .dll caching directive ISAPICacheFile to mod_isapi.
-+ [William Rowe]
-+
-+ *) Radical surgery to improve mod_isapi support under Win32.
-+ Includes a number of newer ServerSupportFunction calls, support
-+ for ReadClient (in order to retrieve POSTs greater than 48KB),
-+ and general bug fixes to more reliably load ISAPI .dll's and
-+ prevent leaking handle resources. Note: There are still
-+ discrepancies between IIS's and Apache's ServerVariables, and
-+ async calls are still not supported. Additional warnings are
-+ logged to facilitate debugging of unsupported ISAPI calls.
-+ [William Rowe]
-+
-+ *) Add input filtering to Apache. The basic idea for the input
-+ filters is the same as the ideas for output filters. The biggest
-+ difference is that instead of calling ap_pass_brigade, ap_get_brigade
-+ should be called, and the order of execution for the filter itself is
-+ different. When writing an output filter, a brigade is passed in,
-+ and filters operate directly on that brigade, when done, they call
-+ ap_pass_brigade. Input filters are the exact opposite. Because input
-+ is not a push operation, filters first call ap_get_brigade. When this
-+ function returns, the input filter will be left with a valid brigade.
-+ The input filter should then operate on the brigade, and return.
-+ [Ryan Bloom]
-+
-+ *) Fix building on BSD/OS using its native make. The build system
-+ falls back to the BSD .include directive on that host platform.
-+ [Sascha Schumann]
-+
-+ *) Expand dbmmanage to allow -d -m -s -p options for Crypt, MD5,
-+ SHA1 and plaintext password encodings. Make feature tests a
-+ bit more flexible. [William Rowe]
-+
-+ *) Charset translation: mod_charset_lite handles output content
-+ translation in a filter. mod_charset_lite no longer ignores
-+ subrequests. A bunch of cruft related to BUFF's support for
-+ translating request and response bodies was removed.
-+ [Jeff Trawick]
-+
-+ *) Move the addition of the CORE filter to the post_read_request
-+ hook in http_core.c. This removes the need to add the filter in
-+ multiple places and allows for an SSL module to be added much
-+ simpler. [Ryan Bloom]
-+
-+ *) SECURITY [CVE-2000-0913] (cve.mitre.org):
-+ Fix a security problem that affects certain configurations of
-+ mod_rewrite. If the result of a RewriteRule is a filename that
-+ contains expansion specifiers, especially regexp backreferences
-+ $0..$9 and %0..%9, then it may be possible for an attacker to
-+ access any file on the web server. [Tony Finch]
-+
-+ *) Fix a bug where errors that are detected during early request parsing
-+ don't produce visible HTTP error messages at the browser, because
-+ the core_filter wasn't present. [Greg Ames]
-+
-+ *) Provide apr_socklen_t as a portability aid.
-+ [Victor J. Orlikowski]
-+
-+ *) Overhaul of dbmmanage to allow a groups arg (as in Apache 1.2)
-+ as well as a comment arg to the add, adduser and update cmds.
-+ update allows the user to clear or preserve pw/groups/comment.
-+ Fixed a bug in dbmmanage that prevented the check option from
-+ parsing a password followed by :group... text. Corrected the
-+ seed calcualation for Win32 systems, and added -lsdbm support.
-+ [William Rowe]
-+
-+ *) Configured mod_auth_dbm to compile with sdbmlib under Win32.
-+ [William Rowe]
-+
-+ *) Avoid a segfault when parsing .htaccess files. An
-+ uninitialized tree pointer was passed to ap_build_config().
-+ [Jeff Trawick]
-+
-+ *) Change the way that inet_addr & inet_network are checked for
-+ in APR's configure process to allow BeOS BONE to correctly
-+ find them. With this change BeOS BONE now builds from source
-+ with no problems. [David Reid]
-+
-+ *) Fix a bug in apr_create_process() for Unix. The NULL signifying
-+ the end of the parameters to execve() was stored in the wrong
-+ location, overlaying the storage beyond the newargs[] array and
-+ also passing uninitialized storage to execve(), which would
-+ sometimes fail with EFAULT. [Jeff Trawick]
-+
-+ *) Fix a bug parsing configuration file containers. With a sequence
-+ like this in the config file
-+
-+ <IfModule mod_kilroy.c>
-+ any stuff
-+ </IfModule>
-+ <IfModule mod_lovejoy.c>
-+ (blank line)
-+ any stuff
-+ </IfModule>
-+
-+ the second container would be terminated at the blank line due to
-+ sediment in the buffer from reading the prior </IfModule> and an
-+ error message would be generated for the real </IfModule> for the
-+ second container. Also due to this problem, any two characters
-+ could be used for "</" in the close of a container.
-+ [Jeff Trawick]
-+
-+ *) ap_add_filter prototype changed to remove the ctx pointer. The
-+ pointer still remains in the filter structure, but it can not be
-+ a part of the ap_add_filter prototype. The reason is that when
-+ the core uses AddFilter to add a filter to the stack it doesn't
-+ know how to allocate the ctx pointer, or even how much memory should
-+ be allocated. The filters will have to be responsible for allocating
-+ the ctx memory when they need it.
-+ [Ryan Bloom]
-+
-+ *) Add an AddFilter directive. This directive takes a list of filters
-+ that should be activated for the requested resource.
-+ [Ryan Bloom]
-+
-+ *) apr_snprintf(): Get quad format strings working on OS/390 (and perhaps
-+ some other platforms). [Jeff Trawick]
-+
-+ *) Modify mod_include to be a filter. Currently, it has only been tested
-+ on actual files, but it should work for CGI scripts too.
-+ [Ryan Bloom]
-+
-+ *) apr_putc(), apr_puts() for Unix: handle buffered files and interrupted
-+ writes. apr_flush() for Unix: handle interrupted writes.
-+ [Jeff Trawick]
-+
-+ *) NameVirtualHost can now take "*" as an argument instead of
-+ an IP address. This allows you to create a purely name-based
-+ virtual hosting server that does not have any IP addresses in
-+ the configuration file and which ignores the local address
-+ of any connections. PR #5595, PR #4455 [Tony Finch]
-+
-+ *) Fix some compile warnings in mod_mmap_static.c
-+ [Mike Abbott <mja sgi.com>]
-+
-+ *) Fix chunking problem with CGI scripts. The general problem was that
-+ the CGI modules were adding an EOS bucket and then the core added an
-+ EOS bucket. The chunking filter finalizes the chunked response when it
-+ encounters an EOS bucket. Because two EOS buckets were sent, we
-+ finalized the response twice. The fix is to make sure we only send one
-+ EOS, by utilizing a flag in the request_rec.
-+ [Ryan Bloom]
-+
-+ *) apr_put_os_file() now sets up the unget byte appropriately on Unix
-+ and Win32. Previously, the first read from an apr_file_t set up via
-+ apr_put_os_file() would return a '\0'. [Jeff Trawick]
-+
-+ *) Mod_cgid now creates a single element bucket brigade, with a pipe
-+ bucket, instead of using BUFF's and ap_r*.
-+ [Ryan Bloom]
-+
-+ *) APRVARS.in no longer overwrites the EXTRA_LIBS variable.
-+ [Mike Abbott <mja sgi.com>]
-+
-+ *) Remove ap_bopenf from buff code. This required modifying the file_cache
-+ code to use APR file's directly instead of going through BUFFs.
-+ [Ryan Bloom]
-+
-+ *) Fix compile break on some platforms for mod_mime_magic.c
-+ [John K. Sterling <sterling covalent.net>]
-+
-+ *) Fix merging of AddDefaultCharset directive.
-+ PR #5872 (1.3) [Jun Kuriyama <kuriyama imgsrc.co.jp>]
-+
-+ *) Minor revamp of the rlimit sections of code. We now test
-+ explicitly for setrlimit and getrlimit. Also, unixd_set_rlimit()
-+ is now "available" even if the platform doesn't support
-+ the rlimit family (it's just a noop though). [Jim Jagielski]
-+
-+ *) Migrate the pre-selection of which MPM to use for specific
-+ platforms to hints.m4, which contains (or should contain)
-+ all platform specific "hints". [Jim Jagielski]
-+
-+ *) Remove IOLs from Apache. With filtering, IOLs are no longer necessary
-+ [Ryan Bloom]
-+
-+ *) Add tables with non-string/binary values to APR.
-+ [Ken Coar]
-+
-+ *) Fix some bad calls to ap_log_rerror() in mod_rewrite.
-+ [Jeff Trawick]
-+
-+ *) Update PCRE to version 3.2. [Ryan Bloom]
-+
-+ *) Change the way buckets' destroy functions are called so that
-+ they can be more directly used when changing the type of a
-+ bucket in place. [Tony Finch]
-+
-+ *) Add generic support for reference-counting the resources used by
-+ buckets, and alter the HEAP and MMAP buckets to use it. Change
-+ the way buckets are initialised to support changing the type of
-+ buckets in place, and use it when setting aside TRANSIENT buckets.
-+ Change the implementation of TRANSIENT buckets so that it can be
-+ mostly shared with IMMORTAL buckets, which are now implemented.
-+ [Tony Finch]
-+
-+Changes with Apache 2.0a6
-+
-+ *) Add support to Apache and APR for dsos on OS/390. [Greg Ames]
-+
-+ *) Add a chunking filter to Apache. This brings us one step closer
-+ to removing BUFF. [Ryan Bloom]
-+
-+ *) ap_add_filter now adds filters in a LIFO fashion. The first filter
-+ added to the stack is the last filter to be called. [Ryan Bloom]
-+
-+ *) Apache 2.0 has been completely documented using Scandoc. The
-+ docs can be generated by running 'make docs'. [Ryan Bloom]
-+
-+ *) Add filtered I/O to Apache. This is based on bucket brigades,
-+ Currently the buckets still use BUFF under the covers, but that
-+ should change quickly. The only currently written filter is the
-+ core filter which just calls ap_bwrite. [The Apache Group]
-+
-+ *) APR locks on Unix: Let APR_LOCKALL locks work when APR isn't
-+ built with thread support. [Jeff Trawick]
-+
-+ *) Abort configuration if --with-layout was specified and there's
-+ no layout definition file. [Ken Coar]
-+
-+ *) Add support for '--with-port=n' option to configure. [Ken Coar]
-+
-+ *) Add support for extension methods for the Allow response header
-+ field, and an API routine for accessing r->allowed and the
-+ list of extension methods in a unified manner. [Ken Coar]
-+
-+ *) mod_cern_meta: fix broken file reading loop in scan_meta_file().
-+ [Rob Simonson <simo us.ibm.com>]
-+
-+ *) Get xlate builds working again. The apr renaming in 2.0a5 broke
-+ APACHE_XLATE builds. [Jeff Trawick]
-+
-+ *) A configuration file parsing problem was fixed. When the
-+ configuration file started with an IfModule/IfDefine container,
-+ only the last statement in the container would be retained.
-+ [Jeff Trawick]
-+
-+Changes with Apache 2.0a5
-+
-+ *) Perchild is serving pages after passing them to different child
-+ processes. There are still a lot of bugs, but this does work. I
-+ have made requests against the same installation of Apache, and had
-+ different servers use different user IDs to serve the responses.
-+ This change moves to using socketpair instead of an AF_UNIX socket.
-+ [Ryan Bloom]
-+
-+ *) Perchild MPM still doesn't work perfectly, but it is serving pages.
-+ It can't seem to pass between child processes yet, but I think we
-+ are closer now than before. This moves us back to using Unix
-+ Domain Sockets. [Ryan Bloom]
-+
-+ *) libapr functions and types renamed with apr_ prefix.
-+ #include "apr_compat.h" for 1.3.x backwards compat
-+ [Perl]
-+
-+ *) Fix problems with APR sockaddr handling on Win32. It didn't always
-+ return the right information on the local socket address.
-+ [Gregory Nicholls <gnicholls level8.com>]
-+
-+ *) ap_recv() on Win32: Set bytes-read to 0 on error.
-+ [Gregory Nicholls <gnicholls level8.com>]
-+
-+ *) Add an option to not detach from the controlling terminal without
-+ going into single process mode. This allows for much easier
-+ debugging of the process startup code. [Ryan Bloom]
-+
-+ *) ab: don't use perror() to report the failure of an APR function.
-+ [Jeff Trawick]
-+
-+ *) Make dexter, mpmt_pthread, and perchild MPMs not destroy the
-+ scoreboard on graceful restarts.
-+ [Ryan Bloom]
-+
-+ *) Fix segfault/SIGSEGV when running gzip from mod_mime_magic.c.
-+ An invalid ap_proc_t was passed to ap_create_process().
-+ [Jeff Trawick]
-+
-+ *) Allow modules to register filters. Those filters are still
-+ never called, but this is a step in the right direction.
-+ [Ryan Bloom and Greg Stein]
-+
-+ *) Register the mod_cgid daemon process for cleanup so that it is
-+ killed at termination if it does not die when the parent gets
-+ SIGTERM. This change is to fix occasional problems where the
-+ process stays around. Bugs in similar logic in mod_rewrite and
-+ mod_include were also fixed. [Jeff Trawick]
-+
-+ *) Fix a bug in the time handling. Basically, we were imploding a time
-+ in ap_parseHTTPdate, but it had bogus data in the exploded time format.
-+ Namely, tm_usec and tm_gmtoff were not filled out. ap_implode_time
-+ uses those two fields to adjust the time value. Because of the HTTP
-+ spec, both of those values can be zero'ed out safely. This fixes
-+ the bug correctly. [Ryan Bloom]
-+
-+ *) Fix a couple of place in the Windows code where the wrong error
-+ code was being returned. [Gregory Nicholls <gnicholls level8.com>]
-+
-+ *) Fix POOL_DEBUG (at least for prefork mpm). [Dean Gaudet]
-+
-+ *) Added the APR_EOL_STR macro for platform dependent differences in
-+ logfiles and other raw text (such as all APR files). Fixes logfiles
-+ not terminated with cr/lf sequences in Win32. [William Rowe]
-+
-+ *) Move all strings functions in APR to src/lib/apr/strings and create
-+ apr_strings.h for the prototypes. [Ryan Bloom]
-+
-+ *) APR lock fixes: when using SysV sems, flock(), or fcntl(), be sure
-+ to repeat the syscall until we stop getting EINTR. I noticed a
-+ related problem at termination (SIGTERM) on FreeBSD when using
-+ fcntl(). Apache 1.3 had these new loops too. Also, make the flock()
-+ implementation work properly with child init. Previously, ap_lock()
-+ was essentially a no-op because all children were using different
-+ locks and thus nobody ever blocked. [Jeff Trawick]
-+
-+ *) The htdocs/ tree has been moved out of the CVS source tree into
-+ a separate area for easier development. This has NO EFFECT on
-+ end-users or Apache installations. [Ken Coar]
-+
-+ *) Integrate the mod_dav module for WebDAV protocol handling. This
-+ adds the dav and dav_fs modules, the SDBM library, and additional
-+ XML handling utilities. [Greg Stein]
-+
-+ *) Clean out obsolete names (from httpd.h) for the HTTP Status Codes
-+ [Greg Stein]
-+
-+ *) Update the lib/expat-lite/ library (bring forward changes from
-+ the Apache 1.3 repository). [Greg Stein]
-+
-+ *) If sizeof(long long) == sizeof(long), then prefer long in APR
-+ configure.in. [Dave Hill <ddhill zk3.dec.com>]
-+
-+ *) Add ap_sendfile for Tru64 Unix. Also, add an error message for
-+ machines where sendfile is detected, but nobody has written ap_sendfile.
-+ [Dave Hill <ddhill zk3.dec.com>]
-+
-+ *) Compile fixes in mod_mmap_static. [Victor J. Orlikowski]
-+
-+ *) ab would start up more connections than needed, then quit when the
-+ desired number were finished. Also fixed a logic error involving
-+ ab keepalives. [Victor J. Orlikowski]
-+
-+ *) WinNT: Implement non-blocking pipes with timeouts to communicate
-+ with CGIs. Apache 2.0a4 had non-blocking pipes but without
-+ timeouts (i.e, if a timeout was specified, the pipe reverted to
-+ a full blocking pipe). Now the behaviour is more in line with
-+ Unix non-blocking pipes.
-+ [Bill Stoddard]
-+
-+ *) WinNT: Implement accept socket reuse. Using mod_file_cache to
-+ cache open file handles along with accept socket reuse enables
-+ Apache 2.0 to serve non-keepalive requests for static files at
-+ 3x the rate of Apache 1.3.(e.g, Apache 1.3 will serve 400 rps
-+ and Apache 2.0 will serve almost 1200 rps on my system).
-+ [Bill Stoddard]
-+
-+ *) Merge mod_mmap_static function into mod_file_cache. mod_file_cache
-+ supports two config directives, mmapfile (same behavious as
-+ mod_mmap_static) and cachefile. Use the cachefile directive
-+ to cache open file handles. This directive only works on systems
-+ that have implemented the ap_sendfile API. cachefile works today
-+ on Windows NT, but has not been tested on any flavors of Unix.
-+ [Bill Stoddard]
-+
-+ *) Cleanup the configuration. With the last few changes the
-+ configuration process automatically:
-+ inherits information about how to build from APR. Allowing
-+ APR to inform Apache that it should or should not use -ldl
-+
-+ Detects which mod_cgi should be used mod_cgi or mod_cgid,
-+ based on the threading model
-+
-+ Apache calls APR's configure process before finishing it's
-+ configuration processing, allowing for more information flow
-+ between the two.
-+ [Ryan Bloom]
-+
-+
-+ *) Change Unix and Win32 ap_setsockopt() so that APR_SO_NONBLOCK
-+ with non-zero argument makes the socket non-blocking. BeOS and
-+ OS/2 already worked this way. [Jeff Trawick]
-+
-+ *) ap_close() now calls ap_flush() for buffered files, so write
-+ operations work a whole lot better on buffered files.
-+ [Jeff Trawick]
-+
-+ *) Fix error messages issued from MPMs which explain where to change
-+ compiled-in limits (e.g., ThreadsPerChild, MaxClients, StartTreads).
-+ [Greg Ames]
-+
-+ *) ap_create_pipe() now leaves pipes in blocking state. (This helps
-+ reduce the number of syscalls on Unix.) ap_set_pipe_timeout() is
-+ now the way that the blocking state of a pipe is manipulated.
-+ ap_block_pipe() is gone. [Jeff Trawick]
-+
-+ *) Correct the problem where the only local host name that the IP stack
-+ can discover are 'undotted' private names. If no fully qualified
-+ domain name can be identified, the default ServerName will be set to
-+ the machine's IP address string. A warning is always provided if the
-+ ServerName not specified, but assumed. Solves PR6215 [William Rowe]
-+
-+ *) Repair problems with config file processing which caused segfault
-+ at init when virtual hosts were defined and which caused ServerName to
-+ be ignored when there was no valid DNS setup. [Jeff Trawick]
-+
-+ *) Removed pointless ap_is_aborted macro function. [Roy Fielding]
-+
-+ *) Add ap_sendfile implementation for AIX
-+ [Victor J. Orlikowski]
-+
-+ *) Repair C++ compatibility in ap_config.h, apr_file_io.h,
-+ apr_network_io.h, and apr_thread_proc.h.
-+ [Tyler J. Brooks <tylerjbrooks home.com>, Jeff Trawick]
-+
-+ *) Bring the allocation and pool debugging code back into a working
-+ state. This will need to be tested as so far it's only been used on
-+ BeOS. [David Reid]
-+
-+ *) Change configuration command setup to be properly typesafe when in
-+ maintainer mode. Note that this requires a compiler that can initialise
-+ unions. [Ben Laurie]
-+
-+ *) Turn on buffering for config file reads. Part of this was to
-+ repair buffered I/O support in Unix and implement buffered
-+ ap_fgets() for all platforms. [Brian Havard, Jeff Trawick]
-+
-+ *) Win32: Fix problem where UTC offset was not being set correctly
-+ in the access log. Problem reported on news group by Jerry Baker.
-+ [Bill Stoddard]
-+
-+ *) Fix segfault when reporting this type of syntax error:
-+ "</container> without matching <container> section", where
-+ container is VirtualHost or Directory or whatever.
-+ [Jeff Trawick]
-+
-+ *) SECURITY [CAN-2000-1204] (cve.mitre.org):
-+ Prevent the source code for CGIs from being revealed when
-+ using mod_vhost_alias and the CGI directory is under the document root
-+ and a user makes a request like http://www.example.com//cgi-bin/cgi
-+ as reported in <news:960999105.344321 ernani.logica.co.uk>
-+ [Tony Finch]
-+
-+ *) Add support for the new Beos NetwOrking Environment (BONE)
-+ [David Reid]
-+
-+ *) xlate: ap_xlate_conv_buffer() now tells the caller when the
-+ final input char is incomplete; ap_bwrite_xlate() now handles
-+ incomplete final input chars. [Jeff Trawick]
-+
-+ *) Yet another update to saferead/halfduplex stuff -- need to ensure
-+ that a bhalfduplex call occurs before logging or else DNS and
-+ such can delay the last packet of the response. [Dean Gaudet]
-+
-+ *) Some syscall reduction in APR on unix -- don't seek when setting
-+ up an mmap; and don't fcntl() more than once per socket.
-+ [Dean Gaudet]
-+
-+ *) When mod_cgid is started as root, the cgi daemon now switches
-+ to the configured User/Group (like other httpd processes)
-+ instead of continuing as root. [Jeff Trawick]
-+
-+ *) The prefork MPM now uses an APR lock for the accept() mutex.
-+ It has not been getting a lock at all recently. httpd -V now
-+ displays APR's selection of the lock mechanism instead of the
-+ symbols previously respected by prefork. [Jeff Trawick]
-+
-+ *) Change the mmap() feature test to check only for existence.
-+ The previous check required features not used by Apache.
-+ [Greg Ames]
-+
-+ *) Fix a couple of bugs in mod_cgid: The cgi arguments were
-+ sometimes mangled. The len parm to accept() was not
-+ initialized, leading sometimes to an endless loop of failed
-+ accept() calls on OS/390 and anywhere else that failed the call
-+ if the len was negative. Use <sys/un.h> for struct sockaddr_un
-+ instead of declaring it ourselves to fix a compilation problem
-+ on Solaris. [Jeff Trawick]
-+
-+ *) Add Resource limiting code back into Apache 2.0. [Ryan Bloom]
-+
-+ *) Fix zombie process problem with mod_cgi. [Jeff Trawick]
-+
-+ *) Port mod_mmap_static to 2.0. Make it go faster. [Greg Ames]
-+
-+ *) Fix storage overlay when loading dsos. Symptom: Apache dies at
-+ initialization if ALLOC_DEBUG is defined; no known symptom
-+ otherwise. [Jeff Trawick]
-+
-+ *) Fix typo in configure script when checking for mod_so. bash
-+ doesn't seem to have a problem but /bin/sh on Solaris does.
-+ Symptom: "./configure: test: unknown operator =="
-+ [Jeff Trawick]
-+
-+ *) Rebind the Win32 NT and 9x services control into the MPM.
-+ All console, WinNT SCM and Win9x pseudo-service control code is
-+ now wrapped within the WinNT MPM.
-+ [William Rowe]
-+
-+ *) Make a copy of getenv("PATH") before storing for later use. Some
-+ getenv() implementations use the same storage for successive calls.
-+ CGIs on OS/390 had a bad PATH due to this. [Jeff Trawick]
-+
-+ *) Server Tokens work in 2.0 again. This also propogates the change
-+ to allow just the product name in the server string using
-+ PRODUCT_ONLY.
-+ [Ryan Bloom]
-+
-+Changes with Apache 2.0a4
-+
-+ *) EBCDIC: Rearrange calls to ap_checkconv() so that most handlers
-+ won't need to call it. [Greg Ames, Jeff Trawick]
-+
-+ *) Move pre_config hook call to between configuration read and config
-+ tree walk. This allows all modules to implement pre_config hooks
-+ and know that they will be called at an appropriate time.
-+ [Ryan Bloom]
-+
-+ *) mod_cgi, mod_cgid: Make ScriptLog directive work again.
-+ [Jeff Trawick]
-+
-+ *) Add pre-config hooks back to all modules.
-+ [Ryan Bloom]
-+
-+ *) Fix a SIGSEGV in ap_md5digest(), which is used when you have
-+ ContentDigest enabled and we can't/don't mmap the file.
-+ [Jeff Trawick]
-+
-+ *) We now report the correct line number for syntax errors in config
-+ files. [Ryan Bloom, Greg Stein, Jeff Trawick]
-+
-+ *) Brought mod_auth_digest up to synch with 1.3, fixed ap_time_t-
-+ related bugs, and changed shmem/locking to use apr API. Shared-mem
-+ is currently disabled, however, because of problems with graceful
-+ restarts. [Ronald Tschalär]
-+
-+ *) Fix corruption of IFS variable in --with-module= handling.
-+ Depending on the user's shell or customization thereof, there
-+ would be errors generating ap_config_auto.h later in the configure
-+ procedure. [Jeff Trawick]
-+
-+ *) mod_cgi: Restore logging of stderr from child process when ScriptLog
-+ isn't used (as in 1.3), except that on Unix it is now logged via
-+ ap_log_rerror() instead of by the child having STDERR_FILENO refer
-+ to the error log. [Greg Ames, Jeff Trawick]
-+
-+ *) Add '-D' argument processing for run time configuration defines.
-+ [William Rowe]
-+
-+ *) Organize http_main.c as independent code, such that no code or
-+ global data is exported from it. WIN32 will dynamically link it
-+ to the server core, so this will prevent mutual dependency.
-+ [William Rowe]
-+
-+ *) Add separate dynamic linkage tags APR_EXPORT(), APR_EXPORT_NONSTD()
-+ and APR_VAR_EXPORT to correctly resolve apr functions and globals.
-+ [William Rowe]
-+
-+ *) Add Win9x service execution and Ctrl+C/Ctrl+Break/Shutdown handlers.
-+ [William Rowe, Jan Just Keijser <KEIJSERJJ logica.com>]
-+
-+ *) Add mod_charset_lite for configuring character set translation.
-+ [Jeff Trawick]
-+
-+ *) Add '-n' option to htpasswd to make it print its user:pw record
-+ on stdout rather than having to frob a text file. [Ken Coar]
-+
-+ *) Fix saferead. Basically, we flush the output buffer if a read on the
-+ input will block.
-+ [Ryan Bloom]
-+
-+ *) APR: Add ap_xlate_get_sb() so that an app can find out whether or not
-+ a conversion is single-byte only. [Jeff Trawick]
-+
-+ *) BEOS: ap_shutdown should return APR_SUCCESS or errno. Note that
-+ the BeOS 5.0 documentation says that shutdown doesn't work yet.
-+ [Roy Fielding]
-+
-+ *) Fix some minor errors where pid was being manipulated as an int
-+ instead of the portable pid_t. [Roy Fielding]
-+
-+ *) Fix some error log prints that were printing the pointer to a
-+ structure rather than the pid within the structure.
-+ [Jeff Trawick, Roy Fielding]
-+
-+ *) ab: Fix a command-line processing bug; track bad headers in
-+ err_response; support reading headers up to 2K.
-+ [Ask Bjoern Hansen <ask valueclick.com>]
-+
-+ *) Fix ap_resolve_env() so that it handles new function added in a prior
-+ alpha (see "Added the capability to do ${ENVVAR} constructs in the
-+ config file.") as well as the constructs used by mod_rewrite.
-+ [Paul Reder <rederpj raleigh.ibm.com>]
-+
-+ *) Apache 2.0 builds and runs on OS/390. [Jeff Trawick, Greg Ames]
-+
-+ *) Change the EBCDIC support in functions for MD5, SHA1, and base 64 to use
-+ APR to perform translation, instead of accessing the hard-coded tables
-+ in 1.3's ebcdic.c. [Jeff Trawick]
-+
-+ *) Fix some bugs (mostly lost 1.3 code) in ab's command-line processing.
-+ [Jeff Trawick]
-+
-+ *) Add the ability to hook into the config file reading phase. Basically
-+ if a directive is specified EXEC_ON_READ, then when that directive is
-+ read from the config file, the assocaited function is executed. This
-+ should only be used for those directives that must muck with HOW the
-+ server INTERPRETS the config. This should not be used for directives
-+ that re-order or replace items in the config tree. Those changes should
-+ be made in the pre-config step.
-+ [Ryan Bloom]
-+
-+ *) Add mod_example to the build system.
-+ [Tony Finch]
-+
-+ *) APR: Add ap_xlate_conv_byte() to convert one char between single-
-+ byte character sets. [Jeff Trawick]
-+
-+ *) Pick up various EBCDIC fixes from 1.3 (from Martin
-+ Kraemer and Oliver Reh originally according to the change log).
-+ [Jeff Trawick]
-+
-+ *) Fix a couple of problems in RFC1413 support (controlled by the
-+ IdentityCheck directive). Apache did not build the request string
-+ properly and more importantly Apache would loop forever if the
-+ would-be ident server dropped the connection before sending a
-+ properly terminated response. [Jeff Trawick]
-+
-+ *) apxs works in 2.0.
-+ [Ryan Bloom]
-+
-+ *) Reliable piped logs work in 2.0.
-+ [Ryan Bloom]
-+
-+ *) Introduce a hash table implementation into APR to be used for
-+ replacing tables and other random data structures in Apache.
-+ [Tony Finch]
-+
-+ *) Add some more error reporting to htpasswd in the case of problems
-+ generating or accessing the temporary file. Also, pass in a
-+ buffer if the implementation knows how to use it (i.e., if L_tmpnam
-+ is defined). [Ken Coar]
-+
-+ *) Configure creates config.nice now containing your configure
-+ options. Syntax: ./config.nice [--more-options]
-+ [Sascha Schumann]
-+
-+ *) Fix various return code problems in APR on Win32. For most of
-+ these, APR was returning APR_EEXIST instead of GetLastError()/
-+ WSAGetLastError(). [Jeff Trawick]
-+
-+ *) Make piped logs work again in version 2.0
-+ [Ryan Bloom]
-+
-+ *) Add VPATH support to UNIX build system of Apache and APR.
-+ [Sascha Schumann]
-+
-+ *) Fix ap_tokenize_to_argv to respect the const arguments that are
-+ passed to it.
-+ [Ryan Bloom]
-+
-+ *) Fix mm's memcpy/memset macros, pointer arithmetic was broken.
-+ Patch submitted to author.
-+ [Sascha Schumann]
-+
-+ *) Fix mm configuration on Solaris 8 x86 and OS/390. Don't require
-+ /sbin in PATH on FreeBSD (all submitted to rse previously)
-+ [Jeff Trawick]
-+
-+ *) Fix building Pthread-based MPMs on OpenBSD
-+ [Sascha Schumann] PR#26
-+
-+ *) Fix ap_readdir() problem on systems where d_name[] field in
-+ struct dirent is declared with only one byte. (This problem only
-+ affected multithreaded builds.) This caused a segfault during
-+ pool cleanup with mod_autoindex on Solaris (Solaris 8 x86, at
-+ least). [Jeff Trawick]
-+
-+ *) Fix some make-portability problems on at least Tru64, Irix
-+ and UnixWare.
-+ [Sascha Schumann] PR#18, PR#39
-+
-+ *) Add ap_sigwait() to support old-style sigwait() on systems
-+ like OS/390 and UnixWare.
-+ [Sascha Schumann]
-+
-+ *) Add POSIX-thread flags for more platforms.
-+ [Sascha Schumann]
-+
-+ *) Fix some minor bugs in ap_strerror(). Teach ap_strerror()
-+ (on Unix, at least) to handle resolver errors. Fix a bug in
-+ the definition of APR_ENOMEM so that ap_strerror() can spit
-+ out the correct error message for it.
-+ [Jeff Trawick]
-+
-+Changes with Apache 2.0a3
-+
-+ *) mod_so reports ap_os_dso_error() if ap_dso_load() fails
-+ [Doug MacEachern]
-+
-+ *) API: *HOOK* macros now have an AP_ prefix
-+ [Doug MacEachern]
-+
-+ *) Win32: Eliminate redundant calls to initialize winsock.
-+ [Tim Costello <timcostello ozemail.com.au>]
-+
-+ *) Fix bugs initializing ungetchar for pipes.
-+ [Chia-liang Kao <clkao CirX.ORG>]
-+
-+ *) The ab program in the src/support directory is now portable using
-+ APR.
-+ [Ryan Bloom]
-+
-+ *) Support directory is being compiled when the server is built
-+ [Ryan Bloom]
-+
-+ *) The configure option --with-program-name has been added to allow
-+ developers to rename the executable at configure time. This also
-+ changes the name of the config files to match the executable's name.
-+ [Ryan Bloom]
-+
-+ *) mod_autoindex: Add `IndexOptions +VersionSort', to nicely sort filenames
-+ containing version numbers. [Martin Pool]
-+
-+ *) ap_open(..,APR_OS_DEFAULT,..) uses perms 0666 instead of 0777 on
-+ Unix; access_log and error_log now created with these perms; non-
-+ Unix is unaffected [Jeff Trawick]
-+
-+ *) Finished move of ap_md5 routines to apr_md5. Removed ap_md5.h.
-+ Replaced more magic numbers with MD5_DIGESTSIZE.
-+ [William Rowe, Roy Fielding]
-+
-+ *) Win32: Get mod_auth_digest compiling and added to the Windows
-+ build environment. Not tested and I'd be suprised if it
-+ actually works. [Bill Stoddard]
-+
-+ *) Revamp the Win32 make environment. Makefiles have been removed and
-+ Apache.dsw created to bring together all the pieces. Create new file
-+ os/win32/BaseAddr.ref to define module base addresses (to prevent
-+ dll relocation at start-up).
-+ [William Rowe, Greg Marr, Tim Costello, Bill Stoddard]
-+
-+ *) [EBCDIC] Port Paul Gilmartin's CRLF patch from 1.3. This replaces most
-+ of the \015, \012, and \015\012 constants with macros.
-+ [Greg Ames]
-+
-+ *) Add ap_xlate_open() et al for translation of text between different
-+ character sets. The initial implementation requires iconv().
-+ [Jeff Trawick]
-+
-+ *) More FAQs and answers from comp.infosystems.www.servers.unix.
-+ [Joshua Slive <slive finance.commerce.ubc.ca>]
-+
-+ *) CGI output is being timed out now.
-+ [Ryan Bloom]
-+
-+ *) Fix the problem with dieing quietly. dupfile now takes a pool which
-+ is used by the new apr file. There is no reason to create a new file
-+ with the same lifetime as the original file.
-+ [Ryan Bloom]
-+
-+ *) Win32: Attempt to eliminate dll relocation at start-up by specifying
-+ module base addresses. This will help shooting seg faults
-+ in the field. [William Rowe <wrowe lnd.com>]
-+
-+ *) Update Apache on Windows documentation. Add new document
-+ describing how to compile Apache on Windows.
-+ [William Rowe <wrowe lnd.com>]
-+
-+ *) ap_set_pipe_timeout(), ap_poll(), and APR_SO_TIMEOUT now take
-+ microseconds instead of seconds. Some storage leaks and other
-+ minor bugs in related code were fixed. [Jeff Trawick]
-+
-+ *) Win32: First cut at getting mod_isapi working under 2.0
-+ [William Rowe <wrowe lnd.com>]
-+
-+ *) First stab at getting mod_auth_digest working under 2.0
-+ quick change summary:
-+ - moved the random byte generation (ap_generate_random_bytes) into APR
-+ - now uses ap_time_t
-+ - compiles and runs on linux
-+ - tested with amaya
-+ [Brian Martin <bmartin penguincomputing.com>]
-+
-+ *) Win32: Move the space stripping of physical service names
-+ fix up from Apache 1.3. #include'ing "ap_mpm.h" fixes up an
-+ unresolved symbol. Add dependency checking to the
-+ CreateService call to ensure TCPIP and AFP (winsock) is started
-+ before Apache.
-+ [William Rowe <wrowe lnd.com>]
-+
-+ *) Win32: Add code to perform latebinding on functions that may
-+ not exist on all levels of Windows where Apache runs. This
-+ is needed to allow Apache to start-up on Win95/98. All calls
-+ to non portable functions should be protected with
-+ ap_oslevel checks to prevent runtime segfaults.
-+ [William Rowe <wrowe lnd.com>]
-+
-+ *) Fix fallback default values for SHM_R and SHM_W [Martin Kraemer]
-+
-+ *) Get lingering_close() working again. [Dean Gaudet, Jeff Trawick]
-+
-+ *) Win32: Get non-blocking CGI pipe reads working under Windows NT.
-+ This addresses PR 1623. Still need to address timing out runaway
-+ CGI scripts. [Bill Stoddard]
-+
-+ *) Win32: Make ap_stat Windows 95/98 friendly
-+ [William Rowe <wrowe lnd.com>]
-+
-+ *) Win32: Fix a bug in ap_get_oslevel which causes GetVersionEx() to
-+ always fail. Need to initialise the dwOSVersionInfoSize member of the
-+ OSVERSIONINFO struct before calling GetVersionEx, so GetVersionEx
-+ always fails.
-+
-+ The patch also enhances ap_get_oslevel (and the associated enum) to
-+ handle selected service packs for NT4, and adds recognition for
-+ Windows 2000. This is useful, eg. if we can recognise NT4 SP2 then
-+ we can use ReadFileScatter and WriteFileGather in readwrite.c.
-+ [Tim Costello <Tim.Costello BTFinancialgroup.com>]
-+
-+ *) Get mod_rewrite building and running, and mod_status building for Win NT
-+ [Allan Edwards <ake raleigh.ibm.com>]
-+
-+ *) Patch to port mod_auth_db to the 2.0 api and also to support
-+ Berlekey DB 3.0. It works for me with both Berkeley DB 3.0.55 and
-+ 2.7.7. It should work with version 1 as well but I haven't tested it.
-+ [Brian Martin <bmartin penguincomputing.com>]
-+
-+ *) Get APR DSO code working under Windows. Includes cross platform
-+ fixes to mod_so.c.
-+ [<Tim.Costello BTFinancialgroup.com>]
-+
-+ *) Fix some of the Windows APR time functions.
-+ [William Rowe]
-+
-+ *) FAQ changes related to tidying up historical documents on the web site.
-+ [Joshua Slive <slive finance.commerce.ubc.ca>]
-+
-+ *) Move Windows DSO code into APR.
-+ [Bill Stoddard]
-+
-+ *) Eliminate apr_win.h and apr_winconfig.h (and the ugly #ifdefs they cause).
-+ Now, apr.h and apr_config.h are generated from apr.hw and apr_config.hw
-+ at build time. At this point, the server will not compile on Windows because
-+ of the recent DSO commits. Fixing those next.
-+ [Bill Rowe & Bill Stoddard]
-+
-+ *) Added error checking for file I/O APR routines.
-+ [Jon Travis <jtravis covalent.net>]
-+
-+ *) APR: Don't use the values of resolver error codes for the
-+ corresponding APR error codes. On Unix and Win32, return the
-+ proper APR error code after a resolver error. [Jeff Trawick]
-+
-+Changes with Apache 2.0a2
-+
-+ *) Renamed the executable back to httpd on all platforms other
-+ than Win32
-+ [Ryan Bloom]
-+
-+ *) Allow BeOS to survive restarts, log properly and a few
-+ small things it had problems with due to the way it setup
-+ users and groups. [David Reid]
-+
-+ *) Get mod_rewrite working with APR locks
-+ [Paul Reder <rederpj raleigh.ibm.com>]
-+
-+ *) Actually remove the sempahore when the lock cleanup routine
-+ is called on BeOS. [David Reid]
-+
-+ *) Clear hook registrations between reads of the config file.
-+ When DSOs are unloaded and re-loaded the old hook pointers may
-+ no longer be valid. This fix eliminates potential segfaults.
-+ [Allan Edwards <ake raleigh.ibm.com>]
-+
-+ *) Fix a problem with Sigfunc not being defined or bypassed
-+ if sigaction() wasn't found. [Jim Jagielski]
-+
-+ *) Fix the locking mechanism on BSD variants. They now use fcntl
-+ locks. This allows the server to start and serve pages.
-+ [Ryan Bloom]
-+
-+ *) First cut at getting the Win32 installer to work
-+ [William Rowe <wrowe lnd.com>]
-+
-+ *) Get htpasswd compiling under Windows
-+ [William Rowe <wrowe lnd.com>]
-+
-+ *) Change the log message for a bind() failure to show the
-+ interface and port number. [Jeff Trawick]
-+
-+ *) Import the documentation from 1.3.12 and bring parts of it
-+ up-to-date with respect to the changes that have occurred
-+ in 2.0.
-+ [Tony Finch]
-+
-+ *) BeOS MPM updated. CGI bug on BeOS fixed. IP addresses
-+ now logged correctly on BeOS.
-+ [David Reid]
-+
-+ *) Create one makefile for all Win32 distributions (NT/2000/95/98).
-+ Makefile.win includes the same user interface as the old
-+ Makefile.nt
-+ [William Rowe <wrowe lnd.com>, Jeff Trawick <trawick us.ibm.com>]
-+
-+ *) Win32 exec now uses COMSPEC environment string for command
-+ shell path resolution.
-+ [William Rowe <wrowe lnd.com>] PR#3715
-+
-+ *) Win32: ap_connect() was not returning correct error condition
-+ PR5866
-+ [Allen Prescott <allen clanprescott.com>]
-+
-+ *) Win32: ap_open() was broken on Win9x because an NT-specific
-+ flag was passed to CreateFile. ap_puts() added an unnecessary
-+ '\n'.
-+ [Jeff Trawick <trawick us.ibm.com>]
-+
-+ *) Put in Korean and Norwegian index.html pages (2.0 and 1.3)
-+ which where donated by Lee Kuk Hyun and Lorant Czaran. 'Fixed'
-+ confusing ee/et name and made all extensions language/dialect
-+ rather than country reflecting. Changed example files to
-+ explicit reflect the ISO charset and added a few common
-+ ones to the example config [dirkx]
-+
-+ *) Extend external module capability. To use this, you call
-+ configure with --with-module=path/to/mod1,path/to/mod2,etc.
-+ [Ryan Bloom]
-+
-+ *) Backported the various "default charset" fixes from 1.3.12,
-+ including the AddDefaultCharset directive. [Jim Jagielski]
-+
-+ *) Added the capability to do ${ENVVAR} constructs in the
-+ config file. E.g. 'ServerAdmin ${POSTMASTER}'. As commited
-+ it does this on a line by line basis; i.e. if the envvar
-+ expands to something with spaces you have to protect it
-+ by adding quotes around it (Unless of course you expect it
-+ to contains more than one argument. Alternatively you
-+ can compile it on a per token basis; which is what people
-+ usually expect by setting RESOLVE_ENV_PER_TOKEN. But this
-+ hampers fancier hacks.
-+ [Dirk-Willem van Gulik]
-+
-+ *) Changed the 'ErrorDocument' syntax in that it NO longer
-+ supports the asymetric
-+
-+ ErrorDocument 301 "Some message
-+
-+ Note the opening " quote, without a closing quote. It now
-+ has either the following syntaxes
-+
-+ ErrorDocument XXX /local/uri
-+ ErrorDocument XXX http://valid/url
-+ ErrorDocument XXX "Some Message"
-+
-+ The recognition heuristic is: if it has a space it
-+ is a message. If it has no spaces and starts with a /
-+ or is a valid URL then treat it that way. Otherwise it
-+ is assumed to be a message.
-+
-+ This breaks backward compatibility but makes live a hell
-+ of a lot easier for GUI's and config file parsers.
-+ [Dirk-Willem van Gulik]
-+
-+ *) Changed 'CacheNegotiatedDocs' from its present/not-present
-+ syntax into a 'on' or 'off' syntax. As it currently is the
-+ only non nesting token which uses NO_ARGS and thus is an
-+ absolute pain for any config interface automation. This
-+ breaks backward compatibility. [Dirk-Willem van Gulik]
-+
-+ *) Add ability to add external modules to the build process. This is
-+ done with --with-module=/path/to/module. Modules can only be added
-+ as static modules at this point.
-+ [Ryan Bloom]
-+
-+Changes with Apache 2.0a1
-+
-+ *) Fix FreeBSD 3.3 core dump.
-+ Basically, ap_initialize() needs to get called before
-+ create_process(), since create_process() passes op_on structure
-+ to semop() to get a lock, but op_on isn't initialized until
-+ ap_initialize() calls setup_lock(). Here is a slight
-+ rearrangement to main() which calls ap_initialize() earlier...
-+ [Jeff Trawick <trawick us.ibm.com>]
-+
-+ *) Enable Apache to use sendfile/TransmitFile API
-+ [Bill Stoddard, David Reid, Paul Reder]
-+
-+ *) Re-Implement Win32 APR network I/O APIs and most of the file I/O
-+ APIs.
-+ [Bill Stoddard]
-+
-+ *) Make file I/O and network I/O writev/sendv APIs consistent.
-+ Eliminate use of ap_iovec_t and use Posix struct iovec.
-+ Use seperate variable on ap_writev to set the number of iovecs
-+ passed in and number of bytes written.
-+ [Bill Stoddard]
-+
-+ *) Adapt file iol to use APR functions. Replaced ap_open_file()
-+ with ap_create_file_iol(). ap_create_file_iol() requires that
-+ the file be opened prior to the call using ap_open().
-+ [Bill Stoddard]
-+
-+ *) Port mod_include and mod_cgi to 2.0
-+ [Paul Reder, Bill Stoddard]
-+
-+ *) ap_send{,v}, ap_recv, ap_sendfile API clarification --
-+ bytes_read/bytes_written is always valid (never -1). Plus
-+ some fixes to buff.c to correct problems introduced by the
-+ errno => ap_status_t changes a while back. Plus a fix to
-+ chunked encoding introduced right at the beginning of 2.0.
-+ [Dean Gaudet]
-+
-+ *) Revamped UNIX build system to use autoconf and libtool.
-+ [Manoj Kasichainula, Sascha Schumann]
-+
-+ *) port mod_rewrite to 2.0. [Paul J. Reder <rederpj raleigh.ibm.com>]
-+
-+ *) SECURITY: More rigorous checking of Host: headers to fix security
-+ problems with mass name-based virtual hosting (whether using mod_rewrite
-+ or mod_vhost_alias).
-+ [Ben Hyde, Tony Finch]
-+
-+ *) Add back support for UseCanonicalName in <Directory> containers.
-+ [Manoj Kasichainula]
-+
-+ *) Added APLOG_STARTUP log type. This allows us to write an error
-+ message without any of the date and time information. As a part
-+ of this change, I also removed all of the calls to fprintf(stderr
-+ and replaced them with calls to ap_log_error using APLOG_STARTUP
-+ writing to stderr is no longer portable, because we don't direct
-+ stderr to the error log on all platforms.
-+ [Ryan Bloom]
-+
-+ *) Convert error logging functions to take errno as an argument.
-+ This makes our error logs more portable, because some Windows API's
-+ don't set errno. This change allows us to still output a valid
-+ message on all of our platforms.
-+ [Ryan Bloom]
-+
-+ *) mod_mime_magic runs in 2.0-dev now.
-+ [Paul Reder <rederpj raleigh.ibm.com>]
-+
-+ *) sendfile has been added to APR.
-+ [John Zedlewski <zedlwski Princeton.EDU>]
-+
-+ *) buff.c has been converted to no longer use errno.
-+ [Manoj Kasichainula]
-+
-+ *) mod_speling runs in 2.0-dev now: a bug in readdir_r handling and
-+ interface adaption to APR functions did it. [Martin Kraemer]
-+
-+ *) Support DSOs properly on 32-bit HP-UX 11.0
-+ [Dilip Khandekar <dilip cup.hp.com>]
-+
-+ *) Updated MM in APR source tree from version 1.0.8 to 1.0.11
-+ [Ralf S. Engelschall]
-+
-+ *) Cleaned APR build environment integration and bootstrap APR
-+ automatically for developers from src/Configure.
-+ [Ralf S. Engelschall]
-+
-+ *) Fixed building of src/support/htpasswd.c
-+ [Ralf S. Engelschall]
-+
-+ *) When generating the Location: header, mod_speling forgot
-+ to escape the spelling-fixed uri. (Forw-Port from 1.3)
-+ [Martin Kraemer]
-+
-+ *) Moved mod_auth_digest.c from experimental to standard. [Roy Fielding]
-+
-+ *) Change all pools to APR contexts. This is the first step to
-+ incorporating APR into Apache. [Ryan Bloom]
-+
-+ *) Move "handler not found" warning message to below the check
-+ for a wildcard handler. [Dirk <dirkm teleport.com>, Roy Fielding]
-+ PR#2584, PR#2751, PR#3349, PR#3436, PR#3548, PR#4384, PR#4795, PR#4807
-+
-+ *) Support line-continuation feature in config.option file and
-+ allow the loading of multiple option sections at once via
-+ ``--with-option=<section1>,<section2>,...''
-+ [Ralf S. Engelschall]
-+
-+ *) Rebuilt CVS repository with Apache 1.3.9 as basis. [Roy Fielding]
-+
-+Changes with Apache MPM
-+
-+ *) Use asynchronous AcceptEx() and a completion port to accept and
-+ dispatch connections to threads in Windows NT/2000.
-+ [Bill Stoddard]
-+
-+ *) Implement WINNT Win32 MPM from original Win32 code in http_main.c
-+ [Bill Stoddard]
-+
-+ *) Implement the APACI --with-option facility
-+ (per default used the config.option file).
-+ [Ralf S. Engelschall]
-+
-+ *) MPM BEOS port. [David Reid <abb37 dial.pipex.com>]
-+
-+ *) Start to implement module-defined hooks that are a) fast and b) typesafe.
-+ Replace pre_connection module call with a register_hook call and
-+ implement pre_connection as a hook. The intent is that these hooks will
-+ be extended to allow Apache to be multi-protocol, and also to allow the
-+ calling order to be specified on a per-hook/per-module basis.
-+ [Ben Laurie]
-+
-+ *) Implement mpm_* methods as "modules". Each method gets its own
-+ subdir in src/modules (eg: src/modules/prefork). Selection
-+ of method uses Rule MPM_METHOD. [Jim Jagielski]
-+
-+ *) Port the hybrid server from the apache-apr repository as
-+ mpm_mpmt_pthread. [Manoj Kasichainula]
-+
-+ *) os/unix/unixd.[ch]: detach, setuid, setgid, stuff which will be common
-+ amongst the unix MPMs.
-+
-+ *) mpm_prefork: throw away all the alarm/timeout crud; and clean up the
-+ signal handling for the new world order. [Dean Gaudet]
-+
-+ *) Crude ap_thread_mutex abstraction so that we get the pthread stuff out
-+ of alloc.c for now. [Dean Gaudet]
-+
-+ *) Handle partial large writes correctly. [Ben Laurie]
-+
-+ *) Eliminate conn_rec's pointer to server. All it knows is the base server
-+ based on IP/port. [Ben Laurie]
-+
-+ *) Port a bunch of modules to the new module structure.
-+ ["Michael H. Voase" <mvoase midcoast.com.au>]
-+
-+ *) I/O layering and BUFF revamp. See docs/buff.txt. [Dean Gaudet]
-+
-+ *) Basic restructuring to introduce the MPM concept; includes various
-+ changes to the module API... better described by
-+ docs/initial_blurb.txt. [Dean Gaudet]
-+
-+Changes with Apache pthreads
-+
-+ *) New buff option added: BO_TIMEOUT. It describes the timeout for
-+ buff operations (generally over a network).
-+ [Dean Gaudet, Ryan Bloom, Manoj Kasichainula]
-+
-+ *) Created http_accept abstraction. Added 4 new functions (not exported):
-+ init_accept(), begin_accepting_requests(), get_request(),
-+ stop_accepting_requests() [Bill Stoddard]
-+
-+ *) Fix to ap_rprintf call that allows mod_info to work properly.
-+ [James Morris <jmorris intercode.com.au>]
-+
-+ *) user and ap_auth_type fields were moved from connection_rec to
-+ request_rec. [Ryan Bloom]
-+
-+ *) Removed the ap_block_alarms and ap_unblock_alarm calls. These aren't
-+ needed in a threaded server.
-+
-+ *) Initial pthread implementation from from Dean's apache-nspr code.
-+ [Bill Stoddard, Ryan Bloom]
-+
-+
-+Changes with Apache 1.3.9
-+
-+ *) Remove bogus error message when a redirect doesn't set Location.
-+ Instead, use an empty string to avoid coredump if the error message
-+ was supposed to include a location. [Roy Fielding]
-+
-+ *) Don't allow configure to include mod_auth_digest unless it is
-+ explicitly requested, even if the user asked for all modules.
-+ [Roy Fielding]
-+
-+ *) Translate module names to dll names for OS/2 so that they are no more
-+ than 8 characters long and have an extension of "dll" instead of "so".
-+ [Brian Havard]
-+
-+ *) Print out pointer to Rule DEV_RANDOM when truerand lib not found.
-+ Fix test-compile check to check for randbyte instead of trand32.
-+ Use ap_base64encode_binary/decode instead of copy in mod_auth_digest.c
-+ and tweak to make Amaya happier. [Ronald Tschalär]
-+
-+ *) Ensure that the installed expat include files are world readable,
-+ just like the other header files. [Martin Kraemer]
-+
-+ *) Fixed generated AddModule adjustments in APACI's `configure' script
-+ in order to allow (new) modules like mod_vhost_alias to be handled
-+ correctly (which was touched by the adjustments for mod_alias).
-+ [Ralf S. Engelschall]
-+
-+ *) For binary builds, add -R flag to apachectl to work around the lack of
-+ an absolute path to the ./libexec directory where the libhttp.ep file
-+ is needed for SHARED_CORE architectures. [Randy Terbush]
-+
-+ *) WIN32: Create the CGI script process as DETACHED. This may solve the
-+ problem observed by some Win95/98 users where they get CGI script
-+ output sent to the console. [Bill Stoddard]
-+
-+ *) Fix (re)naming in the uuencode/decode section. The ap/ap_
-+ routines are now called ap_base64* and are 'plain' (i.e., no
-+ pool access or anything clever). Inside util.c the routines acting
-+ like pstrdup are called ap_pbase64encode() and ap_pbase64decode().
-+ The oddly named ap_uuencode(), ap_uudecode() are kept around for
-+ now but deprecated. [dirkx]
-+
-+ *) Clean up the base64 and SHA1 additions and make sure they are
-+ represented in the ApacheCore.def, ApacheCoreOS2.def, and httpd.exp
-+ files. [Roy Fielding]
-+
-+ *) WIN32: Migrate to InstallShield 5.5 and provide a bit more error
-+ checking. Allow compiling on VS 6.0. [Randy Terbush]
-+
-+ *) Fixed assumption of absolute paths in binbuild.sh. [Tony Finch]
-+
-+ *) Use TestCompile to search for the truerand library (rather than blindly
-+ assuming its existence). If it is not found, complain (but do not
-+ exit - yet). [Martin Kraemer]
-+
-+ *) We forgot to add the new exported function names to
-+ src/support/httpd.exp. [Bill Stoddard, Randy Terbush]
-+
-+ *) Add description of -T command-line option to usage().
-+ [Ralf S. Engelschall]
-+
-+ *) For "some" platforms (notably, EBCDIC based ones), libos needs to be
-+ searched only AFTER libap has been searched, because libap needs
-+ some symbols from libos. [Martin Kraemer]
-+
-+ *) Fix conflict with original mod_digest related to the symbol of the
-+ module dispatch list (which has to be unique for DSO and follow the
-+ usual conventions for the installation procedure).
-+ [Ralf S. Engelschall]
-+
-+ *) Add a dbm-library check for the "usual places" (-ldbm, -lndbm, -ldb)
-+ for other platforms as well. [Martin Kraemer]
-+
-+ *) Make ap_sha1.c compile for EBCDIC platforms: replace remaining LONG
-+ types by AP_LONG and replace reference to renamed variable 'ubuf'
-+ by 'buffer'. [Martin Kraemer]
-+
-+Changes with Apache 1.3.8 [not released]
-+
-+ *) Flush the output buffer immediately after sending an error or redirect
-+ response, since the result may be needed by the client to abort a
-+ long data transfer or restart a series of pipelined requests.
-+ [Tom Vaughan <tvaughan aventail.com>, Roy Fielding]
-+
-+ *) PORT: Improved compilation and DSO support on Sequent DYNIX/ptx.
-+ [Ian Turner <iant sequent.com>] PR#4735
-+
-+ *) Local struct mmap in http_core.c conflicted with system structure
-+ name on DYNIX -- changed to mmap_rec. [Roy Fielding] PR#4735
-+
-+ *) Added updated mod_digest as modules/experimental/mod_auth_digest.
-+ [Ronald Tschalär <ronald innovation.ch>]
-+
-+ *) Fix a memory leak where the module counts were getting messed
-+ up across restarts. [David Harris <dharris drh.net>]
-+
-+ *) CIDR addresses such as a.b.c.d/24 where d != 0 weren't handled
-+ properly in mod_access.
-+ ["Paul J. Reder" <rederpj raleigh.ibm.com>] PR#4770
-+
-+ *) RewriteLock/RewriteMap didn't work properly with virtual hosts.
-+ [Dmitry Khrustalev <dima bog.msu.su>] PR#3874
-+
-+ *) PORT: Support for compaq/tandem/com.
-+ [Michael Ottati <michael.ottati compaq.com>, dirkx]
-+
-+ *) Added SHA1 password encryption support to easy migration from
-+ Netscape servers. See support/SHA1 for more information.
-+ Caused the separation of ap_md5.c into md5, sha1 and a general
-+ ap_checkpass.c with just a validate_passwd routine. Added a
-+ couple of flags to support/htpasswd. Some reuse of the to64()
-+ function; hence renamed to ap_to64().
-+ [Dirk-Willem van Gulik, Clinton Wong <clintdw netcom.com>]
-+
-+ *) Change for EBCDIC platforms (TPF and BS2000) to correctly deal
-+ with ASCII/EBCDIC conversions in "ident" query.
-+ [David McCreedy <McCreedy us.ibm.com>]
-+
-+ *) Get rid of redefinition warning on MAC_OS_X_SERVER platform.
-+ Change "Power Macintosh" to Power* so if uname prints "Power Book"
-+ we're still happy on Rhapsody platforms. [Wilfredo Sanchez]
-+
-+ *) Fix SIGSEGV on some systems because the Vary fix below included
-+ a call to table_do with a variable argument list that was not
-+ NULL terminated. Replaced with better implementation. [Roy Fielding]
-+
-+Changes with Apache 1.3.7 [not released]
-+
-+ *) The "Vary" response header field is now sanitised right before
-+ the header is sent back to the client. Multiple "Vary" fields
-+ are combined, and duplicate tokens (e.g., "Vary: host, host" or
-+ "Vary: host, negotiate, host, accept-language") are reduced to
-+ single instances. This is a better solution than the force-no-vary
-+ one (which is still valid for clients that can't cope with Vary
-+ at all). PR#3118 [Dean Gaudet, Roy Fielding, Ken Coar]
-+
-+ *) Portability changes for BeOS. [David Reid <abb37 dial.pipex.com>]
-+
-+ *) Link DSO's with "gcc -shared" instead of "ld -Bshareable" at
-+ least on Linux and FreeBSD for now.
-+ [Rasmus Lerdorf]
-+
-+ *) Win32: More apache -k restart work. Restarts are now honored
-+ immediately and connections in the listen queue are -not- lost.
-+ This is made possible by the use of the WSADuplicateSocket()
-+ call. The listeners are opened in the parent, duplicated, then
-+ the duplicates are passed to the child. The original listen sockets
-+ are not closed by the parent across a restart, thus the listen queue
-+ is preserved.
-+ [Bill Stoddard <stoddard raleigh.ibm.com>]
-+
-+ *) Fix handling of case when a client has sent "Expect: 100-continue"
-+ and we are going to respond with an error, but get stuck waiting to
-+ discard the body in the pointless hope of preserving the connection.
-+ [Roy Fielding, Joe Orton <jeo101 york.ac.uk>] PR#4499, PR#3806
-+
-+ *) Fix 'configure' to work correctly with SysV-based versions of
-+ 'tr' (consistent with Configure's use as well). [Jim Jagielski]
-+
-+ *) apxs: Add "-S var=val" option which allows for override of CFG_*
-+ built-in values. Add "-e" option which works like -i but doesn't
-+ install the DSO; useful for editing httpd.conf with apxs. Fix
-+ editing code so that multiple invocations of apxs -a will not
-+ create duplicate LoadModule/AddModule entries; apxs can now be
-+ used to re- enable/disable a module. [Wilfredo Sanchez]
-+
-+ *) Win32: Update the server to use Winsock 2. Specifically, link with
-+ ws2_32.lib rather than wsock32.lib. This gives us access to
-+ WSADuplcateSocket() in addition to some other enhanced comm APIs.
-+ Win 95 users may need to update their TCP/IP stack to pick up
-+ Winsock 2. (See http://www.microsoft.com/windows95/downloads/)
-+ [Bill Stoddard <stoddard raleigh.ibm.com>]
-+
-+ *) Win32: Redirect CGI script stderr (script debug info) into the
-+ error.log when CGI scripts fail. This makes Apache on Win32
-+ behave more like Unix.
-+ [Bill Stoddard <stoddard raleigh.ibm.com>]
-+
-+ *) Fixed `httpd' usage display: -D was missing.
-+ [Ralf S. Engelschall] PR#4614
-+
-+ *) Fix `make r' test procedure in src/regex/: ap_isprint was not found.
-+ [Ralf S. Engelschall] PR#4561, PR#4562
-+
-+ *) OS/2: Fix problem with accept lock semaphores where server would die with
-+ "OS2SEM: Error 105 getting accept lock. Exiting!"
-+ [Brian Havard] PR#4505
-+
-+ *) Add DSO support for DGUX 4.x using gcc. Tested on x86 platforms.
-+ [Randy Terbush <randy covalent.net>]
-+
-+ *) Add the new mass-vhost module (mod_vhost_alias.c) developed and
-+ used by Demon Internet, Ltd. [Tony Finch <fanf demon.net>]
-+
-+ *) Better GCC detection for DSO flags under Solaris 2 where the `cc'
-+ command potentially _is_ GCC. [Ralf S. Engelschall]
-+
-+ *) Fix apxs build issues on AIX
-+ [Rasmus Lerdorf <rasmus raleigh.ibm.com>]
-+
-+ *) DocumentRoot Checking: Under previous versions, when Apache
-+ first started up, it used to do a stat of each DocumentRoot to
-+ see if it existed and was a directory. If not, then an error
-+ message was printed. THIS HAS BEEN DISABLED. If DocumentRoot
-+ does not exist, you will get error messages in error_log. If
-+ the '-t' command line option is used (to check the configuration)
-+ the check of DocumentRoot IS performed. An additional command
-+ line option, '-T', has been added if you want to avoid the
-+ DocumentRoot check even when checking the configuration.
-+ [Jim Jagielski]
-+
-+ *) Win32: The query switch "apache -S" didn't exit after showing the
-+ vhost settings. That was inconsistent with the other query functions.
-+ [Bill Stoddard - Fixed by Martin on Unix in 1.3.4]
-+
-+ *) Win32: Changed behaviour of apache -k restart.
-+ Previously, the server would drain all connections in the stack's
-+ listen queue before honoring the restart. On a busy server, this
-+ could take hours. Now, a restart is honored almost immediately.
-+ All connections in Apache's queues are handled but connections in
-+ the stack's listen queue are discarded. Restart triggered by
-+ MaxRequestPerChild is unchanged.
-+ [Bill Stoddard <stoddard raleigh.ibm.com>]
-+
-+ *) Win32: Eliminated unnecessary call to wait_for_multiple_objects in
-+ the accept loop. Good for a 5% performance boost. Cleaned up
-+ parent/child process management code.
-+ [Bill Stoddard <stoddard raleigh.ibm.com>]
-+
-+ *) Added ceiling on file size for memory mapped files.
-+ [John Giannandrea <jg meer.net>] PR#4122
-+
-+ *) Fix ndbm.h include problems with brain-dead glibc >= 2.1 which
-+ has ndbm.h in a non-standard db1/ subdir. PR#4431, PR#4528
-+ [Henri Gomez <gomez slib.fr>, Ralf S. Engelschall]
-+
-+ *) Determine AP_BYTE_ORDER for ap_config_auto.h and already
-+ use this at least for Expat. [Ralf S. Engelschall]
-+
-+ *) Allow .module files to specify libraries with Lib:.
-+ [Ben Laurie]
-+
-+ *) Allow SetEnvIf[NoCase] to test environment variables as well
-+ as header fields and request attributes. [Ken Coar]
-+
-+ *) Fix mod_autoindex's handling of ScanHTMLTitles when file
-+ content-types are "text/html;parameters". PR#4524 [Ken Coar]
-+
-+ *) Remove "mxb" support from mod_negotiation -- it was a draft feature
-+ never accepted into any standard, and it opens up certain DoS
-+ attacks. [Koen Holtman <Koen.Holtman cern.ch>]
-+
-+ *) TestCompile updated. We can now run programs and output the
-+ results during the Configure process. [ Jim Jagielski]
-+
-+ *) The source is now quad (long long) aware as needed. Specifically,
-+ the Configure process determines the correct size of off_t and
-+ *void. When the OS/platform/compiler supports quads, ap_snprintf()
-+ provides for the 'q' format qualifier (if quads are not available,
-+ 'q' is silently "demoted" to long). [Jim Jagielski]
-+
-+ *) When the username or password fed to htpasswd is too long, include the
-+ size limit in the error message. Also report illegal characters
-+ (currently only ':') in the username. Add the size restrictions
-+ to the man page. [Ken Coar]
-+
-+ *) Fixed the configure --without-support option so it doesn't result in
-+ an infinite loop. [Marc Slemko]
-+
-+ *) Piped error logs could cause a segfault if an error occured
-+ during configuration after a restart.
-+ [Aidan Cully <aidan panix.com>] PR#4456
-+
-+ *) If a "Location" field was stored in r->err_headers_out rather
-+ than r->headers_out, redirect processing wouldn't find it and
-+ the server would core dump on ap_escape_html(NULL). Check both
-+ tables and raise HTTP_INTERNAL_SERVER_ERROR with a log message
-+ if Location isn't set. [Doug MacEachern, Ken Coar]
-+
-+ *) Add RULE_EXPAT, the src/lib/ directory structure, and a modified copy
-+ of the Expat 1.0.2 distribution. [Greg Stein]
-+
-+ *) Replace regexec() calls with calls to a new API stub function
-+ ap_regexec(). This solves problems with DSO modules which use the regex
-+ library. [Jens-Uwe Mager <jum helios.de>, Ralf S. Engelschall]
-+
-+ *) Add 'Request_Protocol' special keyword to mod_setenvif so that
-+ environment variables can be set according to the protocol version
-+ (e.g., HTTP/0.9 or HTTP/1.1) of the request. [Ken Coar]
-+
-+ *) Add DSO support for OpenStep (Mach 4.2) platform.
-+ [Ralf S. Engelschall, Rex Dieter <rdieter math.unl.edu>] PR#3997
-+
-+ *) Fix sed regex for generating ap_config_auto.h in src/Configure.
-+ [Jan Gallo <gallo pvt.sk>] PR#3690, PR#4373
-+
-+ *) Switch to /bin/sh5 in APACI on Ultrix and friends to avoid problems with
-+ their brain-dead /bin/sh. [Ralf S. Engelschall] PR#4372
-+
-+ *) Better DSO flags recognition on NetBSD platforms using ELF.
-+ [Todd Vierling <tv pobox.com>] PR#4310
-+
-+ *) Always log months in english format for %t in mod_log_config.
-+ [Petr Lampa <lampa fee.vutbr.cz>] PR#4366, 679
-+
-+ *) Support for server-parsed and multiview-determined ReadmeName and
-+ HeaderName files in mod_autoindex. Removed the restriction on
-+ "/"s in ReadmeName and HeaderName directives since the *sub_req*
-+ routines will deal with the access issues. (It's now possible to
-+ have {site|group|project|customer|...} wide readmes and headers.)
-+ [Raymond S Brand <rsbx rsbx.net>, Ken Coar] PR#1574, 3026, 3529,
-+ 3569, 4256
-+
-+ *) When stat() fails, don't assume anything about the contents of
-+ the struct stat. [Ed Korthof <ed bitmechanic.com>]
-+
-+ *) It's OK for a semop to return EINTR, just loop around and try
-+ again. [Dean Gaudet]
-+
-+ *) Fix configuration engine re-entrant hangups, which solve a
-+ handful of problems seen with mod_perl <Perl> configuration sections
-+ [Salvador Ortiz Garcia <sog msg.com.mx>]
-+
-+ *) Mac OS and Mac OS X Server now use the appropriate custom layout
-+ by default when building with APACI; allow for platform-specific
-+ variable defaults in configure. [Wilfredo Sanchez]
-+
-+ *) Do setgid() before initgroups() in http_main; some platforms
-+ zap the grouplist when setgid() is called. This was fixed in
-+ suexec earlier, but the main httpd code missed the change.
-+ [Rob Saccoccio <robs InfiniteTechnology.com>] PR#2579
-+
-+ *) Add recognition of .tgz as a gzipped tarchive.
-+ [Bertrand de Singly <bertrand.de-singly polytechnique.fr>] PR#2364
-+
-+ *) mod_include's fsize/flastmod should allow only relative paths, just
-+ like "include file". [Jaroslav Benkovsky <benkovsk pha.pvt.cz>]
-+
-+ *) OS/2: Add support for building loadable modules using DLLs.
-+ [Brian Havard]
-+
-+ *) Add iconsdir, htdocsdir, and cgidir to config.layout.
-+ [Wilfredo Sanchez]
-+
-+ *) Fix minor but annoying bug with the test for Configuration.tmpl
-+ being newer than Configuration so that it is less likely to fail
-+ when using APACI and shadow sources. [Wilfredo Sanchez]
-+
-+ *) PORT: Add initial support for Mac OS (versions 10.0 and
-+ greater). Use Mac OS X Server layout for now. Clean up dyld code
-+ in unix/os.c, and don't install the dyld error handlers, which
-+ are no longer needed in Mac OS. [Wilfredo Sanchez]
-+
-+ *) Rename Rhapsody layout to "Mac OS X Server". Change install
-+ locations to appropriate ones for user-built (as opposed to
-+ system) installs. [Wilfredo Sanchez]
-+
-+ *) Modify mod_autoindex's handling of AddDescription so that the
-+ behaviour matches the documentation. [Ken Coar] PR#1898, 3072.
-+
-+ *) Add functionality to the install-bindist.sh script created by
-+ binbuild.sh to use tar when copying distribution files to the
-+ serverroot. This allows upgrading an existing installation
-+ without nesting the new distribution in the old.
-+
-+ install-bindist.sh now detects the local perl5 path to install
-+ apxs and dbmmanage with proper path to perl interpreter.
-+
-+ Add an install-binsupport target which copies the source files
-+ for apxs and dbmmanage to bindist to allow these scripts to
-+ be properly installed relative to the destination serverroot.
-+ [Randy Terbush, Covalent Technologies, <randy covalent.net>]
-+
-+ *) Fix intermittent SEGV in ap_proxy_cache_error() in
-+ src/modules/proxy_util.c where a NULL filepointer and
-+ temporary filename were closed and unlinked.
-+ [Graham Leggett <minfrin sharp.fm>,
-+ Tim Costello <tjcostel socs.uts.edu.au>] PR#3178
-+
-+ *) Fix inconsistent error messages reported by mod_proxy.
-+ [Graham Leggett <minfrin sharp.fm>]
-+
-+ *) OS/2: Fix terminating CGIs that aren't compiled by EMX GCC when a
-+ connection is aborted. [Brian Havard]
-+
-+ *) Force the LANG envariable to the known state of "C" so that we
-+ have assurance about how string manipulators (e.g., tr) will
-+ function. [Ken Coar] PR#1630
-+
-+ *) Add a directive to allow customising of the tracking cookie name.
-+ [Ken Coar] PR#2921, 4303
-+
-+ *) Add "force-no-vary" envariable to allow servers to work around
-+ clients that choke on "Vary" fields in the response header.
-+ [Ken Coar, Dmitry Khrustalev <dima zippy.machaon.ru>] PR#4118
-+
-+ *) Fixed a bug in mod_dir that causes a child process will infinitely
-+ recurse when it attemps to handle a request for a directory wnd the
-+ value of the DirectoryIndex directive is a single dot. Also likely
-+ to happen for anyother values of DirectoryIndex that will map back
-+ to the same directory. The handler now only considers regular files
-+ as being index candidates. No PR#s found.
-+ [Raymond S Brand <rsbx rsbx.net>]
-+
-+ *) Ease configuration debugging by making TestCompile fall back to
-+ using "make" if the $MAKE variable is unset [Martin Kraemer]
-+
-+ *) Fixed the ServerSignature directive to work as documented.
-+ [Raymond S Brand <rsbx rsbx.net>] PR#4248
-+
-+ *) Add "opt" (SysV-style) layout to config.layout. [Raymond S Brand
-+ <rsbx rsbx.net>]
-+
-+ *) Add APACI --without-execstrip option which can be used to disable the
-+ stripping of executables on installation. This is very important for DSO
-+ and debugging situations. [Ralf S. Engelschall]
-+
-+ *) Add support for OS/2 (case insenstive filesystem, .exe suffix, etc)
-+ to APACI files and related scripts.
-+ [Yitzchak Scott-Thoennes <sthoenna efn.org>, Ralf S. Engelschall] PR#4269
-+
-+ *) Add support for standalone mode in TPF
-+ [Joe Moenich <moenich us.ibm.com>]
-+
-+ *) Fix number of bytes copied by read_connection() in src/support/ab.c
-+ [Jim Cox <jc superlink.net>] PR#4271
-+
-+ *) Fix special RewriteCond "-s" pattern matching.
-+ [Bob Finch <bob nas.com>]
-+
-+ *) Fix value quoting in src/Configure script for ap_config_auto.h
-+ [Paul Sutton <paul awe.com>]
-+
-+ *) Make sure RewriteLock can be used only in the global context, (i.e.
-+ outside of any <VirtualHost> sections) because it's a global facility of
-+ the rewrite engine. [Ralf S. Engelschall]
-+
-+ *) Fix the ownership delegation for proxy directory under `make install'.
-+ [Ralf S. Engelschall]
-+
-+ *) APACI would not correctly build suexec. [Maria Verina
-+ <mariav icgeb.trieste.it>] PR#4260
-+
-+ *) mod_mime_magic passed only the first 4k of a file to
-+ uncompress/gzip, but those tools sometimes do not produce
-+ any output unless a sufficient portion of the compressed
-+ file is input. Change to pass the entire file -- but
-+ only read 4k of output.
-+ [Marcin Cieslak <saper system.pl>] PR#4097
-+
-+ *) "IndexOptions None" generated extra spaces at the end of each
-+ line. [<inkling firstnethou.com>] PR#3770
-+
-+ *) The "100 Continue" response wasn't being sent after internal
-+ redirects. [Jose KAHAN <kahan w3.org>] PR#3910, 3806, 3575
-+
-+ *) When padding the name with spaces for display, mod_autoindex would
-+ count &, <, and > in their escaped width, messing up the display.
-+ [Dean Gaudet] PR#4075, 3758
-+
-+ *) PORT: fixed a compilation problem on NEXT.
-+ [Jacques Distler <distler golem.ph.utexas.edu>] PR#4130
-+
-+ *) r->request_time wasn't being set properly in certain error conditions.
-+ [Dean Gaudet] PR#4156
-+
-+ *) PORT: deal with UTS compiler error in http_protocol.c
-+ [Dave Dykstra <dwd bell-labs.com>] PR#4189
-+
-+ *) Add ap_vrprintf() function. [John Tobey <jtobey banta-im.com>] PR#4246
-+
-+ *) Fix the mod_mime hash table to work properly with locales other
-+ than C. [Dean Gaudet] PR#3427
-+
-+ *) Fix a memory leak which is exacerbated by certain configurations.
-+ [Dean Gaudet] PR#4225
-+
-+ *) Prevent clobbering saved IFS values in APACI. [Jim Jagielski]
-+
-+ *) Fix buffer overflows in ap_uuencode and ap_uudecode pointed out
-+ by "Peter 'Luna' Altberg <peter altberg.nu>" and PR#3422
-+ [Peter 'Luna' Altberg <peter altberg.nu>, Ronald Tschalär]
-+
-+ *) Make {Set,Unset,Pass}Env per-directory instead of per-server.
-+ [Ben Laurie]
-+
-+ *) Correct an apparent typo: on the Windows and MPE platforms, the
-+ htpasswd utility was limiting passwords to only 8 characters.
-+ [Ken Coar]
-+
-+ *) EBCDIC platforms: David submitted patches for two bugs in the
-+ MD5 digest port for EBCDIC machines:
-+ a) the htdigest utility overwrote the old contents of the digest file
-+ b) the Content-MD5 header value (ContentDigest directive) was wrong
-+ when the returned file was not converted from EBCDIC, but was a
-+ binary (e.g., image file) in the first place.
-+ [David McCreedy <mccreedy us.ibm.com>]
-+
-+ *) support/htpasswd now permits the password to be specified on the
-+ command line with the '-b' switch. This is useful when passwords
-+ need to be maintained by scripts -- particularly in the Win32
-+ environment. [Ken Coar]
-+
-+ *) Win32: Win32 multiple services patch. Added capability to install and
-+ run multiple copies of apache as individual services.
-+
-+ Example 1:
-+ apache -n apache1 -i -f c:/httpd.conf
-+ Installs apache as service 'apache1' and associates c:/httpd.conf
-+ with that service.
-+ net start apache1
-+ Starts apache1 service.
-+ net stop apache1
-+ Stops apache1 service
-+
-+ Example 2:
-+ apache -n apache2 -i
-+ Installs apache as service 'apache2'. httpd.conf is located under
-+ the default server root (/apache/conf/httpd.conf).
-+ net start apache2
-+ Starts apache2 service.
-+
-+ Example 3:
-+ apache -n apache3 -i -d c:/program files/apache
-+ Install apache as service 'apache3' and sets server root to
-+ c:/program files/apache.
-+
-+ Example 4:
-+ apache -n apache2 -k restart
-+ Restart apache2 service
-+
-+ [Keith Wannamaker, Ken Parzygnat, Bill Stoddard]
-+
-+ *) Correct the signed/unsigned character handling for the MD5 routines;
-+ mismatches were causing compilation problems with gcc -pedantic and
-+ in the TPF cross-compilation. [Ken Coar]
-+
-+ *) OS/2: Rework CGI handling to use spawn*() instead of fork/exec, achieving
-+ a roughly 5 fold speed up. [Brian Havard]
-+
-+ *) proxy ftp: instead of using the hardwired string "text/plain" as
-+ a fallback type for files served by the ftp proxy, use the
-+ ap_default_type() function to determine the configured type.
-+ This allows for special configurations like
-+ <Directory proxy:ftp://some.host>
-+ DefaultType gargle/blurb
-+ </Directory>
-+ Additionally, add the Content-Encoding: header to FTP proxy replies
-+ when the encoding is defined (by the AddEncoding directive).
-+ Because it was missing, it was almost impossible to browse compressed
-+ files using the FTP proxy (works now perfectly in Communicator).
-+ The ftp proxy now also returns the Date: and Server: header lines (if not
-+ much else... This code is "somewhat" broken) like normal requests do.
-+ [Martin Kraemer]
-+
-+ *) Be more smart in APACI's configure script when determining the UID/GID
-+ for User/Group directives and use the determined UID/GID to initialize
-+ the permissions on the proxycachedir.
-+ [Dirk-Willem van Gulik, Ralf S. Engelschall]
-+
-+ *) Changed the forking-prior-to-cleanup in the proxy module to first
-+ check wether it actually needs to collect garbage. This reduces
-+ the number of fork()s from one/request to just the odd one an hour.
-+ [Dirk-Willem van Gulik]
-+
-+ *) Added proxy, auth and header support to src/support/ab.c. Added a
-+ README file to src/support/
-+ [Dirk-Willem van Gulik]
-+
-+ *) Don't hard-code the path to AWK in --shadow bootstrapping Makefile.
-+ [Ralf S. Engelschall] PR#4050
-+
-+ *) Add support for DSO module compilation on BSD/OS 3.x.
-+ [Randy Terbush, Covalent Technologies]
-+
-+ *) Fix sed-substitutions in `make install': path elements like `httpd/conf'
-+ (for instance from an APACI configure --sysconfdir=/etc/httpd/conf
-+ option) were substituted with $(TARGET).conf, etc. Same for other strings
-+ with dots where the dot wasn't matched as plain text.
-+ [Ralf S. Engelschall]
-+
-+ *) PORT: Add support for FreeBSD 4.x [Ralf S. Engelschall]
-+
-+ *) Fix verbose output of APACI configure (option -v)
-+ [Martin Kraemer, Ralf S. Engelschall]
-+
-+Changes with Apache 1.3.6
-+
-+ *) Removed new PassAllEnv code due to DSO problems. [Lars Eilebrecht]
-+
-+Changes with Apache 1.3.5 [not released]
-+
-+ *) M_INVALID needed a value within the scope of METHODS so that unknown
-+ methods can be access controlled. [Roy Fielding] PR#3821
-+
-+ *) Added PassAllEnv; makes server's entire environment available
-+ to CGIs and SSIs executed within directive's scope. [Ken Coar]
-+
-+ *) ap_uuencode() always added two trailing '='s and encoding of
-+ 8 bit characters on a machine with signed char may produced
-+ incorrect results. Additionally ap_uuencode() should now
-+ work correctly on EBCDIC platforms.
-+ [Ronald Tschalär <ronald innovation.ch>] PR#3411
-+
-+ *) WIN32: Binary installer now runs the configuration DLL before
-+ the reboot prompt (which is only given if MSVCRT.DLL system
-+ DLL is new or updated). This should avoid the configuration
-+ directory being empty after installation. [Paul Sutton]
-+ PR#3767, 3800, 3827, 3850, 3900, 3953, 3988
-+
-+ *) WIN32: Binary installer now creates Start menu options to start
-+ and stop Apache as a console application and to uninstall
-+ the Apache service on NT. [Paul Sutton] PR#3741
-+
-+ *) WIN32: Apache.exe now contains an icon. [Paul Sutton]
-+
-+ *) PORT: Switch back to using fcntl() locking on Linux -- instabilities
-+ have been reported with flock() locking (probably related to kernel
-+ version). [Dean Gaudet] PR#2723, 3531
-+
-+ *) Using APACI, the main config file (usually httpd.conf) was
-+ not being adjusted as $(TARGET).conf. [Wilfredo Sanchez
-+ <wsanchez apple.com>]
-+
-+ *) PORT: AIX does not require the SHARED_CODE "hack"
-+ [Ryan Bloom <rbb raleigh.ibm.com>]
-+
-+ *) Set-Cookie headers were being doubled up for some CGIs by the O(n^2)
-+ avoidance code added in 1.3.3.
-+ [Dean Gaudet, Jeff Lewis <lewis stanford.edu>] PR#3872
-+
-+ *) ap_isxdigit was somehow neglected when adding the ap_isfoo() macros
-+ for 8-bit safeness. [Dean Gaudet]
-+
-+ *) PORT: Use -fPIC instead of -fpic on Solaris and SunOS for compiling DSOs
-+ because SPARCs have a small machine-specific maximum size for the Global
-+ Offset Table which is often exceeded when compiling one of the larger
-+ third-party modules with Apache. [Peter Urban <Peter.Urban epfl.ch>] PR#3977
-+
-+ *) Move the directive `ExtendedStatus' in httpd.conf-dist-win _after_ the
-+ DSO/DLL section because it's a directive from mod_status and isn't
-+ available before the DLL of mod_status is loaded.
-+ [Martin POESCHL <mpoeschl gmx.net>] PR#3936
-+
-+ *) SECURITY: Fix a bug in the calculation of the buffer size for the line
-+ continuation facility in Apache's configuration files which could
-+ lead to a buffer overflow situation.
-+ [Thomas Devanneaux <Thomas.Devanneaux enst.fr>] PR#3617
-+
-+ *) Make documentation and error messages of APACI's --activate-module=FILE
-+ option more clear. [Jan Wolter <janc wwnet.net>] PR#3995
-+
-+ *) Fix the gcc version check (for enabling the `inline' facility) to
-+ really support all future gcc versions >= 2.7 until we know more.
-+ [John Tobey <jtobey banta-im.com>] PR#3983
-+
-+ *) Let APACI's configure script correctly complain for unknown --enable-XXX
-+ and --disable-XXX options. [Ralf S. Engelschall] PR#3958
-+
-+ *) Link the shared core bootstrap program (``Rule SHARED_CORE=yes'') also
-+ against libap.a and use its ap_snprintf() instead of sprintf() to avoid
-+ possible buffer overflows. [Ralf S. Engelschall]
-+
-+ *) Remove no longer used non-API function ap_single_module_init().
-+ [Ralf S. Engelschall]
-+
-+ *) Add Apple's Mac OS X Server Layout "Rhapsody" to config.layout.
-+ [Wilfredo Sanchez]
-+
-+ *) Add cgidir, htdocsdir, iconsdir variables to Makefile.tmpl in order
-+ to make platform installations easier. [Wilfredo Sanchez]
-+
-+ *) In configure, do not append the target name to the directory path if
-+ the path already contains "apache". [Ralf S. Engelschall]
-+
-+ *) SIGPIPE is now ignored by the server core. The request write routines
-+ (ap_rputc, ap_rputs, ap_rvputs, ap_rwrite, ap_rprintf, ap_rflush) now
-+ correctly check for output errors and mark the connection as aborted.
-+ Replaced many direct (unchecked) calls to ap_b* routines with the
-+ analogous ap_r* calls. [Roy Fielding]
-+
-+ *) Enhanced mod_rewrite's mapfile handling: The in-core cache for text and
-+ DBM format mapfiles now uses a 4-way hash table with LRU functionality.
-+ Furthermore map lookups for non-existent keys are now cached as well.
-+ Additionally "txt" maps are now parsed with simple string functions
-+ instead of using ap_pregcomp(). As a side effect a bug that prevented
-+ the usage of keys containing the "," character was fixed.
-+ The changes drastically improve the performance when large rewrite maps
-+ are in use.
-+ [Michael van Elst <mlelstv serpens.swb.de>, Lars Eilebrecht] PR#3160
-+
-+ *) Added ap_sub_req_method_uri() for doing a subrequest with a method
-+ other than GET, and const'd the definition of method in request_rec.
-+ [Greg Stein]
-+
-+ *) Use proper pid_t type for saving PIDs in alloc.c. [John Bley]
-+
-+ *) Replaced use of WIN32 define with HAVE_DRIVE_LETTERS to indicate
-+ when the OS allows a DOS drive letter within pathnames. [Brian Havard]
-+
-+ *) Add %V to mod_log_config, this logs the hostname according to the
-+ UseCanonicalName setting (this is the pre-1.3.4 behaviour of
-+ %v). Useful for mass vhosting. [Tony Finch <dot dotat.at>]
-+
-+ *) Add support for \n and \t to mod_log_config, can be used to produce
-+ more reliable logs with multiline entries. [Tony Finch <dot dotat.at>]
-+
-+ *) Fixed a few compiler nits. [John Bley <jbb6 acpub.duke.edu>]
-+
-+ *) Added informative error messages for failed munmap() and fseek() calls
-+ in http_core.c. [John Bley, Roy Fielding]
-+
-+ *) Added some informative error messages for some failed malloc()
-+ calls. [John Bley <jbb6 acpub.duke.edu>, Jim Jagielski]
-+
-+ *) OS/2 ap_os_canonical_filename()'s behaviour is improved: ap_assert()
-+ is removed. This allows <Directory proxy:*> directives to work and
-+ prevents invalid requests from killing the process.
-+ [Brian Havard <brianh kheldar.apana.org.au>]
-+
-+ *) Reorganised FAQ document.
-+ [Joshua Slive <slive finance.commerce.ubc.ca>] PR#2497
-+
-+ *) src/support/: The ApacheBench benchmark program was overhauled by
-+ David N. Welton: you can now have it generate an HTML TABLE, presumably
-+ for integration into other HTML sources. David updated the ab man page
-+ as well and added some missing descriptions. Thanks!
-+ [David N. Welton <davidw prosa.it>]
-+
-+ *) Win32: The filename validity checker now allows filenames containing
-+ characters in the range 0x80 to 0xff (for example accented characters).
-+ [Paul Sutton] PR#3890
-+
-+ *) Added conditional logging based upon environment variables to
-+ mod_log_config. mod_log_referer and mod_log_agent
-+ are now deprecated. [Ken Coar]
-+
-+ *) Allow apache acting as a proxy server to relay the real
-+ reason of a failure to a client rather than the "internal
-+ server error" it does currently. The general exposure mechanism
-+ can be triggered by any module by setting the "verbose-error-to"
-+ note to "*"; this allows more than just proxy errors to be exposed.
-+ [Cliff Skolnick, Roy Fielding, Martin Kraemer] Related to PR#3455, 4086
-+
-+ *) Moved man pages for ab and apachectrl to section 8.
-+ [Wilfredo Sanchez, Roy Fielding]
-+
-+ *) Added -S option to install.sh so that options can be passed to
-+ strip on some platforms. [Ralf S. Engelschall, Wilfredo Sanchez]
-+
-+ *) Tweak modules Makefile generated by Configure so that it handles
-+ the test case of no modules being selected. [<chaz reliant.com>]
-+
-+ *) Added a <LimitExcept method ...> sectioning directive that allows
-+ the user to assign authentication control to any HTTP method that
-+ is *not* given in the argument list; i.e., the logical negation
-+ of the <Limit> directive. This is particularly useful for controlling
-+ access on methods unknown to the Apache core, but perhaps known by
-+ some module or CGI script. [Roy Fielding, Tony Finch]
-+
-+ *) Prevent apachectl from complaining if the PIDFILE exists but
-+ does not contain a process id, as might occur if the server is
-+ being rapidly restarted. [Wilfredo Sanchez]
-+
-+ *) Win32: Add global symbols missing from ApacheCore.def. [Carl Olsen]
-+
-+ *) Entity tag comparisons for If-Match and If-None-Match were not being
-+ performed correctly -- weak tags might cause false positives. Also,
-+ strong comparison wasn't properly enforced in all cases.
-+ [Roy Fielding, Ken Coar, Dean Gaudet] PR#2065, 3657
-+
-+ *) OS/2: Supply OS/2 error code instead of errno on semaphore errors.
-+ [Brian Havard]
-+
-+ *) Work around a bug in Lynx regarding its sending "Negotiate: trans"
-+ even though it doesn't understand TCN. [Koen Holtman, Roy Fielding]
-+
-+ *) Added ap_size_list_item(), ap_get_list_item(), and ap_find_list_item()
-+ to util.c for parsing an HTTP header field value to extract the next
-+ list item, taking into account the possible presence of nested comments,
-+ quoted-pairs, and quoted-strings. ap_get_list_item() also removes
-+ insignificant whitespace and lowercases non-quoted tokens.
-+ [Roy Fielding] PR#2065
-+
-+ *) proxy: The various calls to ap_proxyerror() can return HTTP/1.1 status
-+ code different from 500. This allows the proxy to, e.g., return
-+ "403 Forbidden" for ProxyBlock'ed URL's. [Martin Kraemer] Related to PR#3455
-+
-+ *) Fix ordering of language variants for the case where the traditional
-+ negotiation algorithm is being used with multiple language variants
-+ and no Accept-Language. [James Treacy <treacy debian.org>] PR#3299, 3688
-+
-+ *) Do not round the TCN quality calculation to 5 decimal places,
-+ unlike RFC 2296, because the calculation might need 12 decimal places
-+ to get the right result. [Roy Fielding]
-+
-+ *) Remove unused code to disable transparent negotiation when
-+ negotiating on encoding only, as we now handle encoding too
-+ (though this is nonstandard for TCN), remove charset=ISO-8859-1
-+ fiddle from the fiddle-averse RVSA comparison, and fix bugs in
-+ some debugging statements within mod_negotiation. [Koen Holtman]
-+
-+ *) Fixed a rare memory corruption possibility in mod_dir if the index
-+ file is negotiable and no acceptable variant can be found.
-+ [Dean Gaudet, Roy Fielding, Martin Kraemer]
-+
-+ *) Win32: Add new config directive, ScriptInterpreterSource, to enable
-+ searching the Win32 registry for script interpreters.
-+ [Bill Stoddard]
-+
-+ *) Win32: The compiled-in default filename for the error log is now
-+ error.log, which matches the default in the distributed httpd.conf.
-+ [Paul Sutton]
-+
-+ *) Win32: Any error messages from -i or -u command line options are now
-+ displayed on the console output rather than sent to the error log.
-+ Also the "Running Apache..." message is not output unless Apache is
-+ going to serve requests. [Paul Sutton]
-+
-+ *) Rework the MD5 authentication scheme to use FreeBSD's algorithm,
-+ and use a private significator ('$apr1$') to mark passwords as
-+ being smashed with our own algorithm. Also abstract the password
-+ checking into a new ap_validate_password() routine. [Ken Coar]
-+
-+ *) Win32: The filename validity checker now allows "COM" but refuses
-+ access to "COM1" through "COM4". This allows filenames such
-+ as "com.name" to be served. [Paul Sutton] PR#3769.
-+
-+ *) BS2000: Adapt to the new ufork() system call interface which will
-+ make subtasking easier on the OSD/POSIX mainframe environment.
-+ [Martin Kraemer]
-+
-+ *) Add a compatibility define for escape_uri() -> ap_escape_uri() to
-+ ap_compat.h. [David White <david persimmon.com>] PR#3725
-+
-+ *) Make NDBM file suffix determination for mod_rewrite more accurate, i.e.
-+ use `.db' instead of `.pag' not only for FreeBSD, but also when
-+ the NDBM library looks like Berkeley-DB based.
-+ [Ralf S. Engelschall] PR#3773
-+
-+ *) Add ability to handle DES or MD5 authentication passwords.
-+ [Ryan Bloom <rbb Raleigh.IBM.Com>]
-+
-+ *) Fix O(n^2) memory consumption in mod_speling. [Dean Gaudet]
-+
-+ *) SECURITY: Avoid some buffer overflow problems when escaping
-+ quoted strings. (This overflow was on the heap and we believe
-+ impossible to exploit.) [Rick Perry <perry ece.vill.edu>]
-+
-+ *) Let src/Configure be aware of CFLAGS options starting with plus
-+ signs as it's the case for the HP/UX compiler.
-+ [Doug Yatcilla <yatcilda umdnj.edu>] PR#3681
-+
-+ *) Remove the hard-wire of TAR=tar (we now check for gtar and gnutar first)
-+ and check to see if the tar we wind up with supports '-h'.
-+ [Jim Jagielski] PR#3671
-+
-+ *) A consistent and conservative style for all shell scripts has been
-+ implemented. Basically, all shell string tests use the traditional
-+ hack of 'if [ "x$var" != "x" ]' or 'if [ "x$var" = "xstring" ]'
-+ to protect against bare null variable strings (ie: wrapping both
-+ sides with double quotes and prepending 'x'). 'x' was chosen
-+ because it's more universal and hopefully easier for old shell
-+ prgrammers, as well as being easier to search for in 'vi' (/x\$) :)
-+ [Jim Jagielski]
-+
-+ *) The status module now prints out both the main server generation as
-+ well as the generation of each process. Also, the vhost info is
-+ printed with '?notable'. [Jim Jagielski]
-+
-+ *) Move src/main/md5c.c to src/ap/ap_md5c.c; it's httpd-neutral
-+ and this makes its functions available to things in src/support.
-+ [Ken Coar]
-+
-+Changes with Apache 1.3.4
-+
-+ *) Renamed macros status_drops_connection to ap_status_drops_connection
-+ and vestigial scan_script_header to ap_scan_script_header_err,
-+ mostly for aesthetic reasons. [Roy Fielding]
-+
-+ *) The query switch "httpd -S" didn't exit after showing the
-+ vhost settings. That was inconsistent with the other query functions.
-+ [Martin Kraemer]
-+
-+ *) Moved the MODULE_MAGIC_COOKIE from before the versions and
-+ filename to the end of the STANDARD_MODULE_STUFF. Its
-+ presence at the beginning prevented reporting of the filename
-+ for modules compiled before 1 January 1999. [Ken Coar]
-+
-+ *) SECURITY: ap_os_is_filename_valid() has been added to Win32
-+ to detect and prevent access to special DOS device file names.
-+ [Paul Sutton, Ken Parzygnat]
-+
-+ *) WIN32: Created new makefiles Makefile_win32.txt (normal build)
-+ and Makefile_win32_debug.txt (debug build) that work on Win95.
-+ Run each of the following from the src directory:
-+ nmake /f Makefile_win32.txt # compiles normal build
-+ nmake /f Makefile_win32.txt install # compiles and installs
-+ nmake /f Makefile_win32.txt clean # removes compiled junk
-+ nmake /f Makefile_win32_debug.txt # compiles debug build
-+ nmake /f Makefile_win32_debug.txt install
-+ nmake /f Makefile_win32_debug.txt clean
-+ [Roy Fielding]
-+
-+ *) Added binbuild.sh and findprg.sh helpers to make it easier for us
-+ to build binary distributions. [Lars Eilebrecht]
-+
-+ *) IndexOptions SuppressColumnSorting only turned off making
-+ the column headers anchors; you could still change the display
-+ order by manually adding a '?N=A' or similar query string to the
-+ URL. Now SuppressColumnSorting locks in the sort order so
-+ it can't be overridden this way. [Ken Coar]
-+
-+ *) Added IndexOrderDefault directive to supply a default sort order
-+ for FancyIndexed directory listings. [Ken Coar] PR#1699
-+
-+ *) Change the ap_assert macro to a variant that works on all platforms.
-+ [Richard Prinz <richard.prinz cso.net>] PR#2575
-+
-+ *) Make sure under ELF-based NetBSD (now) and OpenBSD (future) we don't
-+ search for an underscore on dlsym() (as it's already the case
-+ for FreeBSD 3.0). [Todd Vierling <tv pobox.com>] PR#2462
-+
-+ *) Small fix for mod_env.html: The module was documented as to be _not_
-+ compiled into Apache per default, although it _IS_ compiled into
-+ Apache per default. [Sim Harbert <sim mindspring.com>] PR#3572
-+
-+ *) Instead of fixing a bug in the generation procedure for config.status (a
-+ backslash was missing) we remove the bug together with it's complete
-+ context because the special cases of the past can now no longer occur
-+ because of the recent magic for the --with-layout default.
-+ [Ralf S. Engelschall] PR#3590
-+
-+ *) Make top-level Makefile aware of a parallel build procedures (make -j) by
-+ making sure the src/support/ tools are _forced_ to be build last (they
-+ depend on other libraries).
-+ [Markus Theissinger <markus.theissinger gmx.de>]
-+
-+ *) Fix installation procedure: Now that os-inline.c is actually used (a
-+ recently fixed bug prevented this) we need to also install os-include.c
-+ in addition to os.h into the PREFIX/include/ location or building of
-+ module DSOs with APXS fails. [Ralf S. Engelschall] PR#3527
-+
-+ *) Added MODULE_MAGIC_COOKIE as the first field in a module structure to
-+ allow us to distinguish between a garbled DSO (or even a file which isn't
-+ an Apache module DSO at all) and a DSO which doesn't match the current
-+ Apache API. [Ralf S. Engelschall] PR#3152
-+
-+ *) Two minor enhancements to mod_rewrite: First RewriteRule now also
-+ supports the ``nocase|NC'' flag (as RewriteCond already does for ages) to
-+ match case insensitive (this especially avoids nasty patterns like
-+ `[tT][eE][sS][tT]'). Second two additional internal map functions
-+ `escape' and `unescape' were added which can be used to escape/unescape
-+ to/from hex-encodings in URLs parts (this is especially useful in
-+ combination with map lookups).
-+ [Magnus Bodin, Ian Kallen, Ralf S. Engelschall]
-+
-+ *) Renamed the macro escape_uri() to ap_escape_uri() which was
-+ forgotten (because it was a macro) in the symbol renaming process.
-+ [Ralf S. Engelschall]
-+
-+ *) Fix some inconsistencies related to the scopes of directives. The only
-+ user visible change is that the directives `UseCanonicalName' and
-+ `ContentDigest' now use the (more correct) `Options' scope instead of
-+ (less correct) `AuthConfig' scope. [Ralf S. Engelschall]
-+
-+ *) Using DSO, the Server token was being mangled. Specifically, the
-+ module's token was being added first before the Apache token. This
-+ has been fixed. [Jim Jagielski]
-+
-+ *) Major overhaul of mod_negotiation.c, part 2.
-+ - properly handle "identity" within Accept-Encoding.
-+ - allow encoded variants in RVSA negotiation and let them appear in
-+ the Alternates field using the non-standard "encoding" tag-list.
-+ - fixed both negotiation algorithms so that an explicitly accepted
-+ encoding is preferred over no encoding if "identity" is not
-+ included within Accept-Encoding.
-+ - added ap_array_pstrcat() to alloc.c for efficient concatenation
-+ of large substring sequences.
-+ - replaced O(n^2) memory hogs in mod_negotiation with ap_array_pstrcat.
-+ [Roy Fielding]
-+
-+ *) Major overhaul of mod_negotiation.c, part 1.
-+ - cleanups to mod_negotiation comments and code structure
-+ - made compliant with HTTP/1.1 proposed standard (rfc2068) and added
-+ support for everything in the upcoming HTTP/1.1
-+ revision (draft-ietf-http-v11-spec-rev-06.txt).
-+ - language tag matching also handles tags with more than 2
-+ levels like x-y-z
-+ - empty Accept, Accept-Language, Accept-Charset headers are
-+ processed correctly; previously an empty header would make all
-+ values acceptable instead of unacceptable.
-+ - allowed for q values in Accept-Encoding
-+ - added support for transparent content negotiation (rfc2295 and
-+ rfc2296) (though we do not implement all features in these drafts,
-+ e.g. no feature negotiation). Removed old experimental version.
-+ - implemented 'structured entity tags' for better cache correctness
-+ (structured entity tags ensure that caches which can deal with Vary
-+ will (eventually) be updated if the set of variants on the server
-+ is changed)
-+ - this involved adding a vlist_validator element to request_rec
-+ - this involved adding the ap_make_etag() function to the global API
-+ - modified guessing of charsets used by Apache negotiation algorithm
-+ to guess 'no charset' if the variant is not a text/* type
-+ - added code to sort multiviews variants into a canonical order so that
-+ negotiation results are consistent across backup/restores and mirrors
-+ - removed possibility of a type map file resolving to another type map
-+ file as its best variant
-+ [Koen Holtman, Roy Fielding, Lars Eilebrecht] PR#3451, 3299, 1987
-+
-+ *) RFC2396 allows the syntax http://host:/path (with no port number)
-+ but the proxy disallowed it (ap_proxy_canon_netloc()).
-+ [David Kristol <dmk bell-labs.com>] PR#3530
-+
-+ *) When modules update/modify the file name in the configfile_t structure,
-+ syntax errors will report the updated name, not the original one.
-+ [Fabien Coelho <coelho cri.ensmp.fr>] PR#3573
-+
-+ *) Correct some filename case assumptions from WIN32 to
-+ CASE_BLIND_FILESYSTEM. [Brian Havard <brianh kheldar.apana.org.au>]
-+
-+ *) For %v log ServerName regardless of the UseCanonicalName
-+ setting (similarly for %p). [Dean Gaudet]
-+
-+ *) Configure was initializing the variables $OSDIR, $INCDIR and $SHELL
-+ rather late (too late for some invocations of TestCompile).
-+ This improves the make environment available to TestCompile and
-+ the *.module scripts. [Martin Kraemer]
-+
-+ *) The hashbang emulation code in ap_execve.c would interpret
-+ #!/hashbang/scripts correctly, but failed to fall back to a
-+ standard shell for scripts which did NOT start with #!
-+ Now SHELL_PATH is started in these cases. [Martin Kraemer]
-+
-+ *) PORT: Added the Cyberguard V2 port [Richard Stagg <stagg lentil.org>]
-+ PR#3336
-+
-+ *) Update APXS manual page: some -q option arguments were missing
-+ and another was incorrect. [Mark Anderson <mda discerning.com>] PR#3553
-+
-+ *) Cleanup the command line options: `-?' was documented to show
-+ the usage list but does it with an error because `?' is not a valid
-+ command. OTOH a lot of users expect `-h' to print such a usage list and
-+ instead are annoyed for ages by our huge unreadable list of directives.
-+ So we now changed the command line options this way:
-+ 1. `-L' => `-R'
-+ Intent: we need `-L' to be free, and `-R' for the DSO run-time path is
-+ very similar to the popular linker option.
-+ 2. `-h' => `-L'
-+ Intent: while -l gives the small list of modules, -L now gives the
-+ large list of directives implemented by these modules. This is also
-+ consistent with -v (short version info) and -V (large version info).
-+ 3. `-?' => `-h'
-+ Intent: it's now the expected option ;-)
-+ The manual page was adjusted accordingly.
-+ [Ralf S. Engelschall] PR#2714
-+
-+ *) Fixed problem of fclose() on an unopened file in suexec if LOG_EXEC
-+ wasn't defined. [Rick Franchuk <rickf transpect.net>]
-+
-+ *) Removed recently introduced bugs and disfigurements in APACI:
-+ o fixed argument line processing: using $args was broken: It was not
-+ initialized and using args="$args $apc_option" and even args="$args
-+ \"$apc_option\"" fails in the second processing round for any arguments
-+ containing whitespaces. The only correct way is to use the construct
-+ "$@" (but not possible here) or iterate _both_ times over the implicit
-+ argument line (no argument to for-loop) which is what we now use.
-+ o make --with-layout=Apache the default without creating
-+ redundancy (copying the --with-layout block in the argument parsing
-+ loop). We achieve this by using the "$@" construct together with the
-+ `set' command to prepend --with-layout=Apache to the command line in
-+ case --with-layout is not used.
-+ o fixed auto-suffix handling now that config.layout exists.
-+ Paths which are auto-suffixed are marked with a trailing plus sign in
-+ config.layout and every path now can be marked this way (not only the
-+ four paths for which we do it currently). Additionally the suffix is
-+ no longer a static one. Instead it's now `/<target>' where <target> is
-+ the argument of the --target option or per default `httpd'.
-+ o allow also tabs (and only spaces) where we match whitespaces
-+ o various fixes and cleanups related to used shell coding style
-+ o made Jim happy by replacing `Written by' with `Initially written by' ;-)
-+ o trimmed output of --help to fit into 80 columns
-+ [Ralf S. Engelschall]
-+
-+ *) Added two new core API functions, ap_single_module_configure() and
-+ ap_single_module_init(), which are now used by mod_so to configure a module
-+ after loading. [Ralf S. Engelschall]
-+
-+ *) PORT: Add defines for USE_FLOCK_SERIALIZED_ACCEPT and
-+ SINGLE_LISTEN_UNSERIALIZED_ACCEPT to NetBSD/OpenBSD section
-+ of ap_config.h to allow serialized accept for multiport listens.
-+ [Roy Fielding, Curt Sampson] PR#3120
-+
-+ *) PORT: Fixed a misplaced #endif for NetBSD/OpenBSD section
-+ of ap_config.h that would skip several defines if DEFAULT_GROUP
-+ was overridden. [Roy Fielding]
-+
-+ *) PORT: The I86 version of DGUX has support for strncasecmp and
-+ strcasecmp, so allow it in ap_config.h. [Amiel Lee Yee] PR#3247
-+
-+ *) Fix ordering of definitions in ap_config.h so that ap_inline is
-+ defined before it might be used. [Victor Khimenko]
-+
-+ *) PORT: Add Dynamic Shared Object (DSO) support for BSDI (v4.0).
-+ [Tom Serkowski <tks bsdi.com>] PR#3453
-+
-+ *) Make generation of src/Configuration.apaci more robust: It failed to
-+ differenciate between modules when one module name was a postfix of
-+ another (e.g. cgi vs. fastcgi). We now check for mod_XXX, libXXX and even
-+ just XXX (think about totally non-standard names like "apache_ssl", too).
-+ [Ralf S. Engelschall] PR#3380
-+
-+ *) In src/Configure remove the SERVER_SUBVERSION support (already deprecated
-+ since 1.3b7) and make whitespace handling more robust (it failed horrible
-+ when whitespaces were present in the arguments of -D options).
-+ [Ralf S. Engelschall] PR#3240
-+
-+ *) Add APACI --shadow=DIR variant (in addition to --shadow). This now first
-+ creates an external package shadow tree in DIR before the local build
-+ shadow tree is generated under DIR. This way one can have the extracted
-+ Apache distribution tree read-only on NFS or CDROM and still build Apache
-+ from these sources. An automatically triggered VPATH-like mechanism is
-+ provided through the TOP variable, too.
-+ [Ralf S. Engelschall, Wilfredo Sanchez <wsanchez apple.com>]
-+
-+ *) Fix negotiation so that a Vary response header is correctly
-+ generated when, for a particular dimension, variants only vary
-+ in having or not having a value for that dimension. [Paul Sutton]
-+
-+ *) Fix negotiation so that we prefer an encoded variant over an
-+ unencoded variant if the user-agent explicitly says it can
-+ accept that encoding. Previously we always preferred the unencoded
-+ variant.
-+ [Paul Ausbeck <paula alumni.cse.ucsc.edu>, Paul Sutton] PR#3447
-+
-+ *) Fix APXS tool: query variables LIBS_SHLIB and TARGET were not recognized
-+ and the usage page was inconsistent with the functionality and manpage.
-+ [Ralf S. Engelschall]
-+
-+ *) Allow special options -Wc,xxx and -Wl,xxx on APXS compile/link command.
-+ They can occur multiple times and their arguments (`xxx') are passed AS
-+ IS to the compiler/linker command. [Ralf S. Engelschall]
-+
-+ *) Fixed possible (but harmless in practice) bug in the DBM lookup
-+ procedure of mod_rewrite: very long keys were truncated.
-+ [Ralf S. Engelschall]
-+
-+ *) Added a generic --with-layout=[FILE:]ID option. ID here is a layout
-+ identifier, currently "Apache" and "GNU" are pre-defined in the file
-+ config.layout. Custom layouts are possible by using FILE:ID as the
-+ argument where the layout ID is taken from FILE.
-+
-+ The config.layout file consists of <Layout ID>..</Layout> sections
-+ where inside those sections "path_variable: path_value" pairs can be
-+ specified. These lines are converted to path_variable='path_value'.
-+
-+ *) Add a DefaultLanguage directive so that files missing a language
-+ extension (e.g., .fr, .de) can be labelled as being some other
-+ default language. DefaultLanguage can appear in <Directory> and
-+ <Files> containers as well as .htaccess files. [Paul Sutton]
-+ PR#1180
-+
-+ *) Fix TARGET configuration when configuring and installing using
-+ APACI configure. TARGET now defines the basename of the configuration
-+ file, startup script, manual page, etc. log_error_core() now reports
-+ the server binary name given by argv[0]. TARGET can now also be defined
-+ with --target=TARGET parameter passed to APACI configure.
-+ [Ralf Engelschall, Randy Terbush]
-+
-+ *) mod_include.c:handle_perl() now properly tests for OPT_INCNOEXEC
-+ rather than OPT_INCLUDES [Rainer Schoepf <schoepf uni-mainz.de>]
-+
-+ *) ap_md5_binary() was using sprintf() rather than a table lookup
-+ to convert binary bytes to hex digits.
-+ [Ronald Tschalär <ronald innovation.ch>] PR#3409
-+
-+ *) Fix SEGV in TCN negotiation if no variants are acceptable.
-+ [Martin Plechsmid <plechsmi karlin.mff.cuni.cz>] PR#1987
-+
-+ *) API: ap_exists_config_define() function is now "public" [Doug MacEachern]
-+
-+ *) Fix documentation of `Action' directive: It can activate a CGI script
-+ when either a handler or a MIME content type is triggered by the request.
-+ [Andrew Pimlott <pimlott math.harvard.edu>] PR#3340
-+
-+ *) Document the `add' command of `dbmmanage' in `dbmmanage.1' manpage.
-+ [David MacKenzie <djm uu.net>] PR#3394
-+
-+ *) Ignore a "ErrorDocument 401" directive with a full URL and write a
-+ notice to the error log. It is not possible to send a 401 response
-+ and a redirect at the same time. [Lars Eilebrecht]
-+
-+ *) Fallback to native compilers for IRIX-32 platform. It seems that
-+ a gcc 2.8.1 compiled apache is logging client addresses with all
-+ bits set (255.255.255.255). This is the second such problem caused
-+ by gcc 2.8.1 compiler. The first being broken semaphore locking.
-+ [Randy Terbush]
-+
-+ *) Updated mime.types to reflect current Internet media types
-+ and include a URL to the registry.
-+ [Manoj Kasichainula, Roy Fielding] PR#2380, 2286, 2246
-+
-+ *) SECURITY: Do a more complete check in mod_include to avoid
-+ an infinite loop of recursive SSI includes. [Marc Slemko] PR#3323
-+
-+ *) Add APACI --suexec-docroot and --suexec-logfile options which can be
-+ used to set the document root directory (DOC_ROOT) and the suexec
-+ logfile (LOG_EXEC), respectively. Additionally the --layout option
-+ was changed to show more information about the suEXEC setup.
-+ [Lars Eilebrecht] PR#3316, 3357, 3361
-+
-+ *) Added the last two WebDAV status codes of 424 (Failed Dependency)
-+ and 507 (Insufficient Storage) for use by third-party modules.
-+ [Roy Fielding]
-+
-+ *) Enabled all of the WebDAV method names for use by third-party
-+ modules, Limit, and Script directives. That includes PATCH,
-+ PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK.
-+ Improved mod_actions.c so that it can use any of the methods
-+ defined in httpd.h. Added ap_method_number_of(method) for
-+ getting the internal method number. [Roy Fielding]
-+
-+ *) PORT: Add a port to the TPF OS. [Joe Moenich <moenich us.ibm.com> and
-+ others at IBM]
-+
-+ *) Fix problems with handling of UNC names (e.g., \\host\path)
-+ on Win32. [Ken Parzygnat <kparz us.ibm.com>]
-+
-+ *) Rework os_canonical_*() on Win32 so it's simpler, more
-+ robust, and works. [Ken Parzygnat <kparz us.ibm.com>]
-+ PR#2555, 2915, 3064, 3232
-+
-+ *) Work around incomplete implementation of strftime on Win32.
-+ [Manoj Kasichainula, Ken Parzygnat <kparz us.ibm.com>]
-+
-+ *) Move a typedef to fix compile problems on Linux with 1.x kernels.
-+ [Manoj Kasichainula] PR#3177
-+
-+ *) PORT: Add a port to the Concurrent PowerMAX OS. [Tom Horsley
-+ <Tom.Horsley mail.ccur.com>]
-+
-+ *) WIN32: Log more explicit error messages if spawning an interpreted
-+ script failed, including the command line used to attempt to execute
-+ the interpreter and the Win32 error code returned. [Marc Slemko]
-+
-+ *) Disable sending of error-notes on a 500 (Internal Server Error) response
-+ since it often includes file path info. Enable sending of error-notes
-+ on a 501 (Method Not Implemented). [Roy Fielding] PR#3173
-+
-+ *) http_config.c would respond with 501 (Method Not Implemented) if a
-+ content type handler was specified but could not be found, which
-+ should have been a 500 response. Likewise, mod_proxy.c would responsd
-+ with a 501 if the URI scheme is unrecognized instead of the correct
-+ response of 403 (Forbidden). [Roy Fielding]
-+
-+ *) SECURITY: Eliminate DoS attack when a bad URI path contains what
-+ looks like a printf format escape. [Marc Slemko, Studenten Net Twente]
-+
-+ *) Fix in mod_autoindex: for files where the last modified time stamp was
-+ unavailable, an empty string was printed which was 2 bytes short.
-+ The size and description columns were therefore not aligned correctly.
-+ [Martin Kraemer] (no PR#)
-+
-+ *) Update BS2000 OS code to work with recent versions. Starting with
-+ release A17, the child fork() must be replaced by a _rfork().
-+ (BS2000 only) [Martin Kraemer]
-+
-+ *) Add the actual server_rec structure of the specific Vhost to the
-+ scoreboard file and avoid a string copy (as well as allow some
-+ further future enhancements). [Harrie Hazewinkel
-+ <harrie.hazewinkel jrc.it>]
-+
-+ *) Add APACI --permute-module=foo:bar option which can be used to
-+ on-the-fly/batch permute the order of two modules (mod_foo and mod_bar)
-+ in the Configuration[.apaci] file. Two special and important variants are
-+ supported for the option argument: first BEGIN:foo which permutes module
-+ mod_foo with the begin of the module list, i.e. it `moves' the module to
-+ the begin of the list (gives it lowest priority). And second foo:END
-+ which permutes mod_foo with the end of the module list, i.e. it `moves'
-+ the module to the end of the list (gives it highest priority).
-+ [Ralf S. Engelschall]
-+
-+ *) Fix problem with 'apache -k shutdown' and startup event
-+ synchronisation (Win32). [Ken Parzygnat <kparz raleigh.ibm.com>]
-+ PR#3255
-+
-+ *) The config parser wasn't correctly noticing a missing '>'
-+ on container start lines (e.g., it wouldn't spot
-+ "<Directory /" as a syntax error). [Ryan Bloom <rbbloom us.ibm.com>]
-+ PR#3279
-+
-+ *) Add a 'RemoveHandler' directive which will selectively remove
-+ all handler associations for the specified file extensions.
-+ [Ryan Bloom <rbbloom us.ibm.com>] PR#1799.
-+
-+ *) Properly handle & allow "nul" and ".*/null" in AccessConfig and
-+ ResourceConfig directives on Win32. Also add a note to the effect
-+ of 'useless User directive ignored on Win32' to the errorlog if
-+ a User directive is encountered on Win32.
-+ [Ken Parzygnat <kparz raleigh.ibm.com>] PR#2078, 2303.
-+
-+ *) Fix multiple whitespace handling in imagemaps for mod_imap which was
-+ broken since Apache 1.3.1 where we took out compressing of multiple
-+ spaces in ap_cfg_getline().
-+ [Ivan Richwalski <ivan seppuku.net>] PR#3249
-+
-+ *) Fix Berkeley-DB/2.x support in mod_auth_db: The data structures were not
-+ initialized correctly and the db_open() call used an invalid mode
-+ parameter. [Ron Klatchko <ron ckm.ucsf.edu>] PR#3171
-+
-+ *) PORT: DSO support for UnixWare 7
-+ [Ralf S. Engelschall, Ron Record <rr sco.com>]
-+
-+ *) Merge the contents of the {srm,access}.conf-dist* files into the
-+ httpd.conf-dist* files. The srm and access files now contain
-+ only comments, and httpd.conf has all the combined contents in
-+ a rational order. [Ken Coar]
-+
-+ *) PORT: DSO/ELF support for FreeBSD 3.0.
-+ [Ralf S. Engelschall, Dirk Froemberg <ibex physik.TU-Berlin.DE>]
-+
-+ *) Add a "default-handler" handler that calls the default_hander()
-+ function which is normally called for static content. This allows
-+ you to override a specific handler. [Marc Slemko]
-+
-+ *) Further simplify checking for absolute paths by replacing an
-+ hard-coded syntax check with a call to a routine we already created to
-+ do this. [Ken Parzygnat <kparz raleigh.ibm.com>] PR#2976, 3074
-+
-+ *) Log an error if we encounter a malformed "require" directive
-+ in mod_auth if we know that we know that no other module can
-+ deal with it. [Marc Slemko]
-+
-+ *) Remove ap_private_extern method of hiding conflicting symbols
-+ on the NEXT platform because it is not correct for all versions,
-+ and the versions for which it is correct are unknown.
-+ [Wilfredo Sanchez <wsanchez apple.com>]
-+
-+ *) Fix inheritance of IndexOptions NameWidth and remove unintended
-+ restriction on +NameWidth, +IconHeight, and +IconWidth. [Ken Coar]
-+
-+ *) Fix per-directory config merging for cases in which a 500 error
-+ is encountered in an .htaccess file somewhere down the tree.
-+ [Ken Coar] PR#2409
-+
-+ *) Minor performance improvement to ap_escape_html(). [Roy Fielding]
-+
-+ *) Fixed a segmentation violation in mod_proxy when a response is
-+ non-cachable. [Roy Fielding, traced by Doug Bloebaum]. PR#2950, 3056
-+
-+Changes with Apache 1.3.3
-+
-+ *) Added a complete implementation of the Expect header field as
-+ specified in rev-05 of HTTP/1.1. Disabled the 100 Continue
-+ response when we already know the final status, which is mighty
-+ useful for PUT responses that result in 302 or 401. [Roy Fielding]
-+
-+ *) Remove extra trailing whitespace from the getline results as part
-+ of the protocol processing, which is extra nice because it works
-+ between continuation lines, is almost no cost in the normal case
-+ of no extra whitespace, and saves memory. [Roy Fielding]
-+
-+ *) Added new HTTP status codes and default response bodies from the
-+ revised HTTP/1.1 (307, 416, 417), WebDAV (102, 207, 422, 423), and
-+ HTTP Extension Framework (510) specifications. Did not add the
-+ WebDAV 424 and 425 codes because they are bogus. We don't use any
-+ of these codes yet, but they are now available to 3rd-party modules.
-+ [Roy Fielding]
-+
-+ *) Fix a possible race condition between timed-out requests and the
-+ ap_bhalfduplex select that might result in an infinite loop on
-+ platforms that do not validate the descriptor. [Roy Fielding]
-+
-+ *) WIN32: Add "-k shutdown" and "-k restart" options to signal a
-+ running Apache server [Paul Sutton]
-+
-+ *) Fix mod_autoindex bug where directories got a size of "0k" instead
-+ of "-". [Martin Plechsmid <plechsmi karlin.mff.cuni.cz>, Marc Slemko]
-+ PR#3130
-+
-+ *) PORT: DRS 6000 machine. [Paul Debleecker <pdebleecker jetair.be>]
-+
-+ *) Add the server signature text (from the core ServerSignature directive)
-+ to the list of envariables available to scripts, SSI, and the like.
-+ [Ken Coar]
-+
-+ *) PORT: Fix sys/resource.h handling for SCO 3.x platform.
-+ [M. Laak <maert proinv.ee>] PR#3108
-+
-+ *) Fallback from sysconf-based to plain HZ-based `ticks per second'
-+ calculation in mod_status for all systems which don't have POSIX
-+ sysconf() (like UTS 2.1) and not only for the NEXT platform.
-+ [Dave Dykstra <dwd bell-labs.com>] PR#3055
-+
-+ *) Fix `require ...' directive parsing in mod_auth, mod_auth_dbm and
-+ mod_auth_db by using ap_getword_white() (which uses ap_isspace())
-+ instead of ap_getword(..., ' ') (which parses only according to spaces
-+ but not tabs). [James Morris <jmorris intercode.com.au>,
-+ Ralf S. Engelschall] PR#3105
-+
-+ *) Fix the SERVER_NAME variable under sub-request situations (where
-+ `UseCanonicalName off' is used) like CGI's called from SSI pages or
-+ RewriteCond variables by adopting r->hostname to sub-requests.
-+ [James Grinter <jrg blodwen.demon.co.uk>] PR#3111
-+
-+ *) Fix stderr redirection under syslog-based error logging situation.
-+ [Youichirou Koga <y-koga jp.FreeBSD.org>] PR#3095
-+
-+ *) Document `ErrorLog syslog:facility' variant of error logging.
-+ [Youichirou Koga <y-koga jp.FreeBSD.org>] PR#3096
-+
-+ *) Fix http://localhost/ hints in top-level INSTALL document.
-+ [Rob Jenson <robjen spotch.com>, Ralf S. Engelschall] PR#3088
-+
-+ *) Quote paths in default configuration files. [Wilfredo Sanchez]
-+
-+ *) PORT: Remove extra HAVE_SYS_RESOURCE_H define for RHAPSODY since
-+ it is now taken care of properly by the header file tests.
-+ [Wilfredo Sanchez <wsanchez apple.com>]
-+
-+ *) Fix problem with scripts and filehandle inheritance on Win32.
-+ [Ken Parzygnat <kparz raleigh.ibm.com>] PR#2884, 2910
-+
-+ *) Win32 name canonicalisation could end up using the server's
-+ working directory to fill in some blanks. [Ken Parzygnat
-+ <kparz raleigh.ibm.com>] PR#3001
-+
-+ *) Correct invalid assumption by ap_sub_req_lookup_file() that all
-+ absolute paths begin with "/" -- because they don't on Win32.
-+ [Ken Parzygnat <kparz raleigh.ibm.com>] PR#2976, 3074
-+
-+ *) Add [REDIRECT_]VARIANTS environment variable to mod_speling
-+ so that ErrorDocument 300 processors can reformat the list
-+ if desired. [Ken Coar] PR#2859
-+
-+ *) Add +/- incremental prefixes to IndexOptions keywords, and
-+ enable merging of multiple IndexOptions directives. [Ken Coar]
-+
-+ *) PORT: Allow GuessOS to recognize Unixware 7.0.1 [Steve Cameron
-+ <steve.cameron compaq.com>]
-+
-+ *) Reconstructed the loop through multiple htaccess file names so
-+ that missing files are not confused with unreadable files.
-+ [Roy Fielding]
-+
-+ *) The ap_pfopen and ap_pfdopen routines were failing to protect the
-+ errno on an error, which leads to one error being mistaken for
-+ another when reading non-existent .htaccess files.
-+ [Jim Jagielski]
-+
-+ *) OS/2: The new header tests get things right, need to update
-+ ap_config.h. [Brian Havard]
-+
-+ *) The Perl %ENV hash will now be setup by default when using the
-+ mod_include `perl' command [Doug MacEachern]
-+
-+ *) PORT: Add Pyramid DC/OSx support to configuration mechanism.
-+ [Earle Ake <akee wpdiss1.wpafb.af.mil>]
-+
-+ *) PORT: Fix sys/resource.h handling for Amdahl's UTS 2.1
-+ [Dave Dykstra <dwd bell-labs.com>] PR#3054
-+
-+ *) Correct comment in mod_log_config.c about its internals.
-+ [Elf Sternberg <elf halcyon.com>]
-+
-+ *) Avoid possible line overflow in Configure: Use an awkfile to
-+ handle the creation of modules.c [Jim Jagielski]
-+
-+Changes with Apache 1.3.2
-+
-+ *) Fix bug in ap_remove_module(), which caused problems for dso's
-+ who were the top_module. [Doug MacEachern]
-+
-+ *) Add support for Berkeley-DB/2.x (in addition to Berkeley-DB/1.x) to
-+ mod_auth_db to both be friendly to users who wants to use this version
-+ and to avoid problems under platforms where only version 2.x is present.
-+ [Dan Jacobowitz <drow false.org>, Ralf S. Engelschall]
-+
-+ *) When using ap_log_rerror(), make the error message available to the
-+ *ERROR_NOTES envariables by default. [Ken Coar]
-+
-+ *) BS2000 platform only: get rid of the nasty BS2000AuthFile.
-+ You now must define a BS2000Account name for the server User.
-+ This has fewer security implications than the old approach.
-+ [Martin Kraemer]
-+
-+ *) Fix SHARED_CORE feature for HPUX platform: We now use extension `.sl'
-+ instead of `.so' and `SHLIB_PATH' instead of `LD_LIBRARY_PATH' on this
-+ platform to make the braindead HPUX linker happy. Notice, for the module
-+ DSOs we don't have to use this, because these are loaded manually (and
-+ not via HPUX' dld). [Ralf S. Engelschall] PR#2905, PR#2968
-+
-+ *) Remove 64 thread limit on Win32.
-+ [Bill Stoddard <stoddard raleigh.ibm.com>]
-+
-+ *) Remove redundant substitutions in top-level Makefile.tmpl.
-+ [Ralf S. Engelschall]
-+
-+ *) Fix APACI's `Group' configuration adjustment - especially for Linux
-+ platforms where `nogroup' exists in /etc/group. [Ralf S. Engelschall]
-+
-+ *) Make PrintPath work generically instead of having one version
-+ strictly for OS/2. [Jim Jagielski, Brian Havard]
-+
-+ *) Fix the recently introduced C header file checking: We now use the C
-+ pre-processor pass only (and no longer the complete compiler pass) to
-+ determine whether a C header file exists or not. Because only this way
-+ we're safe against inter-header dependencies (which caused horrible
-+ portability problems). The only drawback is that we now have a CPP
-+ configuration variable which has to be determined first (we do a similar
-+ approach as GNU Autoconf does here). When all fails the user still has
-+ the possibility to override it manually via APACI or src/Configuration.
-+ As a fallback for the header check itself we can directly check the
-+ existance of the file under /usr/include, too.
-+ [Ralf S. Engelschall] PR#2777
-+
-+ *) PORT: Added RHAPSODY (Mac OS X Server) support. MAP_TMPFILE defined
-+ as an alternate mechanism for mmap'd shared memory for RHAPSODY.
-+ ap_private_extern defined to hide symbols that conflict with loaded
-+ dynamic libraries on the NEXT and RHAPSODY platforms.
-+ [Wilfredo Sanchez <wsanchez apple.com>]
-+
-+ *) Delete PID file on clean shutdowns.
-+ [Charles Randall <crandall matchlogic.com>] PR#2947
-+
-+ *) Fix mod_auth_*.html documents: NSCA -> NCSA
-+ [Youichirou Koga <y-koga jp.FreeBSD.org>] PR#2991
-+
-+ *) Fix INSTALL document: www.gnu.ai.mit.edu -> www.gnu.org
-+ [Karl Berry <karl gnu.org>] PR#2994
-+
-+ *) Fix dbmmanage.1 manual page.
-+ [Youichirou Koga <y-koga jp.FreeBSD.org>] PR#2992
-+
-+ *) Fix possible buffer overflow situation in suexec.c.
-+ [Jeff Stewart <jws purdue.edu>] PR#2790
-+
-+ *) Add some more LIBS for the SCO5 platform which are needed for the already
-+ used -lprot. It's actually a bug in SCO5, of course.
-+ [Ronald Record <rr sco.com>] PR#2533
-+
-+ *) Fix documentation of ProxyPass/ProxyPassReverse according to the
-+ trailing slash problem. [Jon Drukman <jsd gamespot.com>] PR#2933
-+
-+ *) Remove `-msym' option from LDFLAGS_SHLIB for the Digital UNIX (OSF/1)
-+ platform, because it's only supported under version 4.0 and higher. But
-+ because our GuessOS is still unaware of Digital UNIX versions and the
-+ -msym is just to optimize the DSO statup time a little bit it's safe and
-+ best when we leave it out now. [Ralf S. Engelschall] PR#2969
-+
-+ *) Fix the ap_log_error_old(), ap_log_unixerr() and ap_log_printf()
-+ functions: First all three functions no longer fail on strings containing
-+ "%" chars and second ap_log_printf() no longer does a double-formatting
-+ (instead it directly passes through the message to be formatted to the
-+ real internal formatting function). [Ralf S. Engelschall] PR#2941
-+
-+ *) Allow "Include" directives anywhere in the server config
-+ files (but not .htaccess files). [Ken Coar] PR#2727
-+
-+ *) The proxy was refusing to serve CONNECT requests except to
-+ port 443 (https://) and 563 (snews://). The new AllowCONNECT
-+ directive allows the configuration of the ports to which a
-+ CONNECT is allowed. [Sameer Parekh, Martin Kraemer]
-+
-+ *) mod_expires will now act on content that is not sent from a file
-+ on disk. Previously it would never add an Expires: header to
-+ any response that did not come from a file on disk; the only
-+ case where it still doesn't (and can't) add one for that type of
-+ content is if you are using a modification date based setting.
-+ [Marc Slemko, Paul Phillips <paulp go2net.com>]
-+
-+ *) Problems encountered during .htaccess parsing or CGI execution
-+ that lead to a "500 Server Error" condition now provide explanatory
-+ text (in the *ERROR_NOTES envariable) to ErrorDocument 500 scripts.
-+ [Ken Coar] PR#1291
-+
-+ *) Add NameWidth keyword to IndexOptions directive so that the
-+ width of the filename column is customisable. [Ken Coar, Dean Gaudet]
-+ PR#1949, 2324.
-+
-+ *) Recognize lowercase _and_ uppercase `uname' results under
-+ SCO OpenServer. [David Coelho <drc ppt.com>]
-+
-+ *) As duplicate "HTTP/1.0 200 OK" lines within the header seem to be
-+ a common problem of (mis-administrated?) IIS servers, make the apache
-+ proxy immune to these errors (and ignore the duplicates, but log
-+ the fact to error_log). [Martin Kraemer], after the proposal in PR#2914
-+
-+ *) The <IfModule and <IfDefine block starting directives now only
-+ allow exactly one argument. Previously, the optional negation
-+ character '!' could be separated by whitespace without a syntax
-+ error being reported, albeit defeating the IfModule functionality
-+ (enclosed directives would ALWAYS be executed). By using the
-+ stricter syntax, these hard-to-track errors can be avoided.
-+ [Martin Kraemer]
-+
-+ *) Simplify handling of IndexOptions in mod_autoindex -- and BTW
-+ cause the standalone FancyIndexing directive to logically OR
-+ into any existing IndexOptions settings rather than wiping
-+ them out. [Ken Coar]
-+
-+ *) Changes in ftp proxy: make URL parsing simpler by using the
-+ parsed_uri stuff.
-+ + Add display of the "current directory" in cases where it's
-+ different from the supplied path (e.g., ftp://user@host/ lives
-+ in /home/user, not in /, therefore clicking on "../" in the
-+ starting directory might send us to /home/).
-+ + When ftp login fails, (esp. when a user name was part of the
-+ URL already), we now return [401 Unauthorized ] to allow the
-+ browser to pop up an authorization dialog. This makes passwords
-+ slightly less visible (they don't appear in the regular log files)
-+ and implements a functionality that other www proxy servers
-+ already offered.
-+ [Martin Kraemer]
-+
-+ *) Triggered by the recent "Via:" header changes, the proxy module would
-+ dump core for replies with invalid headers (e.g., duplicate
-+ "HTTP/1.0 200 OK" lines). These errors are now logged and the
-+ core dump is avoided. Also, broken replies are not cached.
-+ [Martin Kraemer] PR#2914
-+
-+ *) new `GprofDir' directive when compiled with -DGPROF, where gprof can
-+ plop gmon.out profile data for each child [Doug MacEachern]
-+
-+ *) Use the construct ``"$@"'' instead of ``$*'' in the generated
-+ config.status script to be immune against arguments with whitespaces.
-+ [Yves Arrouye <yves apple.com>] PR#2866
-+
-+ *) Replace the inlined information grabbing stuff for the configuration
-+ adjustment feature (no --without-confadjust) with calls to a new helper
-+ script `buildinfo.sh' which is both more flexible and already proofed to
-+ be more robust against platform differences. This mainly fixes the
-+ recently occured ``sed: command garbled: ...'' problems.
-+ [Ralf S. Engelschall] PR#2776, PR#2848
-+
-+ *) Make ab.c again pass ``gcc -Wall -Wshadow -Wpointer-arith -Wcast-align
-+ -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''
-+ without complains after we recently added the POST feature.
-+ [Ralf S. Engelschall]
-+
-+ *) Renamed is_HTTP_xxx() macros to ap_is_HTTP_xxx() name. They are used inside
-+ modules as API functions and we forgot them at the big symbol renaming.
-+ [Ralf S. Engelschall]
-+
-+ *) Remove bad reference to non-existing SERVER_VERSION in mod_rewrite.html
-+ [Youichirou Koga <y-koga jp.FreeBSD.ORG>] PR#2895
-+
-+ *) Dynamically size the filename column of mod_autoindex output.
-+ [Dean Gaudet]
-+
-+ *) Add the ability to do POST requests to the ab benchmarking tool.
-+ [Kurt Sussman <kls best.com>] PR#2871
-+
-+ *) Bump up MAX_ENV_FLAGS in mod_rewrite.h from the too conservatice limit of
-+ 5 to 10 because there are some users out there who always have 5 to 8
-+ variables in one RewriteRule and had to patch mod_rewrite.h for every
-+ release. So 15 should be now more than enough, even for them. (I never
-+ needed more than 4 in my RewriteRules ;-)
-+ [Ralf S. Engelschall]
-+
-+ *) Make the proxy generate and understand Via: headers
-+ [Martin Kraemer]
-+
-+ *) Change the proxy to use tables instead of array_headers for
-+ the header lines. [Martin Kraemer]
-+
-+ *) Make sure the config.status file is not overridden when just
-+ ``configure --help'' is used. [Ralf S. Engelschall] PR#2844
-+
-+ *) Split MODULE_MAGIC_NUMBER into _MAJOR/_MINOR numbers. This should
-+ provide a way to trace API changes that add functionality but do
-+ not create a compatibility issue for precompiled modules, etc.
-+ See include/ap_mmn.h for more details. [Randy Terbush]
-+
-+ *) Fix suexec installation under `make install root=xxx' situation.
-+ [Ralf S. Engelschall]
-+
-+ *) Extend the output of the -V switch to include the paths of all
-+ compiled-in configuration files, if they were overridden at
-+ compile time, for least astonishment of the user.
-+ [Martin Kraemer]
-+
-+ *) When READing a request in ExtendedStatus mode, the "old"
-+ vhost, request and client information is not displayed.
-+ [Jim Jagielski]
-+
-+ *) STATUS is no longer available. Full status information now
-+ run-time configurable using the ExtendedStatus directive.
-+ [Jim Jagielski]
-+
-+ *) SECURITY [CAN-1999-1199] (cve.mitre.org):
-+ Eliminate O(n^2) space DoS attacks (and other O(n^2)
-+ cpu time attacks) in header parsing. Add ap_overlap_tables(),
-+ a function which can be used to perform bulk update operations
-+ on tables in a more efficient manner.
-+ [Dean Gaudet]
-+
-+ *) SECURITY: Added compile-time and configurable limits for
-+ various aspects of reading a client request to avoid some simple
-+ denial of service attacks, including limits on maximum request-line
-+ size (LimitRequestLine), number of header fields (LimitRequestFields),
-+ and size of any one header field (LimitRequestFieldsize). Also added
-+ a configurable directive LimitRequestBody for limiting the size of the
-+ request message body. [Roy Fielding]
-+
-+ *) Make status module aware of DNS and logging states, even if
-+ STATUS not defined. [Jim Jagielski]
-+
-+ *) Fix a problem with the new OS/2 mutexes. [Brian Havard]
-+
-+ *) Enhance mod_speling so that CheckSpelling can be used in
-+ <Directory> containers and .htaccess files. [Ken Coar]
-+
-+ *) API: new ap_custom_response() function for hooking into the
-+ ErrorDocument mechanism at runtime [Doug MacEachern]
-+
-+ *) API: new ap_uuencode() function [Doug MacEachern]
-+
-+ *) API: scan_script_header_err_core() now "public" and renamed
-+ ap_scan_script_header_err_core() [Doug MacEachern]
-+
-+ *) The 'status' module will now show the process pid's and their
-+ state even without full STATUS accounting. [Jim Jagielski]
-+
-+ *) Restore the client IP address to the error log messages, this
-+ was lost during the transition from 1.2 to 1.3. Add a new
-+ function ap_log_rerror() which takes a request_rec * and
-+ formats it appropriately. [Dean Gaudet] PR#2661
-+
-+ *) Cure ap_cfg_getline() of its nasty habit of compressing internal
-+ whitespace in input lines -- including within quoted strings.
-+ [Ken Coar]
-+ but leading and trailing whitespace should continue to be
-+ stripped [Martin Kraemer]
-+
-+ *) Cleanup of the PrintPath/PrintPathOS2 helper functions. Avoid
-+ the ugly use of an env. variable and use command-line args for
-+ alternate $PATH. Make more like advanced 'type's as well.
-+ [Jim Jagielski]
-+
-+ *) The IRIXN32 Rule was being ignored. Configure now correctly adds
-+ -n32 only if IRIXN32 says to. [Jim Jagielski, Alain St-Denis
-+ <alain.st-denis ec.gc.ca>] PR#2736
-+
-+ *) Clean up a warning in mod_proxy. [Ralf S. Engelschall]
-+
-+ *) Renamed __EMX__ (internal define of the gcc port under OS/2) to OS2
-+ following the same idea as "MSVC vs WIN32". Additionally the src/os/emx/
-+ directory was renamed to src/os/os2/ for consistency.
-+ [Brian Havard, Ralf S. Engelschall]
-+
-+ *) Add new Rule SHARED_CHAIN which can be used to enable linking of DSO
-+ files (here modules) against other DSO files (here shared libraries).
-+ This is done by determining a subset of LIBS which can be safely used for
-+ linking the DSOs, i.e. PIC libs and shared libs. Currently the rule is
-+ disabled for all platforms to avoid problems with this (experimental)
-+ rule. But we provide it now for those people how ran into problems and
-+ want to came out by forcing linking against DSOs.
-+ [Ralf S. Engelschall] PR#2587
-+
-+ *) Fix suEXEC start message: Has to be of `notice' level to really get
-+ printed together with the standard startup message because the `notice'
-+ level is handled special inside ap_log_error() for startup messages.
-+ [Ralf S. Engelschall] PR#2761 PR#2761 PR#2765
-+
-+ *) Add correct `model' MIME types from RFC2077 to mime.types file.
-+ [Ralf S. Engelschall] PR#2732
-+
-+ *) Fixed examples in mod_rewrite.html document.
-+ [Youichirou Koga <y-koga jp.FreeBSD.org>, Ralf S. Engelschall] PR#2756
-+
-+ *) Allow ap_read_request errors to propagate through the normal request
-+ handling loop so that the connection can be properly closed with
-+ lingering_close, thus avoiding a potential TCP reset that would
-+ cause the client to miss the HTTP error response. [Roy Fielding]
-+
-+ *) One more portability fix for APACI shadow tree support: Swap order of awk
-+ and sed in top-level configure script to avoid sed fails on some
-+ platforms (for instance SunOS 4.1.3 and NCR SysV) because of the
-+ non-newline-termined output of Awk. [Ralf S. Engelschall] PR#2729
-+
-+ *) PORT: NEC EWS4800 support.
-+ [MATSUURA Takanori <t-matsuu protein.osaka-u.ac.jp>]
-+
-+ *) Fix a segfault in the proxy on OS/2. [Brian Havard]
-+
-+ *) Fix Win32 part of ap_spawn_child() by providing a reasonable child_info
-+ structure instead of just NULL. This fixes at least the RewriteMap
-+ programs under Win32. [Marco De Michele <mdemichele tin.it>] PR#2483
-+
-+ *) Add workaround to top-level `configure' script for brain dead
-+ `echo' commands which interpet escape sequences per default.
-+ [Ralf S. Engelschall] PR#2654
-+
-+ *) Make sure that the path to the Perl interpreter is correctly
-+ adjusted under `make install' also for the printenv CGI script.
-+ [Ralf S. Engelschall] PR#2595
-+
-+ *) Update the mod_rewrite.html document to correctly reflect the situation
-+ of the `proxy' (`[P]') feature. [Ralf S. Engelschall] PR#2679
-+
-+ *) Fix `install-includes' sub-target of `install' target in top-level
-+ Makefile.tmpl: The umask+cp approach didn't work as expected (especially
-+ for users which extracted the distribution under 'umask 077'), so replace
-+ it by an explicit cp+chmod approach.
-+ [Richard Lloyd, Curt Sampson, Ralf S. Engelschall] PR#2656 PR#2626
-+
-+ *) Fix `distclean' and `clean' targets in src/Makefile.tmpl to have same
-+ behavior and to cleanup correctly even under enabled SHARED_CORE rule.
-+ [Ralf S. Engelschall]
-+
-+ *) Use a more straight forward and thus less problematic Sed command in
-+ src/helper/mkdir.sh script. [Ralf S. Engelschall]
-+
-+ *) Make sure the `configure' scripts doesn't fail when trying to guess the
-+ domainname of the machine and there are multiple `domainname' and
-+ `search' entries in /etc/resolv.conf.
-+ [Ralf S. Engelschall] PR#2710
-+
-+ *) Add note about the SHARED_CORE requirement on some platforms also to the
-+ INSTALL file because a lot of users don't read htdocs/manual/dso.html
-+ first. [Ralf S. Engelschall] PR#2701
-+
-+ *) Fix document "hyperlink" for dso.html in src/Configuration.tmpl
-+ [Knut A.Syed <Knut.Syed nhh.no>] PR#2674
-+
-+ *) Modify mod_rewrite to update the Vary response field if the URL rewriting
-+ engine does any manipulations or decisions based upon request fields.
-+ [Ken Coar] PR#1644
-+
-+ *) Document the special APACI behavior for installation paths where
-+ ``/apache'' is appended to paths under some (well defined, of course)
-+ situations to prevent pollution of system locations with Apache files.
-+ [Ralf S. Engelschall] PR#2660
-+
-+ *) Fixed problem with buffered response message not being sent for
-+ the read_request error conditions of URI-too-long (414) and
-+ malformed header fields (400). [Roy Fielding] PR#2646
-+
-+ *) Add support for the Max-Forwards: header line required by RFC2068 for
-+ the TRACE method. This allows apache to TRACE along a chain of proxies
-+ up to a predetermined depth. [Martin Kraemer]
-+
-+ *) Fix SHARED_CORE rule: The CFLAGS_SHLIB variable is no longer doubled
-+ (compilers complained) and the .so.V.R.P filename extension was adjusted
-+ to correctly reflect the 1.3.2 version.
-+ [Ralf S. Engelschall] PR#2644
-+
-+ *) SECURITY: Plug "..." and other canonicalization holes under OS/2.
-+ [Brian Havard]
-+
-+ *) PORT: implement serialized accepts for OS/2. [Brian Havard]
-+
-+ *) mod_include had problems with the fsize and flastmod directives
-+ under WIN32. Fix also avoids the minor security hole of using
-+ ".." paths for fsize and flastmod.
-+ [Manoj Kasichainula <manojk raleigh.ibm.com>] PR#2355
-+
-+ *) Fixed some Makefile dependency problems. [Dean Gaudet]
-+
-+Changes with Apache 1.3.1
-+
-+ *) Disable the incorrect entry for application/msword in the
-+ mod_mime_magic "magic" file because it also matches other Office
-+ documents. [Ralf S. Engelschall] PR#2608
-+
-+ *) Fix broken RANLIB handling in src/Configure (the entry from
-+ src/Configuration.tmpl was ignored) and additionally force RANLIB to
-+ /bin/true under HP/UX where ranlib exists but is deprecated.
-+ [Ralf S. Engelschall] PR#2627
-+
-+ *) 'apachectl status' failed on some systems.
-+ [Steve VanDevender <stevev darkwing.uoregon.edu>, Lars Eilebrecht] PR#2613
-+
-+ *) Add new flags for ap_unparse_uri_components() to make it generate
-+ the scheme://sitepart string only, or to omit the query string.
-+ [Martin Kraemer]
-+
-+ *) WIN32: Canonicalize ServerRoot before checking to see if it
-+ is a valid directory. The failure to do this caused certain
-+ ServerRoot settings (eg. "ServerRoot /apache") to be improperly
-+ rejected. [Marc Slemko]
-+
-+ *) Global renaming of C header files to both get rid of conflicts with third
-+ party packages and to again reach consistency:
-+ 1. conf.h -> ap_config.h
-+ 2. conf_auto.h -> ap_config_auto.h \ these are now merged
-+ 3. ap_config.h -> ap_config_auto.h / in the config process
-+ 4. compat.h -> ap_compat.h
-+ 5. apctype.h -> ap_ctype.h
-+ Backward compatibility files for conf.h and compat.h were created.
-+
-+ *) mod_mmap_static will no longer take action on requests unless at
-+ least one "mmapfile" directive is present in the configuration.
-+ This experimental module has to do some black magic to operate
-+ inside the current API and thus creates side-effects for other
-+ modules under some circumstances.
-+ [Ralf S. Engelschall]
-+
-+ *) Add conservative ticks around more egrep arguments in top-level configure
-+ to avoid problems under brain-dead platforms like Digital UNIX (OSF1).
-+ [Ralf S. Engelschall] PR#2596
-+
-+ *) mod_rewrite created RewriteLock files under the UID of the parent
-+ process, thus the child processes had no write access to the files.
-+ Now a chown() is done on the file to the uid of the children,
-+ if applicable. [Lars Eilebrecht, Ralf S. Engelschall] PR#2341
-+
-+ *) Autogenerate some HAVE_XXXXX_H defines in conf_auto.h (determined via
-+ TestCompile) instead of defining them manually in conf.h based on less
-+ accurate platform definitions. This way we no longer have to fiddle with
-+ OS-type and/or OS-version identifiers to discover whether a system header
-+ file exists or not. Instead we now directly check for the existence of
-+ those esoteric ones.
-+ [Ralf S. Engelschall] PR#2093, PR#2361, PR#2377, PR#2434,
-+ PR#2524, PR#2525, PR#2533, PR#2569
-+
-+ *) mod_setenvif (BrowserMatch* and friends) will now match a missing
-+ field with "^$". [Ken Coar]
-+
-+ *) Set the RTLD_GLOBAL dlopen mode parameter to allow dynamically loaded
-+ modules to load their own modules dynamically. This improves mod_perl
-+ and mod_php3 when these modules are loaded dynamically into Apache.
-+ [Rasmus Lerdorf]
-+
-+ *) Cache a proxied request in the event that the client cancels the
-+ transfer, provided that the configured percentage of the file has
-+ already been transfered. It works for HTTP transfers only. The
-+ new configuration directive is called CacheForceCompletion.
-+ [Glen Parker <glenebob nwlink.com>] PR#2277
-+
-+ *) Add the "<!DOCTYPE HTML" magic cookie used by modern documents (and
-+ required by HTML 3.2 and later) to mod_mime_magic's conf/magic.
-+ [Anna Shergold <anna inext.co.uk>]
-+
-+ *) Fix yet another signal-based race condition involving nested timers.
-+ Signals suck. [Dean Gaudet]
-+
-+ *) suexec's error messages have been clarified a little bit. [Ken Coar]
-+
-+ *) Clean up some, but perhaps not all, 8-bit character set problems
-+ with config file parsing, and URL parsing. We now define
-+ ap_isdigit(), ap_isupper(), ... which cast to an (unsigned char).
-+ This should work on most modern unixes.
-+ [Dean Gaudet] PR#800, 2282, 2553 (and others)
-+
-+ *) The "handler not found" error was issued in cases where the handler
-+ really did exist, but was just declining to serve the request.
-+ [John Van Essen <jve gamers.org>] PR#2529
-+
-+ *) Add Dynamic Shared Object (DSO) support for SCO5 (OpenServer 5.0.x).
-+ [Ronald Record <rr sco.com>] PR#2533
-+
-+ *) The APACI libexecdir was not extended with an "apache/" subdir
-+ if the installation prefix didn't already contain "apache", but
-+ it should be because the DSO files are Apache-specific. Now
-+ libexecdir is treated the same way sysconfdir, datadir, localstatedir
-+ and includedir are already treated.
-+ [Charles Levert <charles comm.polymtl.ca>] PR#2551
-+
-+ *) The <Limit> parsing routine was incorrectly treating methods as
-+ case-insensitive. [Ken Coar]
-+
-+ *) The ap_bprintf() code neglected to test if there was an error on
-+ the connection. ap_bflush() misdiagnosed a failure as a success.
-+ [Dean Gaudet]
-+
-+ *) add support for #perl arg interpolation in mod_include
-+ [Doug MacEachern]
-+
-+ *) API: Name changes of table_elts to ap_table_elts, is_table_empty
-+ to ap_is_table_empty and bgetflag to ap_bgetflag. [Ben Laurie]
-+
-+ *) PORT: Add UnixWare 7 support
-+ [Vadim Kostoglodoff <vadim olly.ru>] PR#2463
-+
-+ *) Fix the Guess-DSO-flags-from-Perl stuff in src/Configure: "perl" was
-+ used instead of "$PERL" which contains the correctly determined Perl
-+ interpreter (important for instance on systems where "perl" and "perl5"
-+ exists, like BSDI or FreeBSD, etc).
-+ [Ralf S. Engelschall] PR#2505
-+
-+ *) Move the initial suEXEC-related startup message from plain
-+ fprintf()/stderr to a delayed ap_log_error()-based one to avoid problems
-+ when Apache is started from inetd (instead of standalone). Under this
-+ situation startup messages on stderr lead to problems (the line is sent
-+ to the client in front of the requested document).
-+ [Ralf S. Engelschall] PR#871, PR#1318
-+
-+ *) Add a flag so ap_fnmatch() can be used for case-blind pattern matching.
-+ [Ken Coar, Dean Gaudet]
-+
-+ *) WIN32: Don't collapse multiple slashes in PATH_INFO.
-+ [Ben Laurie, Bill Stoddard <wgstodda us.ibm.com>] PR#2274
-+
-+ *) WIN32 SECURITY: Eliminate trailing "."s in path components. These are
-+ ignored by the Windows filesystem, and so can be used to bypass security.
-+ [Ben Laurie, Alexei Kosut].
-+
-+ *) We now attempt to dump core when we get SIGILL. [Jim Jagielski]
-+
-+ *) PORT: remove broken test for MAP_FILE in http_main.c.
-+ [Wilfredo Sanchez <wsanchez apple.com>]
-+
-+ *) PORT: Change support/apachectl to use "kill -0 $pid" to test if the
-+ httpd is running. This should be more portable than figuring out
-+ which of three dozen different versions of "ps" are installed.
-+ [a cast of dozens]
-+
-+ *) WIN32: If we can't figure out how to execute a file in a script
-+ directory, bail out of the request with an error message. [W G Stoddard]
-+
-+ *) WIN32 SECURITY: Eliminate directories consisting of three or more dots;
-+ these are treated by Win32 as if they are ".." but are not detected by
-+ other machinery within Apache. This is something of a kludge but
-+ eliminates a security hole. [Manoj Kasichainula, Ben Laurie]
-+
-+ *) Move ap_escape_quotes() from src/ap to src/main/util.c; it uses
-+ pools and thus pollutes libap (until the pool stuff is moved there).
-+ [Ken Coar]
-+
-+ *) IndexIgnore should be case-blind on Win32 (and any other case-aware
-+ but case-insensitive platforms). New #define for this added to conf.h
-+ (CASE_BLIND_FILESYSTEM). [Ken Coar] PR#2455
-+
-+ *) Enable DSO support for OpenBSD in general, not only for 2.x, because it
-+ also works for OpenBSD 1.x. [Ralf S. Engelschall]
-+
-+ *) PORT: Fix compilation problem on ARM Linux.
-+ [Sam Kington <sam illuminated.co.uk>] PR#2443
-+
-+ *) Let APACI's configure script determine some configuration parameters
-+ (Group, Port, ServerAdmin, ServerName) via some intelligent tests to
-+ remove some of the classical hurdles for new users when setting up
-+ Apache. This is done per default because it is useful for the average
-+ user. Package authors can use the --without-confadjust option to disable
-+ these configuration adjustments.
-+ [Ralf S. Engelschall]
-+
-+ *) Added an EXTRA_DEPS configuration parameter which can be used
-+ to add an extra Makefile dependency for the httpd target, for instance
-+ to external third-party libraries, etc.
-+ [Ralf S. Engelschall]
-+
-+ *) Add <IfDefine>..</IfDefine> sections to the core module (with same spirit
-+ as <IfModule>..</IfModule> sections) which can be used to skip or process
-+ contained commands dependend of ``-D PARAMETER'' options on the command
-+ line. This can be used to achieve logical conditions like <IfDefine
-+ ReverseProxy> instead of physically ones (e.g. <IfModule mod_proxy.c>)
-+ and thus especially can be used for conditionally loading DSO-based
-+ modules via LoadModule, etc. [Ralf S. Engelschall]
-+
-+ *) PORT: clean up a warning in mod_status for OS/2. [Brian Havard]
-+
-+ *) Make table elements const. This may prevent obscure errors. [Ben Laurie]
-+
-+ *) Fix parsing of FTP `SIZE' responses in proxy module: The newline was not
-+ truncated which forced following HTTP headers to be data in the HTTP
-+ reponse. [Ralf S. Engelschall, Charles Fu <ccwf bacchus.com>]
-+ PR#2412, 2367
-+
-+ *) Portability fix for APACI shadow tree support: Swap order of awk and sed
-+ in top-level configure script to avoid sed fails on some platforms (for
-+ instance SunOS 4.1.3 and NCR SysV) because of the non-newline-termined
-+ output of Awk. [Bill Houle <bhoule sandiegoca.ncr.com>] PR#2435
-+
-+ *) Improve performance of directory listings (mod_autoindex) by comparing
-+ integer keys (last-modified and size) as integers rather than converting
-+ them to strings first. Also use a set of explicit byte tests rather
-+ than strcmp() to check for parent directory-ness of an entry. Oh, and
-+ make sure the parent directory (if displayed) is *always* listed first
-+ regardless of the sort key. Overall performance winnage should be good
-+ in CPU time, instruction cache, and memory usage, particularly for large
-+ directories. [Ken Coar]
-+
-+ *) Add a tiny but useful goody to APACI's configure script: The generation
-+ of a config.status script (as GNU Autoconf does) which remembers the used
-+ configure command and hence can be used to restore the configuration by
-+ just re-running this script or for remembering the configuration between
-+ releases.
-+ [Ralf S. Engelschall]
-+
-+ *) Add httpd -t (test) option for running configuration syntax tests only.
-+ If something is broken it complains and exits with a return code
-+ non-equal to 0. This can be used manually by the user to check the Apache
-+ configuration after editing and is also automatically used by apachectl
-+ on (graceful) restart command to make sure Apache doesn't die on restarts
-+ because of a configuration which is now broken since the last (re)start.
-+ This way `apachectl restart' can be used inside cronjobs without having
-+ to expect Apache to be falling down. Additionally the httpd -t can be run
-+ via `apachectl configtest'.
-+ [Ralf S. Engelschall] PR#2393
-+
-+ *) Minor display fix for "install" target of top-level Makefile:
-+ the displayed installation command was incorrect although the
-+ executed command was correct. Now they are in sync.
-+ [Ralf S. Engelschall] PR#2402
-+
-+ *) Correct initialization of variable `allowed_globals' in http_main.c
-+ [Justin Bradford <justin ukans.edu>] PR#2400
-+
-+ *) Apache would incorrectly downcase the entire Content-Type passed from
-+ CGIs. This affected server-push scripts and such which use
-+ multipart/x-mixed-replace;boundary=ThisRandomString.
-+ [Dean Gaudet] PR#2394
-+
-+ *) PORT: QNX update to properly guess 32-bit systems.
-+ [Sean Boudreau <seanb qnx.com>] PR#2390
-+
-+ *) Make sure the DSO emulation code for HPUX finds the proprietary shl_xxx()
-+ functions which are in libdld under HPUX 9/10.
-+ [Ralf S. Engelschall] PR#2378
-+
-+ *) Make sure the "install" target of the top-level Makefile doesn't break
-+ because of a return code of 1 from an "if" (for instance under braindead
-+ Ultrix the result code of an "if" construct is 1 if the "then" clause
-+ didn't match). [Ralf S. Engelschall]
-+
-+ *) Add an additional "dummy" target to the "$(LIB)" target in generated
-+ modules/xxx/Makefile's to avoid problems with SVR4 Make under "full-DSO"
-+ situation (no libxxx.a built, only mod_xxx.so's) where LIB and OBJS are
-+ empty. [Ralf S. Engelschall, Dean Gaudet, Martin Kraemer]
-+
-+ *) Replace two bad sprintf() calls with ap_snprintf() variants in
-+ mod_rewrite. [Ralf S. Engelschall]
-+
-+ *) Fix missing usage description for MetaFiles directive.
-+ [David MacKenzie <djm va.pubnix.com>] PR#2384
-+
-+ *) mod_log_config wouldn't let vhosts use log formats defined in the
-+ main server. [Christof Damian <damian mediaconsult.com>] PR#2090
-+
-+ *) mod_usertrack was corrupting the client hostname. As part of the
-+ fix, the cookie values were slightly extended to include the
-+ fully qualified hostname of the client.
-+ [Dean Gaudet] PR#2190, 2229, 2366
-+
-+ *) Fix a typo in pool debugging code. [Alvaro Martinez Echevarria]
-+
-+ *) mod_unique_id did not work on alpha linux (in general on any
-+ architecture that has 64-bit time_t).
-+ [Alvaro Martinez Echevarria]
-+
-+ *) PORT: Make SCO 5 (and probably 3) compile again. [Ben Laurie]
-+
-+ *) PORT: NCR MPRAS systems have the same bug with SIGHUP restart that
-+ Solaris systems experience. So define WORKAROUND_SOLARIS_BUG.
-+ [Klaus Weber <kweber chephren.germany.ncr.com>] PR#1973
-+
-+ *) Change "Options None" to "Options FollowSymLinks" in the
-+ <Directory /> section of the default access.conf-dist
-+ (and -win even though it doesn't matter there). This has better
-+ performance, and more intuitive semantics. [Dean Gaudet]
-+
-+ *) PORT: Updated support for UTS 2.1.2.
-+ [Dave Dykstra <dwd bell-labs.com>] PR#2320
-+
-+ *) Fix symbol export list (src/support/httpd.exp) after recent
-+ API changes in the child spawning area.
-+ [Jens-Uwe Mager <jum helios.de>]
-+
-+ *) Workaround for configure script and old `test' commands which do not
-+ support the -x flag (for instance under platforms like Ultrix). This is
-+ solved by another helper script findprg.sh which searches for Perl and
-+ Awk like PrintPath but _via different names_.
-+ [Ralf S. Engelschall]
-+
-+ *) Remove the system() call from htpasswd.c, which eliminates a system
-+ dependancy. ["M.D.Parker" <mdpc netcom.com>] PR#2332
-+
-+ *) PORT: Fix compilation failures on NEXTSTEP.
-+ [Rex Dieter <rdieter math.unl.edu>] PR#2293, 2316
-+
-+ *) PORT: F_NDELAY is a typo, should have been FNDELAY. There's also
-+ O_NDELAY on various systems. [Dave Dykstra <dwd bell-labs.com>] PR#2313
-+
-+ *) PORT: helpers/GuessOS updates for various versions for NCR SVR4.
-+ [juerg schreiner <j.schreiner zh.ch>,
-+ Bill Houle <Bill.Houle SanDiegoCA.NCR.COM>] PR#2310
-+
-+ *) Fix recently introduced Win32 child spawning code in mod_rewrite.c which
-+ was broken because of invalid ap_pstrcat() -> strcat() transformation.
-+ [Ralf S. Engelschall]
-+
-+ *) Proxy Cache Fixes: account for directory sizes, fork off garbage collection
-+ to continue in background, use predefined types (off_t, size_t, time_t),
-+ log the current cache usage percentage at LogLevel debug
-+ [Martin Kraemer, based on discussion between Dean Gaudet & Dirk vanGulik]
-+
-+Changes with Apache 1.3.0
-+
-+ *) Using a type map file as a custom error document was not possible.
-+ [Lars Eilebrecht] PR#1031
-+
-+ *) Avoid problems with braindead Awks by additionally searching for gawk
-+ and nawk in APACI's configure script.
-+ [Dave Dykstra <dwd bell-labs.com>, Ralf S. Engelschall] PR#2319
-+
-+ *) Rename md5.h to ap_md5.h to avoid conflicts with native MD5 on
-+ some systems. [Randy Terbush]
-+
-+ *) Change usage of perror()+fprintf(stderr,...) in mod_rewrite to
-+ more proper ap_log_error() variants.
-+ [Ralf S. Engelschall]
-+
-+ *) Make sure the argument for the --add-module option to APACI's configure
-+ script is of type [path/to/]mod_xxx.c because all calculations inside
-+ configure and src/Configure depend on this.
-+ [Ralf S. Engelschall] PR#2307
-+
-+ *) Changes usage of perror/fprintf to stderr to more proper ap_log_error
-+ in mod_mime, mod_log_referer, mod_log_agent, and mod_log_config.
-+ [Brian Behlendorf]
-+
-+ *) Various OS/2 cleanups ["Brian Havard" <brianh kheldar.apana.org.au>]
-+
-+ *) PORT: QNX needed a #include <sys/mman.h>; and now it uses flock
-+ serialized accept to handle multiple sockets.
-+ [Rob Saccoccio <robs InfiniteTechnology.com>] PR#2295, 2296
-+
-+ *) Have NT properly set the directory for CGI scripts
-+ (& other spawned children)
-+ [W G Stoddard <wgstodda us.ibm.com>]
-+
-+ *) Propagate environment to CGI scripts correctly in Win32.
-+ [W G Stoddard <wgstodda us.ibm.com>] PR#2294
-+
-+ *) Some symbol renaming:
-+ ap_spawn_child_err became ap_spawn_child
-+ ap_spawn_child_err_buff became ap_bspawn_child
-+ spawn_child was obsoleted and moved to compat.h
-+ [Brian Behlendorf]
-+
-+ *) Upgrade the child spawning code in mod_rewrite for the RewriteMap
-+ programs: ap_spawn_child_err() is used and the Win32 case now uses
-+ CreateProcess() instead of a low-level execl() (which caused problems in
-+ the past under Win32).
-+ [Ralf S. Engelschall]
-+
-+ *) A few cosmetics and trivial enhancements to APXS to make the
-+ generated Makefile more user friendly. [Ralf S. Engelschall]
-+
-+ *) Proxy Fix: The proxy special failure routine ap_proxyerror()
-+ was updated to use the normal apache error processing, thereby allowing
-+ proxy errors to be treated by ErrorDocument's as well. For this
-+ purpose, a new module-to-core communication variable "error-notes"
-+ was introduced; the proxy (and possibly other modules) communicates
-+ its error text using this variable. Its content is copied to a new
-+ cgi-env-var REDIRECT_ERROR_NOTES for use by ErrorDocuments.
-+ The old proxy special error routine ap_proxy_log_uerror()
-+ was replaced by regular ap_log_error() calls, many messages were made
-+ more informative.
-+ [Martin Kraemer] PR#494, 1259
-+
-+ *) SECURITY: A possible buffer overflow in the ftp proxy was fixed.
-+ [Martin Kraemer]
-+
-+ *) Transform the configure message "You need root privileges for suEXEC"
-+ from a fatal error into a (more friendly) warning because the building
-+ ("make") of Apache we can allow, of course. Root privileges are needed
-+ only for the installation step ("make install"). So make sure the
-+ user is aware of this fact but let him proceed as long as he can.
-+ [Ralf S. Engelschall] PR#2288
-+
-+ *) Renamed three more functions to common ap_ prefix which we missed at the
-+ Big Symbol Renaming because they're #defines and not real C functions:
-+ is_default_port(), default_port(), http_method().
-+ [Ralf S. Engelschall]
-+
-+ *) A zero-length name after a $ in an SSI document should cause
-+ just the $ to be in the expansion. This was broken during the
-+ security fixes in 1.2.5. [Dean Gaudet] PR#1921, 2249
-+
-+ *) Call ap_destroy_sub_req() in ap_add_cgi_vars() to reclaim some
-+ memory. [Rob Saccoccio <robs InfiniteTechnology.com>] PR#2252
-+
-+ *) Fix src/support/httpd.exp (DSO export file which is currently only
-+ used under AIX) because of recent changes to function names.
-+ [Ralf S. Engelschall]
-+
-+Changes with Apache 1.3b7
-+
-+ *) Make sure a MIME-type can be forced via a RewriteRule even when no
-+ substitution takes place, for instance via the following rule:
-+ ``RewriteRule ^myscript$ - [T=application/x-httpd-cgi]'' This was often
-+ requested by users in the past to force a single script without a .cgi
-+ extension and outside any cgi-bin dirs to be executed as a CGI program.
-+ [Ralf S. Engelschall] PR#2254
-+
-+ *) A fix for protocol issues surrounding 400, 408, and
-+ 414 responses. [Ed Korthof]
-+
-+ *) Ignore MaxRequestsPerChild on WIN32. [Brian Behlendorf]
-+
-+ *) Fix discrepancy in proxy_ftp.c which was causing failures when
-+ trying to connect to certain ftpd's, such as anonftpd.
-+ [Rick Ohnemus <rick ecompcon.com>]
-+
-+ *) Make mod_rewrite use ap_open_piped_log() for RewriteLog directive's
-+ logfile instead of fiddling around itself with child spawning stuff.
-+ [Ralf S. Engelschall]
-+
-+ *) Made RefererIgnore case-insensitive.
-+
-+ *) Mod_log_agent, mod_log_referer now use ap_open_piped_log for piped logs.
-+ [Brian Behlendorf]
-+
-+ *) Replace use of spawn_child with ap_spawn_child_err_buff, to make everything
-+ "safe" under Win32. In: mod_include.c, mod_mime_magic.c
-+ [Brian Behlendorf]
-+
-+ *) Improve RFC1413 support. [Bob Beck <beck bofh.ucs.ualberta.ca>]
-+
-+ *) Fix support script `dbmmanage': It was unable to handle some sort
-+ of passwords, especially passwords with "0" chars.
-+ [Ralf S. Engelschall] PR#2242
-+
-+ *) WIN32: Clicking on "Last Modified" in a fancy index caused a crash. Fixed.
-+ [Ben Laurie] PR#2238
-+
-+ *) WIN32: CGIs could cause a hang (because of a deadlock in the standard C
-+ library), so CGI handling has been changed to use Win32 native handles
-+ instead of C file descriptors.
-+ [Ben Laurie and Bill Stoddard <wgstodda us.ibm.com>] PR#1129, 1607
-+
-+ *) The proxy cache would store an incorrect content-length in the cached
-+ file copy after a cache update. That resulted in repeated fetching
-+ of the original copy instead of using the cached copy.
-+ [Ernst Kloppenburg <kloppen isr.uni-stuttgart.de>] PR#2094
-+
-+ *) The Makefiles assumed that DSO files are build via $(LD). This
-+ is broken for two reasons: First we never defined at least LD=ld
-+ somewhere to make sure this works (it was silently assumed that most Make
-+ provide a built-in LD definition - ARGL!) and second using the generic LD
-+ variable is not the truth. Instead a special variable named LD_SHLIB is
-+ reasonable because although "ld" is usually the default, the command for
-+ building DSO files can be "libtool" or even "cc" on some systems.
-+ [Ralf S. Engelschall]
-+
-+ *) Replace the AddVersionPlatform directive with ServerTokens which
-+ provides for more control over the format of the Server:
-+ header line. SERVER_SUBVERSION is no longer supported;
-+ all module should use the ap_add_version_component()
-+ API function instead. [Jim Jagielski]
-+
-+ *) Support for the NCR MP/RAS 3.0
-+ [John Withers <withers semi.kcsc.mwr.irs.gov>]
-+
-+ *) The LDFLAGS_SHLIB_EXPORT variable of src/Configuration[.tmpl] was
-+ not retrieved in src/Configure and thus was not useable.
-+ [Ralf S. Engelschall]
-+
-+ *) Various Makefile consistency cleanups:
-+ - make OSDIR also automatically be relative to src/ like INCDIR
-+ - SUBDIRS is now generated in src/Makefile only and not in
-+ Makefile.config because it is a local define for this location.
-+ - remove BROKEN_BPRINTF_FLAGS because is it no longer used inside
-+ any Makefile but make sure that at least the "-K inline" is kept in
-+ CFLAGS for SCO 5.
-+ - update the "depend" targets in Makefile.tmpl files to use $(OSDIR), too.
-+ - updated the dependencies theirself
-+ - removed not existing SHLIB variable from "clean" targets
-+ - replaced SHLIB_OBJS/SHLIBS_OBJ consistently with OBJS_PIC because OBJS
-+ already exists and OBJS_PIC are also just plain objects and have not
-+ directly to do with "shared" things. The only difference is that they
-+ contain PIC. So OBJS_PIC is the more canonical name.
-+ - Updated the Makefile-dependency lines for OBJS_PIC
-+ - Removed the Makefile-dependency line in Configure to avoid double
-+ definitions
-+ - replaced ugly xx-so.o/xx.so-o hack with a clean and consistent usage
-+ of xxx.lo as GNU libtool does with its PIC objects
-+ - reduce local complexity in modules Makefile.tmpl by moving the last
-+ existing target "depend" to the generation section in Configure, too.
-+ - removed the historical $(SPACER) which was used in the past together
-+ with BROKEN_BPRINTF_FLAGS to avoid zig-zags in the build process. This
-+ is no longer needed.
-+ - force the build and run of the gen_xxx programs under main/ as the
-+ first step before building the objects because it looks cleaner
-+ [Ralf S. Engelschall]
-+
-+ *) WIN32: Make Win32 work again after the /dev/null DoS fix.
-+ [Ben Laurie]
-+
-+ *) WIN32: Check for buffer overflows in ap_os_canonical_filename.
-+ [Ben Laurie]
-+
-+ *) WIN32: Don't force ISAPI headers to finish with \n.
-+ [Jim Patterson <Jim.Patterson Cognos.COM>, Ben Laurie] PR#2060
-+
-+ *) When opening "configuration" files (like httpd.conf, htaccess
-+ and htpasswd), Apache will not allow them to be non-/dev/null
-+ device files. This closes a DoS hole. At the same time,
-+ we use ap_pfopen to open these files to handle timeouts.
-+ [Jim Jagielski, Martin Kraemer]
-+
-+ *) Apache will now log the reason its httpd children exit if they exit
-+ due to an unexpected signal. (It requires a new porting define,
-+ SYS_SIGLIST, which if defined should point to a list of text
-+ descriptions of the signals available. See PORTING.) [Dean Gaudet]
-+
-+ *) WIN32: chdir() doesn't make sense in a multithreaded environment
-+ like WIN32. Before, Win32 CGI's could have had sporadic failures
-+ if a chdir call from one thread was made between another chdir call
-+ and a spawn in another thread. So, for now don't chdir for CGI scripts
-+ in WIN32. The current CGI "spec" is unclear as to whether it's
-+ necessary. Long-term fix is to either serialize the chdir/spawn combo
-+ or use WIN32 native calls to spawn a process. This temp fix was
-+ necessary to remove this as a showstopper for 1.3's release.
-+ [Brian Behlendorf]
-+
-+ *) Cleanup the suEXEC support in APACI and make it more safe:
-+ 1. Add big fat hint in INSTALL about risks and to read the
-+ htdocs/manual/suexec.html document before using the suexec-related
-+ configure options.
-+ 2. Make sure the user has at least provided one --suexec-xxxx option
-+ (specifies suEXEC parameters) in addition to --enable-suexec option.
-+ If only --enable-suexec is given APACI stops with a hint to INSTALL
-+ and htdocs/manual/suexec.html documents.
-+ 3. Provide two additional --suexec-xxxx options to make the suEXEC
-+ configuration complete (especially for package maintainers who else
-+ had to patch the source tree) by providing ways to configure minimal
-+ UID/GID and safe PATH, too.
-+ [Ralf S. Engelschall]
-+
-+ *) Cleanup of the `configure --shadow' process:
-+ - make sure the configure script creates its temporary files in the
-+ shadow tree to avoid conflicts with parallel configure runs
-+ - removed unnecessary option "-r" from "rm" call for Makefiles
-+ - make sure the configure scripts creates the shadow-wrapper Makefile
-+ only when no shadow trees already exists
-+ - make sure "make distclean" removes the shadow-wrapper Makefile but only
-+ when no more shadow trees exists
-+ - overhauled mkshadow.sh script: now its more IFS-safe and approx. twice
-+ as fast (in the past it needed 70sec, now it runs just 38sec)
-+ - make sure CVS does not complain about the created files
-+ Makefille.<gnutriple> and directories src.<gnutriple>
-+ [Ralf S. Engelschall]
-+
-+ *) Added the ap_add_version_component() API routine and the
-+ AddVersionPlatform core directive. The first allows modules to
-+ declare themselves in the Server response header field value,
-+ augmenting the SERVER_SUBVERSION define in the Configuration file
-+ with run-time settings (more useful in a loadable-module environment).
-+ AddVersionPlatform inserts a comment such as "(UNIX)" or "(Win32)"
-+ into the server version string. [Ken Coar] PR#2056
-+
-+ *) Minor stability tweaks to avoid core dumps in ap_snprintf.
-+ [Martin Kraemer]
-+
-+ *) Emit the "Accept-Range" header for the default handler.
-+ [Brian Behlendorf] PR#1464
-+
-+ *) Add a note to httpd.conf-dist that apache will on some systems fail
-+ to start when the Group # is set to a negative or large positive value.
-+ [Martin Kraemer]
-+
-+ *) Make sure the module execution order is correct even when some modules
-+ are loaded under runtime (`LoadModule') via the DSO mechanism:
-+ 1. The list of loaded modules is now a dynamically allocated one
-+ and not the original statically list from modules.c
-+ 2. The loaded modules are now correctly setup by LoadModule for
-+ later use by the AddModule command.
-+ 3. When the DSO mechanism for modules is used APACI's `install'
-+ target now enables all created `LoadModule' lines per default because
-+ this is both already expected by the user _and_ needed to avoid
-+ confusion with the next point and reduces the Makefile.tmpl complexity
-+ 4. When the DSO mechanism for modules is used, APACI's `install'
-+ target now additionally makes sure the module list is reconstructed
-+ via a complete `ClearModuleList+AddModule...' entry.
-+ 5. The support tool `apxs' now also makes sure an AddModule command
-+ is added in addition to the LoadModule command.
-+ 6. The modules.c generation was extended to now contain two
-+ comments to make sure no one is confused by the confusing terminology
-+ of loading/linking (we use load=link+load & link=activate instead of
-+ the obvious load=activate & link=link :-( )
-+ This way now there is no longer a difference under execution time between
-+ statically and dynamically linked modules.
-+ [Ralf S. Engelschall]
-+
-+ *) Fix the generated mod_xxx.c from "apxs -g -f xxx" after the
-+ Big Symbol Renaming. [Ralf S. Engelschall]
-+
-+ *) Add a comment to mod_example.c showing the format of a FLAG command
-+ handler. [Ken Coar]
-+
-+ *) Standardized the time format in mod_status to match that of other
-+ places in the code (e.g. DATE_GMT). PR#1551
-+
-+ *) Fix handling of %Z in timefmt strings for those platforms with no time
-+ zone information in their tm struct. [Paul Eggert <eggert twinsun.com>]
-+ PR#754
-+
-+ *) Makes mod_rewrite, mod_log_config, mod_status and the ServerSignature
-+ feature compatible with 'UseCanonicalName off' by changing
-+ r->server->server_hostname to ap_get_server_name(). And I changed some
-+ functions which use r->server->port to use ap_get_server_port() instead,
-+ because if there's no Port directive in the config r->server->port is 0.
-+ [Lars Eilebrecht]
-+
-+ *) get/set_module_config are trivial enough to be better off inline. Worth
-+ 1.5% performance boost. [Dean Gaudet]
-+
-+ *) Fix off-by-one error in ap_proxy_date_canon() in proxy_util.c
-+ when ensuring 'x' is at least 30-chars big. [Jim Jagielski,
-+ Brian Behlendorf]
-+
-+ *) [BS2000 security] BS2000 needs an extra authentication to initialize
-+ the task environment to the unprivileged User id. Otherwise CGI scripts
-+ would have a way to gain super user access. [Martin Kraemer]
-+
-+ *) Fix debug log messages for BS2000/OSD: instead of logging the whole
-+ absolute path, only log base name of logging source as is done
-+ in unix. [Martin Kraemer]
-+
-+ *) Ronald Tschalaer's Accept-Encoding patch - preserve the "x-" in
-+ the encoding type from the Accept-Encoding header (if it's there)
-+ and use it in the response, as that's probably what it'll be expecting.
-+ [<Ronald.Tschalaer psi.ch>]
-+
-+ *) Fix to mod_alias: translate_alias_redir is dealing with
-+ a URI, not a filename, so the check for drive letters for win32
-+ and emx is not necessary. [Dean Gaudet]
-+
-+ *) WIN32: Allow .cmd as an executable extension.
-+ [Kari Likovuori <Kari.Likovuori mol.fi>] PR#2146
-+
-+ *) Make Apache header files, and some variables, C++ friendly.
-+ [Michael Anderson's <mka redes.int.com.mx>]
-+
-+ *) Child processes can now "signal" (by exiting with a status
-+ of APEXIT_CHILDFATAL) the parent process to abort and
-+ shutdown the server if the error in the child process was
-+ fatal enough. [Jim Jagielski]
-+
-+ *) mod_autoindex's find_itme() was sensitive to MIME type case.
-+ [Jim Jagielski] PR#2112
-+
-+ *) Make sure the referer_log and agent_log entries in the default httpd.conf
-+ file are also adjusted for the actual relative installation paths.
-+ [Ralf S. Engelschall] PR#2175
-+
-+ *) WIN32: Extensive overhaul of the way UNCs are handled. [Ben Laurie]
-+
-+ *) WIN32: Make roots of filesystems (e.g. c:/) work. [Ben Laurie]
-+ PR#1558
-+
-+ *) PORT: Various porting changes to support AIX 3.2, 4.1.5, 4.2 and 4.3.
-+ Additionally the checks for finding the vendor DSO library were moved
-+ from mod_so.c to Configure because first it needs $PLAT etc. and second
-+ mod_so already uses an abstraction layer and does not fiddle with the
-+ vendor functions itself.
-+ [Jens-Uwe Mager, Ralf S. Engelschall]
-+
-+ *) PORT: Some optimization defines for NetBSD
-+ [Jaromir Dolecek <dolecek ics.muni.cz>] PR#2165
-+
-+ *) PORT: Dynamic Shared Object (DSO) support for NetBSD.
-+ [Jaromir Dolecek <dolecek ics.muni.cz>, Ralf S. Engelschall] PR#2158
-+
-+ *) Add Dynamic Shared Object (DSO) support for AIX (at least 4.2 but older
-+ AIX variants should work fine, too. Even AIX 3.x should work). This is
-+ accomplished by using the free DSO emulation code from Jens-Uwe Mager
-+ which we put into a os/unix/os-dso-aix.c file.
-+ [Ralf S. Engelschall]
-+
-+ *) PORT: Fix compiler warnings under AIX >= 4.2 where the manual pages imply
-+ that we should use NET_SIZE_T == int but the include files force size_t.
-+ [Ralf S. Engelschall]
-+
-+ *) Fix two bugs in select() handling in http_main.c.
-+ [Roy Fielding]
-+
-+ *) Suppress "error(0)" messages for ap_log_error() when the APLOG_NOERRNO
-+ is unset (as it is in situations like timeouts) where it is unclear
-+ whether errno is set or not. [Martin Kraemer]
-+
-+ *) Just having APACI's localstatedir is too general and not enough for most
-+ of the systems. 1.3b6 again required manual APACI patches by package
-+ maintainers from Red Hat and FreeBSD because for their filesystem layout a
-+ little bit more flexibility in configuring the paths is needed. Hence we
-+ provide three additional configure options (--runtimedir, --logfiledir,
-+ --proxycachedir) which now can be used for more granular adjustments if
-+ --localstatedir is not enough to fit the particular needs. As a nice
-+ side-effect this reduces some subdir fiddling in configure+Makefile.tmpl.
-+ [Ralf S. Engelschall]
-+
-+ *) Make the install root for "make install" in APACI's Makefile overrideable
-+ by package authors. This way we are even more friendly to package
-+ maintainers (especially Debian and Red Hat) who build for the real prefix
-+ via "configure --prefix=/<real>" but use a different local prefix via
-+ "make root=/tmp/apache install" for rolling the package without bristling
-+ the target location on their system.
-+ [Ralf S. Engelschall]
-+
-+ *) Workaround sed limitations in APACI's configure script by now
-+ substituting in chunks of 50 commands (because for instance HPUX's vendor
-+ sed has a limit of max. 98 commands)
-+ [Ralf S. Engelschall] PR#2136
-+
-+ *) Adding SOCKS5 support and fixing existing SOCKS4 support.
-+ [Ralf S. Engelschall] PR#2140
-+
-+ *) Manually fix some symbols which were not renamed to prefix ap_ in the BIG
-+ RENAMING process because they are defined as pre-processor macros instead
-+ of real functions: bputc, bgetc, piped_log_write_fd, piped_log_read_fd
-+ [Ralf S. Engelschall]
-+
-+ *) Workaround braindead AWK's when generating ap_config.h: The split() and
-+ substr() functions cannot be nested under vendor AWK from Solaris 2.6.
-+ [Ralf S. Engelschall] PR#2139
-+
-+ *) Various bugfixes and cleanups for the APACI configure script:
-+ o fix IFS handling for _nested_ situation
-+ o fix Perl interpreter search: take first one found instead of last one
-+ o fix DSO consistency check
-+ o print error messages to stderr instead of stdout
-+ o add install-quiet for --shadow situation to Makefile stub
-+ o reduce complexity by avoiding sed-hacks for rule and module list loops
-+ [Ralf S. Engelschall]
-+
-+ *) Fix DEBUG_CGI situation in mod_cgi.c [David MacKenzie] PR#2114
-+
-+ *) Make sure the input field separator (IFS) shell variable is explicitly
-+ initialized correctly before _every_ `for' loop and also restored after
-+ the loops. [Ralf S. Engelschall]
-+
-+ *) Make sure that "make install" doesn't overwrite the `mime.types' and
-+ `magic' files from an existing Apache installation. Because people often
-+ customize these for own MIME and content types.
-+ [Ralf S. Engelschall]
-+
-+ *) PORT: Dynamic Shared Object (DSO) support for OpenBSD 2.x
-+ [Peter Galbavy, Ralf S. Engelschall] PR#2109
-+
-+ *) Fix the path to the ScoreBoardFile in the install-config target, too.
-+ [Ralf S. Engelschall] PR#2105
-+
-+ *) Let "configure" clear out the users parameters (provided as shell
-+ variables) to avoid side-effects in "src/Configure" when the user
-+ exported them (which is not needed, but some users do it).
-+ [Ralf S. Engelschall] PR#2101
-+
-+ *) Provide backward compatibility from some old src/Configuration.tmpl
-+ parameter names to the canonical Autoconf-style shell variable names. For
-+ instance CFLAGS vs. EXTRA_CFLAGS. The EXTRA_xxx variants are accepted now
-+ but a hint message is displayed. [Ralf S. Engelschall]
-+
-+ *) Make sure that "make install" doesn't overwrite the DocumentRoot and
-+ CGI scripts from an existing Apache installation.
-+ [Ralf S. Engelschall, Jim Jagielski] PR#2084
-+
-+ *) Make `configure --compat' more "compatible" by first
-+ let the libexecdir default to EPREFIX/libexec instead of EPREFIX/bin and
-+ second by making sure the "avoid-bristling-suffix" /apache is not
-+ appended to sysconfdir, datadir, localstatedir and includedir when
-+ --compat is used. [Ralf S. Engelschall, Lars Eilebrecht]
-+
-+ *) NeXT required strdup() in support/logresolve.c
-+ [Francisco Tomei <fatomei sandburg.unm.edu>] PR#2082
-+
-+ *) AIX required sys/select.h in support/ab.c
-+ [Jens Schleusener <Jens.Schleusener dlr.de>] PR#2081
-+
-+ *) Fix the path to the MimeMagicFile in the install-config target, too.
-+ [Ralf S. Engelschall] PR#2089
-+
-+ *) PORT: Added HP-UX 11 patches [Jeff Earickson <jaearick colby.edu>]
-+
-+ *) If you start apache with the -S command line option it will dump
-+ out the parsed vhost settings. This is useful for folks trying
-+ to figure out what is wrong with their vhost configuration.
-+ (Other dumps may be added in the future.) [Dean Gaudet]
-+
-+ *) Add %pA, %pI, and %pp codes to ap_vformatter (and hence ap_bprintf,
-+ ap_snprintf, and ap_psprintf). See include/ap.h for docs.
-+ [Dean Gaudet]
-+
-+ *) Because /usr/local/apache is the default prefix the ``configure
-+ --compat'' option no longer has to set prefix, again. This way the
-+ --compat option honors a leading --prefix option. [Lars Eilebrecht]
-+
-+ *) PORT: Cast the first argument of dlopen() in ap_os_dso_load()
-+ to `char *' under OSF1 and FreeBSD 2.x where it is defined this way
-+ to avoid "discard const" warnings. [Ralf S. Engelschall]
-+
-+ *) If a specific handler is set for a file yet the request still
-+ ends up being handled by the default handler, log an error
-+ message before handling it. This catches things such as trying
-+ to use SSIs without mod_include enabled. [Marc Slemko]
-+
-+ *) Fix error logging for the startup case where ap_log_error() still uses
-+ stderr as the target. Now the default log level is honored here, too.
-+ [Ralf S. Engelschall]
-+
-+ *) PORT: Make sure some AWK's don't fail in src/Configure with "string too
-+ long" errors when generating the MODULES entry for src/Makefile
-+ [Ben Hyde, Ralf S. Engelschall]
-+
-+ *) Make sure src/Configure doesn't complain about the old directory
-+ /usr/local/etc/httpd/ when APACI is used. [Lars Eilebrecht]
-+
-+Changes with Apache 1.3b6
-+
-+ *) PORT: Clean up warnings on Ultrix and HPUX. [Ben Hyde]
-+
-+ *) Adding DSO support for the HP/UX platform by emulating the dlopen-style
-+ interface via the similar but proprietary HP/UX shl_xxx-style system
-+ calls. [Ralf S. Engelschall]
-+
-+ *) PORT: Updated UnixWare 2.0.x and 2.1.x entries for DSO support and made
-+ APACI Makefile.tmpl "install" target more robust for sensible UnixWare
-+ Make. [Ralf S. Engelschall]
-+
-+ *) ++++ THE BIG SYMBOL RENAMING ++++
-+ To avoid symbol clashes with third-party code compiled into the server,
-+ we globally applied the prefix "ap_" to the following classes of
-+ functions:
-+ - Apache provided general functions (e.g., ap_cpystrn)
-+ - Public API functions (e.g., palloc, bgets)
-+ - Private functions which we can't make static (because of
-+ cross-object usage) but should be (e.g., new_connection)
-+ For backward source compatibility a new header file named compat.h was
-+ created which provides defines for the old symbol names and can be used
-+ by third-party module authors.
-+ [The Apache Group]
-+
-+ *) Added dynamic shared object (DSO) support for SVR4-derivates: The
-+ problem under SVR4 is that there is no command flag to force the linker
-+ to export the global symbols of the httpd executable therewith they are
-+ available to the DSO's. Instead of problematic hacks like creating a
-+ dummy.so file (containing dummy references to all global symbols) the
-+ httpd binary is linked against, we use a clean trick stolen from Perl 5:
-+ Placing the Apache core code itself into a DSO library named libhttpd.so.
-+ This way the global symbols _HAVE_ to be exported and thus are available
-+ to any manually loaded DSO's under runtime. To reduce the impact to the
-+ user to null we go even further and create a stub httpd executable which
-+ automatically keeps track of the DSO library loading itself and thus
-+ hides the complete mechanism from the user. Although the generation of
-+ this DSO library is automatically triggered for platforms which
-+ essentially need it (mostly all SVR4-derivates) it can be also enabled
-+ manually via the Rule SHARED_CORE. This can be interesting in the future
-+ where we perhaps exploit this libhttpd.so mechanism for providing nifty
-+ features like graceful upgrades, or whatever.
-+ [Ralf S. Engelschall, Martin Kraemer]
-+
-+ *) Build the libraries before building the rest of the tools. [Ben Hyde]
-+
-+ *) Add "distclean" target to src/-Makefiles to provide "make distclean" also
-+ inside the src subtree (i.e. for non-APACI users). Following GNU Makefile
-+ conventions while "clean" removes only stuff created by "all" targets,
-+ "distclean" additionally removes the stuff from the configuration
-+ process. This way "make distclean" (hence the name) provides a fresh
-+ source tree as it was for distribution.
-+ [Ralf S. Engelschall]
-+
-+ *) Allow top-level (APACI) Makefile to break on build errors
-+ the same way the src/ subtree Makefiles breaks on them by replacing the
-+ initial APACI sed-subdir-display-kludge with a more clean
-+ variable-passing-solution: variable SDP can optionally hold the subdir
-+ prefix which is consistently used for displaying the subdir movement.
-+ This way even the top-level Makefile can stop correctly on errors as the
-+ user expects. [Ralf S. Engelschall]
-+
-+ *) Fixed ordering of argument checks for RewriteBase directive.
-+ [Todd Eigenschink <eigenstr mixi.net>] PR#2045
-+
-+ *) Change Win32 IS_MODULE to SHARED_MODULE to match Unix' method of
-+ indicating that a module is being compiled for dynamic loading. Also
-+ remove #define IS_MODULE from modules and add SHARED_MODULE define
-+ to the mak/dsp files. [Alexei Kosut]
-+
-+ *) Reduce logging level of "normal" warning messages to APLOG_INFO,
-+ since we are now logging APLOG_WARNING by default. [Roy Fielding]
-+
-+ *) PORT: OS/2 tweak to deal with multiple .exe targets. [Brian Havard]
-+
-+ *) Add documentation file and src/Configuration.tmpl entry for the
-+ experimental mod_mmap_static module. Because although it is and marked as
-+ an experimental one it is distributed and thus should be documented and
-+ prepared for configuration the same way as all others modules.
-+ [Ralf S. Engelschall]
-+
-+ *) Add query (-q) option to apxs support tool to be able to manually query
-+ specific settings from apxs. This is needed for instance when you
-+ manually want to access Apache's header files and you need to assemble
-+ the -I option. Now you can do -I`apxs -q INCLUDEDIR`.
-+ [Ralf S. Engelschall]
-+
-+ *) Now src/Configure uses a fallback strategy for the shared object support
-+ on platforms where no explicit information is available: If a Perl
-+ installation exists we ask it about its shared object support and if it's
-+ the dlopen-style one we shamelessly guess the compiler and linker flags
-+ for creating shared objects from Perls knowledge. Of course, the user is
-+ warning about what we are doing and informed that he should send us
-+ the guessed flags when they work. [Ralf S. Engelschall]
-+
-+ *) Provide APACI --without-support option to be able to disable the build
-+ and installation of the support tools from the src/support/ area.
-+ Although its useful to have these installed per default we should provide
-+ a way to compile and install without them for backward-compatibility.
-+ [Ralf S. Engelschall]
-+
-+ *) Add of the new APache eXtenSion (apxs) support tool for building and
-+ installing modules into an _already installed_ Apache package through the
-+ dynamic shared object (DSO) mechanism [mod_so.c]. The trick here is that
-+ this approach actually doesn't need the Apache source tree. The
-+ (APACI-installed) server package is enough, because this now includes the
-+ Apache C header files (PREFIX/include) and the new APXS tool
-+ (SBINDIR/apxs). The intend is to provide a handy tool for third-party
-+ module authors to build their Apache modules _OUTSIDE_ the Apache source
-+ tree while avoiding them to fiddle around with the totally platform
-+ dependend way of compiling DSO files. The tool supports all ranges of
-+ modules, from trivial ones (single mod_foo.c) to complex ones (like PHP3
-+ which has a mod_php3.c plus a pre-built libmodphp3-so.a) and even can
-+ on-the-fly generate a minimalistic Makefile and sample module for the
-+ first step to provide both a quick success event and to demonstrate the
-+ APXS mechanism to module authors. [Ralf S. Engelschall]
-+
-+ *) Fix core dumps in use of CONNECT in proxy.
-+ [<Rainer.Scherg rexroth.de>] PR#1326, #1573, #1942
-+
-+ *) Modify the log directives in httpd.conf-dist files to use CustomLog
-+ so that users have examples of how CustomLog can be used.
-+ [Lars Eilebrecht]
-+
-+ *) Add the new Apache Autoconf-style Interface (APACI) for the top-level of
-+ the Apache distribution tree. Until Apache 1.3 there was no real
-+ out-of-the-box batch-capable build and installation procedure for the
-+ complete Apache package. This is now provided by a top-level "configure"
-+ script and a corresponding top-level "Makefile.tmpl" file. The goal is
-+ to provide a GNU Autoconf-style frontend which is capable to both drive
-+ the old src/Configure stuff in batch and additionally installs the
-+ package with a GNU-conforming directory layout. Any options from the old
-+ configuration scheme are available plus a lot of new options for flexibly
-+ customizing Apache. [Ralf S. Engelschall]
-+
-+ *) The floating point ap_snprintf code wasn't threadsafe.
-+ Had to remove the HAVE_CVT macro in order to do threadsafe
-+ calling of the ?cvt() floating point routines. [Dean Gaudet]
-+
-+ *) PORT: Add the SCO_SV port. [Jim Jagielski] PR#1962
-+
-+ *) PORT: IRIX needs the -n32 flag iff using the 'cc' compiler
-+ [Jim Jagielski] PR#1901
-+
-+ *) BUG: Configure was using TCC and CC inconsistently. Make sure
-+ Configure knows which CC we are using. [Jim Jagielski]
-+
-+ *) "Options +Includes" wasn't correctly merged if "+IncludesNoExec"
-+ was defined in a parent directory. [Lars Eilebrecht]
-+
-+ *) API: ap_snprintf() code mutated into ap_vformatter(), which is
-+ a generic printf-style routine that can call arbitrary output
-+ routines. Use this to replace http_bprintf.c. Add new routines
-+ psprintf(), pvsprintf() which allocate the exact amount of memory
-+ required for a string from a pool. Use psprintf() to clean up
-+ various bits of code which used ap_snprintf()/pstrdup().
-+ [Dean Gaudet]
-+
-+ *) PORT: HAVE_SNPRINTF doesn't do anything any longer. This is because
-+ ap_snprintf() has different semantics and formatting codes than
-+ snprintf(). [Dean Gaudet]
-+
-+ *) SIGXCPU and SIGXFSZ are now reset to SIG_DFL at boot-time. This
-+ is necessary on at least Solaris where the /etc/rc?.d scripts
-+ are run with these signals ignored, and "SIG_IGN" settings are
-+ maintained across exec().
-+ [Rein Tollevik <reint sys.sol.no>] PR#2009
-+
-+ *) Fix the check for symbolic links in ``RewriteCond ... -l'': stat() was
-+ used instead of lstat() and thus this flag didn't work as expected.
-+ [Rein Tollevik <reint sys.sol.no>] PR#2010
-+
-+ *) Fix the proxy pass-through feature of mod_rewrite for the case of
-+ existing QUERY_STRING now that mod_proxy was recently changed because of
-+ the new URL parsing stuff. [Ralf S. Engelschall]
-+
-+ *) A few changes to scoreboard definitions which helps gcc generate
-+ better code. [Dean Gaudet]
-+
-+ *) ANSI C doesn't guarantee that "int foo : 2" in a structure will
-+ be a signed bitfield. So mark a few bitfields as signed to
-+ ensure correct code. [Dean Gaudet]
-+
-+ *) The default for HostnameLookups was changed to Off, but there
-+ was a problem and it wasn't taking effect. [Dean Gaudet]
-+
-+ *) PORT: Clean up undefined signals on some platforms (SCO, BeOS).
-+ [Dean Gaudet]
-+
-+ *) After a SIGHUP the listening sockets in the parent weren't
-+ properly marked for closure on fork().
-+ [Jürgen Keil <jk tools.de>] PR#2000
-+
-+ *) Allow %2F in two situations: 1) it is in the query part of the URI,
-+ therefore not exposed to %2F -> '/' translations and 2) the request
-+ is a proxy request, so we're not dealing with a local resource anyway.
-+ Without this, the proxy would fail to work for any URL's with
-+ %2f in them (occurs quite often in
-+ http://.../cgi-bin/...?http%3A%2F%2F... references) [Martin Kraemer]
-+
-+ *) Protect against FD_SETSIZE mismatches. [Dean Gaudet]
-+
-+ *) Make the shared object compilation command more portable by avoiding
-+ the direct combination of `-c' & `-o' which is not honored by some
-+ compilers like UnixWare's cc. [Ralf S. Engelschall]
-+
-+ *) WIN32: the proxy was creating filenames missing the last four
-+ characters. While this normally doesn't stop anything from
-+ working, it can result in extra collisions.
-+ [Tim Costello <tjcostel socs.uts.edu.au>] PR#1890
-+
-+ *) Now mod_proxy uses the response string (in addition to the response status
-+ code) from the already used FTP SIZE command to setup the Content-Length
-+ header if available. [Ralf S. Engelschall] PR#1183
-+
-+ *) Reanimated the (still undocumented) proxy receive buffer size directive:
-+ Renamed from ReceiveBufferSize to ProxyReceiveBufferSize because the old
-+ name was really too generic, added documentation for this directive to
-+ the mod_proxy.html and corrected the hyperlink to it in the
-+ new_features_1.3.html document. [Ralf S. Engelschall] PR#1348
-+
-+ *) Fix a bug in the src/helpers/fp2rp script and make it a little bit
-+ faster [Martin Kraemer]
-+
-+ *) Make Configure die when you give it an unknown command switch.
-+ [Ben Hyde]
-+
-+ *) Add five new and fresh manpages for the support programs: dbmmanage.1,
-+ suexec.8, htdigest.1, rotatelogs.8 and logresolve.8. Now all up-to-date
-+ and per default compiled support programs have manual pages - just to
-+ document our stuff a little bit more and to be able to do really
-+ Unix-like installations ;-) [Ralf S. Engelschall]
-+
-+ *) Major cleanups to the Configure script to make it and its generated
-+ Makefiles again readable and maintainable: add SRCDIR option, removed
-+ INCLUDES_DEPTH[0-2] kludge, cleanup of TARGET option, cleanup of
-+ generated sections, consequently added Makefile headers with inheritance
-+ information, added subdir movement messages for easier following where
-+ the build process currently stays (more verbose then standard Make, less
-+ verbose than GNU make), same style to comments in the Configure script,
-+ added Apache license header, fixed a few bugs, etc. [Ralf S. Engelschall]
-+
-+ *) Add the new ApacheBench program "ab" to src/support/: This is derived
-+ from the ZeusBench benchmarking program and can be used to determine the
-+ response performance of an Apache installation. This version is
-+ officially licensed with Zeus Technology, Ltd. See the license agreement
-+ statements in <199803171224.NAA24547 en1.engelschall.com> in apache-core.
-+ [Ralf S. Engelschall]
-+
-+ *) API: Various core functions that are definately not part of the API
-+ have been made static, and a few have been marked API_EXPORT. Still
-+ more have been marked CORE_EXPORT and are not intended for general
-+ use by modules. [Doug MacEachern, Dean Gaudet]
-+
-+ *) mod_proxy was not clearing the Proxy-Connection header from
-+ requests; now it does. This did not violate any spec, however
-+ causes poor interactions when you are talking to remote proxies.
-+ [Marc Slemko] PR#1741
-+
-+ *) Various cleanups to the command line interface and manual pages.
-+ [Ralf S. Engelschall]
-+
-+ *) cfg_getline() was not properly handling lines that did not end
-+ with a line termination character. [Marc Slemko] PR#1869, 1909
-+
-+ *) Performance tweak to mod_log_config. [Dmitry Khrustalev]
-+
-+ *) Clean up some undocumented behavior of mod_setenvif related to
-+ "merging" two SetEnvIf directives when they match the same header
-+ and regex. Document that mod_setenvif will perform comparisons in
-+ the order they appear in the config file. Optimize mod_setenvif by
-+ doing more work at config time rather than at runtime.
-+ [Dean Gaudet]
-+
-+ *) src/include/ap_config.h now wraps it's #define's with #ifndef/#endif's
-+ to allow for modules to overrule them and to reduce redefinition
-+ warnings [Jim Jagielski]
-+
-+ *) [PORT] For A/UX change the OS-#define for -DAUX to -DAUX3.
-+ [Jim Jagielski]
-+
-+ *) Making the hard-coded cross-module function call mime_find_ct() (from
-+ mod_proxy to mod_mime) obsolete by making sure the API hook for MIME type
-+ checking is really called even for proxy requests except for URLs with
-+ HTTP schemes (because there we can optimize by not running the type
-+ checking hooks due to the fact that the proxy gets the MIME Content-type
-+ from the remote host later). This change cleans up mod_mime by removing
-+ the ugly export kludge, makes the one-liner file mod_mime.h obsolete, and
-+ especially unbundles mod_proxy and mod_mime. This way they both now can
-+ be compiled as shared objects and are no longer tied together.
-+ [Ralf S. Engelschall]
-+
-+ *) util.c cleanup and speedup. [Dean Gaudet]
-+
-+ *) API: Clarification, pstrndup() will always copy n bytes of the source
-+ and NUL terminate at the (n+1)st byte. [Dean Gaudet]
-+
-+ *) Mark module command_rec and handler_rec structures const so that they
-+ end up in the read-only data section (and are friendlier to systems
-+ that don't do optimistic memory allocation on fork()). [Dean Gaudet]
-+
-+ *) Add check to the "Port" directive to make sure the specified
-+ port is in the appropriate range. [Ben Hyde]
-+
-+ *) Performance improvements to invoke_handler().
-+ [Dmitry Khrustalev <dima bog.msu.su>]
-+
-+ *) Added support for building shared objects even for library-style modules
-+ (which are built from more than one object file). This now provides the
-+ ability to build mod_proxy as a shared object module. Additionally
-+ modules like mod_example are now also supported for shared object
-+ building because the generated Makefiles now no longer assume there is at
-+ least one statically linked module. [Ralf S. Engelschall]
-+
-+ *) API: Clarify usage of content_type, handler, content_encoding,
-+ content_language and content_languages fields in request_rec. They
-+ must always be lowercased; and the strings pointed to shouldn't
-+ be modified (you must copy them to modify them). Fix a few bugs
-+ related to this. [Dean Gaudet]
-+
-+ *) API: Clarification: except for RAW_ARGS, all command handlers can
-+ treat the char * parameters as permanent, and modifiable. There
-+ is no need to pstrdup() them. Clean up some needless pstrdup().
-+ [Dean Gaudet]
-+
-+ *) Now mod_so keeps track of which module shared objects with which names
-+ are loaded and thus avoids multiple loading and unloading and irritating
-+ error_log messages. [Ralf S. Engelschall]
-+
-+ *) Prior to the existence of mod_setenv it was necessary to tweak the TZ
-+ environment variable in the apache core. But that tweaking interferes
-+ with mod_setenv. So don't tweak if the user has specified an explicit
-+ TZ variable. [Jay Soffian <jay cimedia.com>] PR#1888
-+
-+ *) rputs() did not calculate r->sent_bodyct properly.
-+ [Siegmund Stirnweiss <siegst kat.ina.de>] PR#1900
-+
-+ *) The CGI spec says that REMOTE_HOST should be set to the remote hosts's
-+ name, or left unset if this value is unavailable. Apache was setting
-+ it to the IP address when unavailable.
-+ [Tony Finch <fanf demon.net>] PR#1925
-+
-+ *) Various improvements to the configuration and build support for compiling
-+ modules as shared objects. Especially Solaris 2.x, SunOS 4.1, IRIX and
-+ OSF1 support with GCC and vendor compilers was added. This way shared
-+ object support is now provided out-of-the-box for FreeBSD, Linux,
-+ Solaris, SunOS, IRIX and OSF1. In short: On all major platforms!
-+ [Ralf S. Engelschall]
-+
-+ *) Minor cleanup in http_main -- split QNX and OS2 specific "mmap"
-+ scoreboard code into separate #defines -- USE_POSIX_SCOREBOARD
-+ and USE_OS2_SCOREBOARD. [Dean Gaudet]
-+
-+ *) Fix one more special locking problem for RewriteMap programs in
-+ mod_rewrite: According to the documentation of flock(), "Locks are on
-+ files, not file descriptors. That is, file descriptors duplicated
-+ through dup(2) or fork(2) do not result in multiple instances of a lock,
-+ but rather multiple references to a single lock. If a process holding a
-+ lock on a file forks and the child explicitly unlocks the file, the
-+ parent will lose its lock.". To overcome this we have to make sure the
-+ RewriteLock file is opened _AFTER_ the childs were spawned which is now
-+ the case by opening it in the child_init instead of the module_init API
-+ hook. [Ralf S. Engelschall] PR#1029
-+
-+ *) Change to Location and LocationMatch semantics. LocationMatch no
-+ longer lets a single slash match multiple adjacent slashes in the
-+ URL. This change is for consistency with RewriteRule and
-+ AliasMatch. Multiple slashes have meaning in URLs that they do
-+ not have in (some) filesystems. Location on the other hand can
-+ be considered a shorthand for a more complicated regex, and it
-+ does match multiple slashes with a single slash -- which is
-+ also consistent with the Alias directive.
-+ [Dean Gaudet] related PR#1440
-+
-+ *) Fix bug with mod_mime_magic causing certain files, including files
-+ of length 0, to result in no response from the server.
-+ [Dean Gaudet]
-+
-+ *) The Configure script now generates src/include/ap_config.h which
-+ contains the set of defines used when Apache is compiled on a platform.
-+ This file can then be included by external modules before including
-+ any Apache header files in case they are being built separately from
-+ Apache. Along with this change, a couple of minor changes were
-+ made to make Apache's #defines coexist peacefully with any autoconf
-+ defines an external module might have. [Rasmus Lerdorf]
-+
-+ *) Fix mod_rewrite for the ugly API case where <VirtualHost> sections exist
-+ but without any RewriteXXXXX directives. Here mod_rewrite is given no
-+ chance by the API to initialize its per-server configuration and thus
-+ receives the wrong one from the main server. This is now avoided by
-+ remembering the server together with the config structure while
-+ configuring and later assuming there is no config when we see a
-+ difference between the remembered server and the one calling us.
-+ [Ralf S. Engelschall] PR#1790
-+
-+ *) Fixed the DBM RewriteMap support for mod_rewrite: First the support now
-+ is automatically disabled under configure time when the dbm_xxx functions
-+ are not available. Second, two heavy source code errors in the DBM
-+ support code were fixed. This makes DBM RewriteMap's usable again after
-+ a long time of brokenness. [Ralf S. Engelschall] PR#1696
-+
-+ *) Now all configuration files support Unix-style line-continuation via
-+ the trailing backslash ("\") character. This enables us to write down
-+ complex or just very long directives in a more readable way. The
-+ backslash character has to be really the last character before the
-+ newline and it has not been prefixed by another (escaping) backslash.
-+ [Ralf S. Engelschall]
-+
-+ *) When using ProxyPass the ?querystring was not passed correctly.
-+ [Joel Truher <truher wired.com>]
-+
-+ *) To deal with modules being compiled and [dynamically] linked
-+ at a different time from the core, the SERVER_VERSION and
-+ SERVER_BUILT symbols have been abstracted through the new
-+ API routines apapi_get_server_version() and apapi_get_server_built().
-+ [Ken Coar] PR#1448
-+
-+ *) WIN32: Preserve trailing slash in canonical path (and hence
-+ in PATH_INFO). [Paul Sutton, Ben Laurie]
-+
-+ *) PORT: USE_PTHREAD_SERIALIZED_ACCEPT has proven unreliable
-+ depending on the rev of Solaris and what mixture of modules
-+ are in use. So it has been disabled, and Solaris is back to
-+ using USE_FCNTL_SERIALIZED_ACCEPT. Users may experiment with
-+ USE_PTHREAD_SERIALIZED_ACCEPT at their own risk, it may speed
-+ up static content only servers. Or it may fail unpredictably.
-+ [Dean Gaudet] PR#1779, 1854, 1904
-+
-+ *) mod_test_util_uri.c created which tests the logic in util_uri.c.
-+ [Dean Gaudet]
-+
-+ *) API: Rewrite of absoluteURI handling, and in particular how
-+ absoluteURIs match vhosts. Unless a request is a proxy request, a
-+ "http://host" url is treated as if a similar "Host:" header had been
-+ supplied. This change was made to support future HTTP/1.x protocols
-+ which may require clients to send absoluteURIs for all requests.
-+
-+ In order to achieve this change subtle changes were made to the API. In a
-+ request_rec, r->hostlen has been removed. r->unparsed_uri now exists so
-+ that the unmodified uri can be retrieved easily. r->proxyreq is not set
-+ by the core, modules must set it during the post_read_request or
-+ translate_names phase.
-+
-+ Plus changes to the virtualhost test suite for absoluteURI testing.
-+
-+ This fixes several bugs with the proxy proxying requests to vhosts
-+ managed by the same httpd.
-+ [Dean Gaudet]
-+
-+ *) API: Cleanup of code in http_vhost.c, and remove vhost matching
-+ code from mod_rewrite. The vhost matching is now performed by a
-+ globally available function matches_request_vhost(). [Dean Gaudet]
-+
-+ *) Reduce memory usage, and speed up ServerAlias support. As a
-+ side-effect users can list multiple ServerAlias directives
-+ and they're all considered.
-+ [Chia-liang Kao <clkao cirx.org>] PR#1531
-+
-+ *) The "poly" directive in image maps did not include the borders of the
-+ polygon, whereas the "rect" directive does. Fix this inconsistency.
-+ [Konstantin Morshnev <moko design.ru>] PR#1771
-+
-+ *) Make \\ behave as expected. [<Ronald.Tschalaer psi.ch>]
-+
-+ *) Add the `%a' construct to LogFormat and CustomLog to log the client IP
-+ address. [Todd Eigenschink <eigenstr mixi.net>] PR#1885
-+
-+ *) API: A new source module main/util_uri.c; It contains a routine
-+ parse_uri_components() and friends which breaks a URI into its component
-+ parts. These parts are stored in a uri_components structure called
-+ parsed_uri within each request_rec, and are available to all modules.
-+ Additionally, an unparse routine is supplied which re-assembles the URI
-+ components back to an URI, optionally hiding the username:password@ part
-+ from ftp proxy requests, and other useful routines. Within the structure,
-+ you find on a ready-for-use basis:
-+ scheme; /* scheme ("http"/"ftp"/...) */
-+ hostinfo; /* combined [user[:password]@]host[:port] */
-+ user; /* user name, as in http://user:passwd@host:port/ */
-+ password; /* password, as in http://user:passwd@host:port/ */
-+ hostname; /* hostname from URI (or from Host: header) */
-+ port_str; /* port string (integer representation is in "port") */
-+ path; /* the request path (or "/" if only scheme://host was given) */
-+ query; /* Everything after a '?' in the path, if present */
-+ fragment; /* Trailing "#fragment" string, if present */
-+ This is meant to serve as the platform for *BIG* savings in
-+ code complexity for the proxy module (and maybe the vhost logic).
-+ [Martin Kraemer]
-+
-+ *) Make all possible meta-construct expansions ($N, %N, %{NAME} and
-+ ${map:key}) available for all location where a string is created in
-+ mod_rewrite rewriting rulesets: 1st arg of RewriteCond, 2nd arg of
-+ RewriteRule and for the [E=NAME:STRING] flag of RewriteRule. This way the
-+ possible expansions are consequently usable at all string creation
-+ locations. [Ralf S. Engelschall]
-+
-+ *) Fix initialization of RewriteLogLevel (default now is 0 as documented
-+ and not 1) and the per-virtual-server merging of directives. Now all
-+ directives except `RewriteEngine' and `RewriteOption' are either
-+ completely overridden (default) or completely inherited (when
-+ `RewriteOptions inherit') is used. [Ralf S. Engelschall] PR#1325
-+
-+ *) Fix `RewriteMap' program lookup in situations where such maps are
-+ defined but disabled (`RewriteEngine off') in per-server context.
-+ [Ralf S. Engelschall] PR#1431
-+
-+ *) Fix bug introduced in 1.3b4-dev, config with no Port setting would cause
-+ server to bind to port 0 rather than 80. [Dean Gaudet]
-+
-+ *) Fix long-standing problem with RewriteMap _programs_ under Unix derivates
-+ (like SunOS and FreeBSD) which don't accept the locking of pipes
-+ directly. A new directive RewriteLock is introduced which can be used to
-+ setup a separate locking file which then is used for synchronization.
-+ [Ralf S. Engelschall] PR#1029
-+
-+ *) WIN32: The server root is obtained from the registry key
-+ HKLM\SOFTWARE\Apache Group\Apache\<version> (version is currently
-+ "1.3 beta"), unless overridden by the -d command line flag. The
-+ value is stored by running "apache -i -d serverroot". [Paul Sutton]
-+
-+ *) Merged os/win32/mod_dll.c into modules/standard/mod_so.c to support
-+ dynamic loading on Win32 and Unix via the same module. [Paul Sutton]
-+
-+ *) Now mod_rewrite no longer makes problematic assumptions on the characters
-+ a username can contain when trying to expand it via /etc/passwd.
-+ [Ralf S. Engelschall]
-+
-+ *) The mod_setenvif BrowserMatch backwards compatibility command did not
-+ work properly with spaces in the regex. [Ronald Tschalaer] PR#1825
-+
-+ *) Add new RewriteMap types: First, `rnd' which is equivalent to the `txt'
-+ type but with a special post-processing for the looked-up value: It
-+ parses it into alternatives according to `|' chars and then only one
-+ particular alternative is chosen randomly (this is an essential
-+ functionality needed for balancing between backend-servers when using
-+ Apache as a Reverse Proxy. The looked up value here is a list of
-+ servers). Second, `int' with the built-in maps named `tolower' and
-+ `toupper' which can be used to map URL parts to a fixed case (this is an
-+ essential feature to fix the case of server names when doing mass
-+ virtual-hosting with the help of mod_rewrite instead of using
-+ <VirtualHost> sections). [Ralf S. Engelschall, parts based on code from
-+ Jay Soffian <jay cimedia.com>] PR#1631
-+
-+ *) Add a new directive to mod_proxy similar to ProxyPass: `ProxyPassReverse'.
-+ This directive lets Apache adjust the URL in Location-headers on HTTP
-+ redirect responses sent by the remote server. This way the virtually
-+ mapped area is no longer left on redirects and thus by-passed which is
-+ especially essential when running Apache as a reverse proxy.
-+ [Ralf S. Engelschall]
-+
-+ *) Hide Proxy-Authorization from CGI/SSI/etc just like Authorization is
-+ hidden. [Alvaro Martinez Echevarria]
-+
-+ *) Apache will, when started with the -X (single process) debugging flag,
-+ honor the SIGINT or SIGQUIT signals again now. This capability got lost
-+ a while ago during OS/2 signal handling changes.
-+
-+ *) [PORT] Work around the fact that NeXT runs on more than the
-+ m68k chips in mod_status [Scott Anguish and Timothy Luoma
-+ <luomat peak.org>]
-+
-+ *) [PORT] Recognize FreeBSD versions so we can use the OS regex as well
-+ as handling unsigned-chars for FreeBSD v3 and v2 [Andrey Chernov
-+ <ache nagual.pp.ru> and Jim] PR#1450
-+
-+ *) Use SA_RESETHAND or SA_ONESHOT when installing the coredump handlers.
-+ In particular the handlers could trigger themselves into an infinite
-+ loop if RLimitMem was used with a small amount of memory -- too small
-+ for the signal stack frame to be set up. [Dean Gaudet]
-+
-+ *) Fix problems with absoluteURIs introduced during 1.3b4. [Dean Gaudet,
-+ Alvaro Martinez Echevarria <alvaro lander.es>]
-+
-+ *) Fix multiple UserDir problem introduced during 1.3b4-dev.
-+ [Dean Gaudet] PR#1850
-+
-+ *) ap_cpystrn() had an off-by-1 error.
-+ [Charles Fu <ccwf klab.caltech.edu>] PR#1847
-+
-+ *) API: As Ken suggested the check_cmd_context() function and related
-+ defines are non-static now so modules can use 'em. [Martin Kraemer]
-+
-+ *) mod_info would occasionally produce an unpaired <tt> in its
-+ output. Fixed. [Martin Kraemer]
-+
-+ *) By default AIX binds a process (and it's children) to a single
-+ processor. httpd children now unbind themselves from that cpu
-+ and re-bind to one selected at random via bindprocessor()
-+ [Doug MacEachern]
-+
-+ *) Linux 2.0 and above implement RLIMIT_AS, RLIMIT_DATA has almost no
-+ effect. Work around it by using RLIMIT_AS for the RLimitMEM
-+ directive. [Enrik Berkhan <enrik inka.de>] PR#1816
-+
-+ *) mod_mime_magic error message should indicate the filename when
-+ reads fail. ["M.D.Parker" <mdpc netcom.com>] PR#1827
-+
-+ *) Previously Apache would permit </Files> to end <FilesMatch> (and
-+ similary for Location and Directory), now this is diagnosed as an
-+ error. Improve error messages for mismatched sections (<Files>,
-+ <FilesMatch>, <Directory>, <DirectoryMatch>, ...).
-+ [Dean Gaudet, Martin Kraemer]
-+
-+ *) <Files> is not permitted within <Location> (because of the
-+ semantic ordering). [Dean Gaudet] PR#379
-+
-+ *) <Files> with wildcards was broken by the change in wildcard
-+ semantics (* does not match /). To fix this, <Files> now
-+ apply only to the basename of the request filename. This
-+ fixes some other inconsistencies in <Files> semantics
-+ (such as <Files a*b> not working). [Dean Gaudet] PR#1817
-+
-+ *) Removed bogus "dist.tar" target from Makefile.tmpl and make sure
-+ backup files are removed on "clean" target [Ralf S. Engelschall]
-+
-+ *) PORT: Add -lm to LIBS for HPUX. [Dean Gaudet] PR#1639
-+
-+ *) Various errors from select() and accept() in child_main() would
-+ result in an infinite loop. It seems these two tickle kernel
-+ or library bugs occasionally, and result in log spammage and
-+ a generally bad scene. Now the child exits immediately,
-+ which seems to be a good workaround.
-+ [Dean Gaudet] PR#1747, 1107, 588, 1787, 987, 588
-+
-+ *) Cleaned up some race conditions in unix child_main during
-+ initialization. [Dean Gaudet]
-+
-+ *) SECURITY: "UserDir /abspath" without a * in the path would allow
-+ remote users to access "/~.." and bypass access restrictions
-+ (but note /~../.. was handled properly).
-+ [Lauri Jesmin <jesmin ut.ee>] PR#1701
-+
-+ *) API: os_is_path_absolute() now takes a const char * instead of a char *.
-+ [Dean Gaudet]
-+
-+Changes with Apache 1.3b5
-+
-+ *) Source file dependencies in Makefile.tmpl files throughout the
-+ source tree were updated to accurately reflect reality.
-+ [Dean Gaudet]
-+
-+ *) Preserve the content encoding given by the AddEncoding directive
-+ when the client doesn't otherwise specify an encoding.
-+ [Ronald Tschalaer <Ronald.Tschalaer psi.ch>]
-+
-+ *) Sort out problems with canonical filename handling happening too late.
-+ [Dean Gaudet, Ben Laurie]
-+
-+Changes with Apache 1.3b4
-+
-+ *) The module structure was modified to include a *dynamic_load_handle
-+ in the STANDARD_MODULE_STUFF portion, and the MODULE_MAGIC_NUMBER
-+ has been bumped accordingly. [Paul Sutton]
-+
-+ *) All BrowserMatch directives mentioned in
-+ htdocs/manual/known_client_problems.html are in the default
-+ configuration files. [Lars Eilebrecht]
-+
-+ *) MiNT port update. [Jan Paul Schmidt]
-+
-+ *) HTTP/1.1 requires x-gzip and gzip encodings be treated
-+ equivalent, similarly for x-compress and compress. Apache
-+ now ignores a leading x- when comparing encodings. It also
-+ preserves the encoding the client requests (for example if
-+ it requests x-gzip, then Apache will respond with x-gzip
-+ in the Content-Encoding header).
-+ [Ronald Tschalaer <Ronald.Tschalaer psi.ch>] PR#1772
-+
-+ *) Fix a memory leak on keep-alive connections. [Igor Tatarinov]
-+
-+ *) Added mod_so module to support dynamic loading of modules on Unix
-+ (like mod_dld for Win32). This replaces mod_dld.c. Use SharedModule
-+ instead of AddModule in Configuration to build shared modules
-+ [Sameer Parekh, Paul Sutton]
-+
-+ *) Minor cleanups to r->finfo handling in some modules.
-+ [Dean Gaudet]
-+
-+ *) Abstract read()/write() to ap_read()/ap_write().
-+ Makes it easier to add other types of IO code such as SFIO.
-+ [Randy Terbush]
-+
-+ *) API: Generalize default_port manipulations to make support of
-+ different protocols easier. [Ben Laurie, Randy Terbush]
-+
-+ *) There are many cases where users do not want Apache to form
-+ self-referential urls using the "canonical" ServerName and Port.
-+ The new UseCanonicalName directive (default on), if set to off
-+ will cause Apache to use the client-supplied hostname and port.
-+ API: Part of this change required a change to the construct_url()
-+ prototype; and the addition of get_server_name() and
-+ get_server_port().
-+ [Michael Douglass <mikedoug texas.net>, Dean Gaudet]
-+ PR#315, 459, 485, 1433
-+
-+ *) Yet another rearrangement of the source tree.. now all the common
-+ header files are in the src/include directory. The -Imain -Iap
-+ references in Makefiles have been changed to the simpler -Iinclude
-+ instead. In addition to simplifying the build a little bit, this
-+ also makes it clear when a module is referencing something in a
-+ other than kosher manner (e.g., the proxy including mod_mime.h).
-+ Module-private header files (the proxy, mod_mime, the regex library,
-+ and mod_rewrite) have not been moved to src/include; nor have
-+ the OS-abstraction files. [Ken Coar]
-+
-+ *) Fix a bug where r->hostname didn't have the :port stripped
-+ from it. [Dean Gaudet]
-+
-+ *) Tweaked the headers_out table size, and the subprocess_env
-+ table size guess in rename_original_environment(). Added
-+ MAKE_TABLE_PROFILE which can help discover make_table()
-+ calls that use too small an initial guess, see alloc.c.
-+ [Dean Gaudet]
-+
-+ *) Options and AllowOverride weren't properly merging in the main
-+ server setting inside vhosts (only an issue when you have no
-+ <Directory> or other section containing an Options that affects
-+ a request). Options +foo or -foo in the main_server wouldn't
-+ affect the main_server's lookup defaults. [Dean Gaudet]
-+
-+ *) Variable 'cwd' was being used pointlessly before being set.
-+ [Ken Coar] PR#1738
-+
-+ *) r->allowed handling cleaned up in the standard modules.
-+ [Dean Gaudet]
-+
-+ *) Some case-sensitivity issues cleaned up to be consistent with
-+ RFC2068. [Dean Gaudet]
-+
-+ *) SIGURG doesn't exist everywhere.
-+ [Mark Andrew Heinrich <heinrich tinderbox.Stanford.EDU>]
-+
-+ *) mod_unique_id was erroneously generating a second unique id when
-+ an internal redirect occured. Such redirects occur, for example,
-+ when processing a DirectoryIndex match. [Dean Gaudet]
-+
-+ *) API: table_add, table_merge, and table_set include implicit pstrdup()
-+ of the key and value. But in many cases this is not required
-+ because the key/value is a constant, or the value has been built
-+ by pstrcat() or other similar means. New routines table_addn,
-+ table_mergen, and table_setn have been added to the API, these
-+ routines do not pstrdup() their arguments. The core code and
-+ standard modules were changed to take advantage of these routines.
-+ The resulting server is up to 20% faster in some situations.
-+
-+ Note that it is easy to get code subtly wrong if you pass a key/value
-+ which is in a pool other than the pool of the table. The only
-+ safe thing to do is to pass key/values which are in the pool of
-+ the table, or in one of the ancestors of the pool of the table.
-+ i.e. if the table is part of a subrequest, a value from the main
-+ request's pool is OK since the subrequest pool is a sub_pool of the
-+ main request's pool (and therefore has a lifespan at most as long as
-+ the main pool). There is debugging code which can detect improper
-+ usage, enabled by defining POOL_DEBUG. See alloc.c for more details.
-+ [Dmitry Khrustalev <dima bog.msu.su>, Dean Gaudet]
-+
-+ *) More mod_mime_magic cleanup: fewer syscalls; should handle "files"
-+ which don't exist on disk more gracefully; handles vhosts properly.
-+ Update documentation to reflect the code -- if there's no
-+ MimeMagicFile directive then the module is not enabled.
-+ [Dean Gaudet]
-+
-+ *) PORT: Some older *nix dialects cannot automatically start scripts
-+ which begin with a #! interpreter line (the shell starts the scripts
-+ appropriately on these platforms). Apache now supports starting of
-+ "hashbang-scripts" when the NEED_HASHBANG_EMUL define is set.
-+ [Martin Kraemer, with code from Peter Wemm <peter zeus.dialix.oz.au>
-+ taken from tcsh]
-+
-+ *) API: "typedef array_header table" removed from alloc.h, folks should
-+ have been writing to use table as if it were an opaque type, but even
-+ some standard modules got this wrong. By changing the definition
-+ to "typedef struct table table" module authors will receive compile
-+ time warnings that they're doing the wrong thing. This change
-+ facilitates future changes with more sophisticated table
-+ structures. Specifically, module authors should be using table_elts()
-+ to get access to an array_header * for the table. [Dean Gaudet]
-+
-+ *) API: Renamed new_connection() to avoid namespace collision with LDAP
-+ library routines. [Ken Coar, Rasmus Lerdorf]
-+
-+ *) WIN32: mod_speling is now available on the Win32 platform.
-+ [Marc Slemko]
-+
-+ *) For clarity the following compile time definition was changed:
-+
-+ SAFE_UNSERIALIZED_ACCEPT -> SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-+
-+ Also, for example, HAVE_MMAP would mean to use mmap() scoreboards
-+ and not be a general notice that the OS has mmap(). Now the
-+ HAVE_MMAP/SHMGET #defines strictly are informational that the
-+ OS has that method of shared memory; the type to use for
-+ the scoreboard is a seperate #define (USE_MMAP_SCOREBOARD
-+ and USE_SHMGET_SCOREBOARD). This allows outside modules to
-+ determine if shared memory is available and allows Apache
-+ to determine the best method to use for the scoreboard.
-+ [Jim Jagielski]
-+
-+ *) PORT: UnixWare 2.1.2 SMP appears to require USE_FCNTL_SERIALIZED_ACCEPT,
-+ as do various earlier versions. It should be safe on all versions.
-+ Unixware 1.x appears to have the same SIGHUP bug as solaris does with
-+ the slack code. A few other cleanups for Unixware.
-+ [Tom Hughes <thh cyberscience.com>] PR#1082, PR#1282, PR#1499, PR#1553
-+
-+ *) PORT: A/UX can handle single-listen accepts without mutex
-+ locking, so we add SINGLE_LISTEN_UNSERIALIZED_ACCEPT. [Jim Jagielski]
-+
-+ *) When die() happens we need to eat any request body if one exists.
-+ Otherwise we can't continue with a keepalive session. This shows up
-+ as a POST problem with MSIE 4.0, typically against pages which are
-+ authenticated. [Roy Fielding] PR#1399
-+
-+ *) If you define SECURITY_HOLE_PASS_AUTHORIZATION then the Authorization
-+ header will be passed to CGIs. This is generally a security hole, so
-+ it's not a default. [Marc Slemko] PR#549
-+
-+ *) Fix Y2K problem with date printing in suexec log.
-+ [Paul Eggert <eggert twinsun.com>] PR#1343
-+
-+ *) WIN32 deserves a pid file. [Ben Hyde]
-+
-+ *) suexec errors now include the errno/description. [Marc Slemko] PR#1543
-+
-+ *) PORT: OSF/1 now uses USE_FLOCK_SERIALIZED_ACCEPT to solve PR#467.
-+ The choice of flock vs. fcntl was made based on timings which showed that
-+ even on non-NFS, non-exported filesystems fcntl() was an order of
-+ magnitude slower. It also uses SINGLE_LISTEN_UNSERIALIZED_ACCEPT so
-+ that single socket users will see no difference. [Dean Gaudet] PR#467
-+
-+ *) "File does not exist" error message was erroneously including the
-+ errno. [Marc Slemko]
-+
-+ *) Improve the warning message generated when a client drops the
-+ connection (hits stop button, etc.) during a send. [Roy Fielding]
-+
-+ *) Defining GPROF will disable profiling in the parent and enable it
-+ in the children. If you're profiling under Linux this is pretty much
-+ necessary because SIGPROF is lost across a fork(). [Dean Gaudet]
-+
-+ *) htdigest and htpasswd needed slight tweaks to work on OS/2 and WIN32.
-+ [Brian Havard]
-+
-+ *) The NeXT cc (which is gcc hacked up) doesn't appear to support some
-+ gcc functionality. Work around it.
-+ [Keith Severson <keith sssd.navy.mil>] PR#1613
-+
-+ *) Some linkers complain when .o files contain no functions.
-+ [Keith Severson <keith sssd.navy.mil>] PR#1614
-+
-+ *) Some const declarations in mod_imap.c that were added for debugging
-+ purposes caused some compilers heartburn without adding any
-+ significant value, so they've been removed. [Ken Coar]
-+
-+ *) The src/main/*.h header files have had #ifndef wrappers added to
-+ insulate them against duplicate calls if they get included through
-+ multiple paths (e.g., in .c files as well as other .h files).
-+ [Ken Coar]
-+
-+ *) The libap routines now have a header file for their prototypes,
-+ src/ap/ap.h, to ease their use in non-httpd applications. [Ken Coar]
-+
-+ *) mod_autoindex with a plaintext header file would emit the <PRE>
-+ start-tag before the HTML preamble, rather than after the preamble
-+ but before the header file contents. [John Van Essen <jve gamers.org>]
-+ PR#1667
-+
-+ *) SECURITY: Fix a possible buffer overflow in logresolve. This is
-+ only an issue on systems without a MAXDNAME define or where
-+ the resolver returns domain names longer than MAXDNAME. [Marc Slemko]
-+
-+ *) SECURITY: Eliminate possible buffer overflow in cfg_getline, which
-+ is used to read various types of files such as htaccess and
-+ htpasswd files. [Marc Slemko]
-+
-+ *) SECURITY: Ensure that the buffer returned by ht_time is always
-+ properly null terminated. [Marc Slemko]
-+
-+ *) The "Connection" header could be sent back with multiple "close"
-+ tokens. Not an error, but a waste.
-+ [<Ronald.Tschalaer psi.ch>] PR#1683
-+
-+ *) mod_rewrite's RewriteLog should behave like mod_log_config, it
-+ shouldn't force hostname lookups. [Dean Gaudet] PR#1684
-+
-+ *) "basic" auth needs a case-insensitive comparison.
-+ [<Ronald.Tschalaer psi.ch>] PR#1666
-+
-+ *) For maximum portability, the environment passed to CGIs should
-+ only contain variables whose names match the regex
-+ /[a-zA-Z][a-zA-Z0-9_]*/. This is now enforced by stamping
-+ underscores over any character outside the regex. This
-+ affects HTTP_* variables, in a way that should be backward
-+ compatible for all the standard headers; and affects variables
-+ set with SetEnv/BrowserMatch and similar directives.
-+ [Dean Gaudet]
-+
-+ *) mod_speling returned incorrect HREF's when an ambigous match
-+ was found. Noticed by <robinton amtrash.comlink.de> (Soeren Ziehe)
-+ [Soeren Ziehe <robinton amtrash.comlink.de>, Martin Kraemer]
-+
-+ *) PORT: Apache now compiles & runs on an EBCDIC mainframe
-+ (the Siemens BS2000/OSD family) in the POSIX subsystem
-+ [Martin Kraemer]
-+
-+ *) PORT: Fix problem killing children when terminating. Allow ^C
-+ to shut down the server. [Brian Havard]
-+
-+ *) pstrdup() is implicit in calls to table_* functions, so there's
-+ no need to do it before calling. Clean up a few cases.
-+ [Marc Slemko, Dean Gaudet]
-+
-+ *) new -C and -c command line arguments
-+ usage:
-+ -C "directive" : process directive before reading config files
-+ -c "directive" : process directive after reading config files
-+ example:
-+ httpd -C "PerlModule Apache::httpd_conf"
-+ [Doug MacEachern, Martin Kraemer]
-+
-+ *) WIN32: Fix the execution of CGIs that are scripts and called
-+ with path info that does not have an '=' in.
-+ (eg. http://server/cgi-bin/printenv?foobar)
-+ [Marc Slemko] PR#1591
-+
-+ *) WIN32: Fix a call to os_canonical_filename so it doesn't try to
-+ mess with fake filenames. This fixes proxy caching on
-+ win32. PR#1265
-+
-+ *) SECURITY: General mod_include cleanup, including fixing several
-+ possible buffer overflows and a possible infinite loop.
-+ [Dean Gaudet, Marc Slemko]
-+
-+ *) SECURITY: Numerous changes to mod_imap in a general cleanup
-+ including fixing a possible buffer overflow. [Dean Gaudet]
-+
-+ *) WIN32: overhaul of multithreading code. Shutdowns are now graceful
-+ (connections are not dropped). Code can handle graceful restarts
-+ (but there is as yet no way to signal this to Apache). Various
-+ other cleanups. [Paul Sutton]
-+
-+ *) The aplog_error changes specific to 1.3 introduced a buffer
-+ overrun in the (now legacy) log_printf function. Fixed.
-+ [Dean Gaudet]
-+
-+ *) mod_digest didn't properly deal with proxy authentication. It
-+ also lacked a case-insensitive comparision of the "Digest"
-+ token. [Ronald Tschalaer <Ronald.Tschalaer psi.ch>] PR#1599
-+
-+ *) A few cleanups in mod_status for efficiency. [Dean Gaudet]
-+
-+ *) A few cleanups in mod_info to make it thread-safe, and remove an
-+ off-by-5 bug that could hammer \0 on the stack. [Dean Gaudet]
-+
-+ *) no2slash() was O(n^2) in the length of the input. Make it O(n).
-+ [Dean Gaudet]
-+
-+ *) API: migration from strncpy() to our "enhanced" version called
-+ ap_cpystrn() for performance and functionality reasons.
-+ Located in libap.a. [Jim Jagielski]
-+
-+ *) table_set() and table_unset() did not deal correctly with
-+ multiple occurrences of the same key.
-+ [Stephen Scheck <sscheck infonex.net>, Ben Laurie] PR#1604
-+
-+ *) The AuthName must now be enclosed in quotes if it is to contain
-+ spaces. [Ken Coar] PR#1195
-+
-+ *) API: new function: ap_escape_quotes(). [Ken Coar] PR#1195
-+
-+ *) WIN32: Work around optimiser bug that killed ISAPI in release
-+ versions. [Ben Laurie] PR#1533
-+
-+ *) PORT: Update the MPE port [Mark Bixby, Jim Jagielski]
-+
-+ *) Interim (slow) fix for p->sub_pool critical sections in
-+ alloc.c (affects win32 only). [Ben Hyde]
-+
-+ *) non-WIN32 was missing destroy_mutex definition. [Ben Hyde]
-+
-+ *) send_fd_length() did not calculate total_bytes_sent properly.
-+ [Ben Reser <breser regnow.com>] PR#1366
-+
-+ *) The bputc() macro was not properly integrated with the chunking
-+ code; in many cases modules using bputc() could cause completely
-+ bogus chunked output. (Typically this will show up as problems
-+ with Internet Explorer 4.0 reading a page, but other browsers
-+ having no problem.) [Dean Gaudet]
-+
-+ *) Create LARGE_WRITE_THRESHOLD define which determines how many
-+ bytes have to be supplied to bwrite() before it will consider
-+ doing a writev() to assemble multiple buffers in one system
-+ call. This is critical for modules such as mod_include,
-+ mod_autoindex, mod_php3 which all use bputc()/bputs() of smaller
-+ strings in some cases. The result would be extra effort
-+ setting up writev(), and in many cases extra effort building
-+ chunks. The default is 31, it can be overriden at compile
-+ time. [Dean Gaudet]
-+
-+ *) Move the gid switching code into the child so that log files
-+ and pid files are opened with the root gid.
-+ [Gregory A Lundberg <lundberg vr.net>]
-+
-+ *) WIN32: Check for binaries by looking for the executable header
-+ instead of counting control characters.
-+ [Jim Patterson <Jim.Patterson Cognos.COM>] PR#1340
-+
-+ *) ap_snprintf() moved from main/util_snprintf.c to ap/ap_snprintf.c
-+ so the functionality is available to applications other than the
-+ server itself (like the src/support tools). [Ken Coar]
-+
-+ *) ap_slack() moved out of main/util.c into ap/ap_slack.c as part of
-+ the libap consolidation work. [Ken Coar]
-+
-+ *) ap_snprintf() with a len of 0 behaved like sprintf(). This is not
-+ useful, and isn't what the standards require. Now it returns 0
-+ and writes nothing. [Dean Gaudet]
-+
-+ *) When an error occurs in fcntl() locking suggest the user look up
-+ the docs for LockFile. [Dean Gaudet]
-+
-+ *) Eliminate some dead code from writev_it_all().
-+ [Igor Tatarinov <tatarino prairie.NoDak.edu>]
-+
-+ *) mod_autoindex had an fread() without checking the result code.
-+ It also wouldn't handle "AddIconByType (TXT,/icons/text.gif text/*"
-+ (note the missing closing paren) properly. [Dean Gaudet]
-+
-+ *) It appears the "257th byte" bug (see
-+ htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
-+ at the 256th byte as well. Fixed. [Dean Gaudet]
-+
-+ *) PORT: Fix mod_mime_magic under OS/2, no support for block devices.
-+ [Brian Havard]
-+
-+ *) Fix memory corruption caused by allocating auth usernames in the
-+ wrong pool. [Dean Gaudet] PR#1500
-+
-+ *) Fix an off-by-1, and an unterminated string error in
-+ mod_mime_magic. [Dean Gaudet]
-+
-+ *) Fix a potential SEGV problem in mod_negotiation when dealing
-+ with type-maps. [Dean Gaudet]
-+
-+ *) Better glibc support under Linux. [Dean Gaudet] PR#1542
-+
-+ *) "RedirectMatch gone /" would cause a SIGSEGV. [Dean Gaudet] PR#1319
-+
-+ *) WIN32: avoid overflows during file canonicalisations.
-+ [<malcolm mgdev.demon.co.uk>] PR#1378
-+
-+ *) WIN32: set_file_slot() didn't detect absolute paths. [Ben Laurie]
-+ PR#1511, 1508
-+
-+ *) WIN32: mod_status display header didn't match fields. [Ben Laurie]
-+
-+ *) The pthread_mutex_* functions return an error code, and don't
-+ set errno. [Igor Tatarinov <tatarino prairie.NoDak.edu>]
-+
-+ *) WIN32: Allow spaces to prefix the interpreter in #! lines.
-+ [Ben Laurie] PR#1101
-+
-+ *) WIN32: Cure file leak in CGIs. [Peter Tillemans <pti net4all.be>] PR#1523
-+
-+ *) proxy_ftp: the directory listings generated by the proxy ftp module
-+ now have a title in which the path components are clickable and allow
-+ quick navigation to the clicked-on directory on the currently listed
-+ ftp server. This also fixes a bug where the ".." directory links would
-+ sometimes refer to the wrong directory. [Martin Kraemer]
-+
-+ *) WIN32: Allocate the correct amount of memory for the scoreboard.
-+ [Ben Hyde] PR#1387
-+
-+ *) WIN32: Only lowercase the part of the path that is real. [Ben Laurie]
-+ PR#1505
-+
-+ *) Fix problems with timeouts in inetd mode and -X mode. [Dean Gaudet]
-+
-+ *) Fix the spurious "(0)unknown error: mmap_handler: mmap failed"
-+ error messages. [Ben Hyde]
-+
-+Changes with Apache 1.3b3
-+
-+ *) WIN32: Work around brain-damaged spawn calls that can't deal
-+ with spaces and slashes. [Ben Laurie]
-+
-+ *) WIN32: Fix the code so CGIs can use socket calls on Windows.
-+ The problem was that certain undocumented environment variables
-+ needed for sockets to work under Win32 were not being passed.
-+ [Frank Faubert <frank sane.com>]
-+
-+ *) Add a "-V" command line flag to the httpd binary. This
-+ flag shows some of the defines that Apache was compiled with.
-+ It is useful for debugging purposes. [Martin Kraemer]
-+
-+ *) Start separating the ap_*() routines into their own library, so they
-+ can be used by items in src/support among other things.
-+ [Ken Coar] PR#512, 905, 1252, 1308
-+
-+ *) Give a more informative error when no AuthType is set.
-+ [Lars Eilebrecht]
-+
-+ *) Remove strtoul() use from mod_proxy because it isn't available
-+ on all platforms. [Marc Slemko] PR#1214
-+
-+ *) WIN32: Some Win32 systems terminated all responses after 16 kB.
-+ This turns out to be a bug in Winsock - select() doesn't always
-+ return the correct status. [Ben Laurie]
-+
-+ *) Directives owned by http_core can now use the new check_cmd_context()
-+ routine to ensure that they're not being used within a container
-+ (e.g., <Directory>) where they're invalid. [Martin Kraemer]
-+
-+ *) PORT: Recent changes made it necessary to add explicit prototype
-+ for fgetc() and fgets() on SunOS 4.x. [Martin Kraemer, Ben Hyde]
-+
-+ *) It was necessary to distinguish between resources which are
-+ allocated in the parent, for cleanup in the parent, and resources
-+ which are allocated in each child, for cleanup in each child.
-+ A new pool was created which is passed to the module child_init
-+ and child_exit functions; modules are free to register per-child
-+ cleanups there. This fixes a bug with reliable piped logs.
-+ [Dean Gaudet]
-+
-+ *) mod_autoindex wasn't displaying the ReadmeName file at the bottom
-+ unless it was also doing FancyIndexes, but it displayed the
-+ HeaderName file at the top under all circumstances. It now shows
-+ the ReadmeName file for simple indices, too, as it should.
-+ [Ken Coar] PR#1373
-+
-+ *) http_core was mmap()ing even in cases where it wasn't going to
-+ read the file. [Ben Hyde <bhyde gensym.com>]
-+
-+ *) Complete rewrite ;-) of mod_rewrite's URL rewriting engine:
-+ Now the rewriting engine (the heart of mod_rewrite) is organized more
-+ straight-forward, first time well documented and reduced to the really
-+ essential parts. All redundant cases were stripped off and processing now
-+ is the same for both per-server and per-directory context with only a
-+ minimum difference (the prefix stripping in per-dir context). As a
-+ side-effect some subtle restrictions and two recently discovered problems
-+ are gone: Wrong escaping of QUERY_STRING on redirects in per-directory
-+ context and restrictions on the substitution URL on redirects.
-+ Additionally some minor source cleanups were done.
-+ [Ralf S. Engelschall]
-+
-+ *) Lars Eilebrecht wrote a whole new set of Apache Vhost Internals
-+ documentation, examples, explanations and caveats. They live in a new
-+ subdirectory htdocs/manual/vhost/. [Lars Eilebrecht <sfx unix-ag.org>]
-+
-+ *) If ap_slack fails to allocate above the low slack line it's a good
-+ indication that further problems will occur; it's a better indication
-+ than many external libraries give us when we actually run out of
-+ descriptors. So report it to the user once per restart.
-+ [Dean Gaudet] PR#1181
-+
-+ *) Change mod_include and mod_autoindex to use Y2K-safe date formats
-+ by default. [Ken Coar]
-+
-+ *) Add a "SuppressColumnSorting" option to the IndexOptions list,
-+ which will keep the column heading from being links for sorting
-+ the display. [Ken Coar, suggested by Brian Tiemann <btman pacific.net>]
-+ PR #1261
-+
-+ *) PORT: Update the LynxOS port. [Marius Groeger <mag sysgo.de>]
-+
-+ *) Fix logic error when issuing a mmap() failed message
-+ with a non-zero MMAP_THRESHOLD.
-+ [David Chambers <davidc flosun.salk.edu>] PR#1294
-+
-+ *) Preserve handler value on ProxyPass'ed requests by not
-+ calling find_types on a proxy'd request; fixes problems
-+ where some ProxyPass'ed URLs weren't actually passed
-+ to the proxy.
-+ [Lars Eilebrecht] PR#870
-+
-+ *) Fix a byte ordering problem in mod_access which prevented
-+ the old-style syntax (i.e. "a.b.c." to match a class C)
-+ from working properly. [Dean Gaudet] PR#1248, 1328, 1384
-+
-+ *) Fix problem with USE_FLOCK_SERIALIZED_ACCEPT not working
-+ properly. Each child needs to open the lockfile instead
-+ of using the passed file-descriptor from the parent.
-+ [Jim Jagielski] PR#1056
-+
-+ *) Fix the error logging in mod_cgi; the recent error log changes
-+ introduced a bug that prevented it from working correctly.
-+ [M.D.Parker] PR#1352
-+
-+ *) Default to USE_FCNTL_SERIALIZED_ACCEPT on HPUX to properly
-+ handle multiple Listen directives. [Marc Slemko] PR#872
-+
-+ *) Inherit a bugfix to fnmatch.c from FreeBSD sources.
-+ ["[KOI8-R] áÎÄÒÅÊ þÅÒÎÏ×" <ache nagual.pp.ru>] PR#1311
-+
-+ *) When a configuration parse complained about a bad directive,
-+ the logger would use whatever (unrelated) value was in errno.
-+ errno is now forced to EINVAL first in this case. [Ken Coar]
-+
-+ *) A sed command in the Configure script pushed the edge of POSIXness,
-+ breaking on some systems. [Bhaba R.Misra <system vt.edu>] PR#1368
-+
-+ *) Solaris >= 2.5 was totally broken due to a mess up using pthread
-+ mutexes. [Roy Fielding, Dean Gaudet]
-+
-+ *) OS/2 Port updated; it should be possible to build OS/2 from the same
-+ sources as Unix now. [Brian Havard <brianh kheldar.apana.org.au>]
-+
-+ *) Fix a year formatting bug in mod_usertrack.
-+ [Paul Eggert <eggert twinsun.com>] PR#1342
-+
-+ *) A mild SIGTERM/SIGALRM race condition was eliminated.
-+ [Dean Gaudet] PR#1211
-+
-+ *) Warn user that default path has changed if /usr/local/etc/httpd
-+ is found on the system. [Lars Eilebrecht]
-+
-+ *) Various mod_mime_magic bug fixes and cleanups: Uncompression
-+ should work, it should work on WIN32, and a few resource
-+ leaks and abort conditions are fixed.
-+ [Dean Gaudet] PR#1205
-+
-+ *) PORT: On AIX 1.x files can't be named '@', fix the proxy cache
-+ to use '%' instead of '@' in its encodings.
-+ [David Schuler <schuld btv.ibm.com>] PR#1317
-+
-+ *) Improve the warning message generated when the "server is busy".
-+ [Dean Gaudet] PR#1293
-+
-+ *) PORT: All ports which don't otherwise define DEF_WANTHSREGEX will
-+ get Spencer regex by default. This is to avoid having to
-+ discover bugs in operating system libraries. [Dean Gaudet]
-+
-+ *) PORT: "Fix" PR#467 by generating warnings on systems which we have
-+ not been able to get working USE_*_SERIALIZED_ACCEPT settings for.
-+ Document this a bit more in src/PORTING. [Dean Gaudet] PR#467
-+
-+ *) Ensure that one copy of config warnings makes it to the
-+ error_log. [Dean Gaudet]
-+
-+ *) Invent new structure and associated methods to handle config file
-+ reading. Add "custom" hook to use config file cfg_getline() on
-+ something which is not a FILE* [Martin Kraemer]
-+
-+ *) Make single-exe Windows install. [Ben Laurie and Eric Esselink]
-+
-+ *) WIN32: Make CGI work under Win95. [Ben Laurie and Paul Sutton]
-+
-+ *) WIN32: Make index.html and friends work under Win95. [Ben Laurie]
-+
-+ *) PORT: Solaris 2.4 needs Spencer regex, the system regex is broken.
-+ [John Line <jml4 cam.ac.uk>] PR#1321
-+
-+ *) Default pathname has been changed everywhere to /usr/local/apache
-+ [Sameer <sameer c2.net>]
-+
-+ *) PORT: AIX now uses USE_FCNTL_SERIALIZED_ACCEPT.
-+ [David Bronder <David-Bronder uiowa.edu>] PR#849
-+
-+ *) PORT: i386 AIX does not have memmove.
-+ [David Schuler <schuld btv.ibm.com>] PR#1267
-+
-+ *) PORT: HPUX now defaults to using Spencer regex.
-+ [Philippe Vanhaesendonck <pvanhaes be.oracle.com>,
-+ Omar Del Rio <al112263 academ01.lag.itesm.mx>] PR#482, 1246
-+
-+ *) PORT: Some versions of NetBSD don't automatically define
-+ __NetBSD__. Workaround by defining NETBSD.
-+ [Chris Craft <ccraft cncc.cc.co.us>] PR#977
-+
-+ *) PORT: UnixWare 2.x requires -lgen for syslog.
-+ [Hans Snijder <hs meganet.nl>] PR#1249
-+
-+ *) PORT: ULTRIX appears to not have syslog.
-+ [Lars Eilebrecht <Lars.Eilebrecht unix-ag.org>]
-+
-+ *) PORT: Basic Gemini port (treat it like unixware212).
-+ ["Pavel Yakovlev (Paul McHacker)" <hac tomcat.olly.ru>]
-+
-+ *) PORT: All SVR4 systems now use NET_SIZE_T = size_t, and
-+ use USE_SHMGET_SCOREBOARD.
-+ [Martin Kraemer]
-+
-+ *) Various improvements in detecting config file errors (missing closing
-+ directives for <Directory>, <Files> etc. blocks, prohibiting global
-+ server settings in <VirtualHost> blocks, flagging unhandled multiple
-+ arguments to <Directory>, <Files> etc.)
-+ [Martin Kraemer]
-+
-+ *) Add support to suexec wrapper program for mod_unique_id's UNIQUE_ID
-+ variable to provide this one to suexec'd CGIs, too.
-+ [M.D.Parker <mdpc netcom.com>] PR#1284
-+
-+ *) New support tool: src/support/split-logfile, a sample Perl script which
-+ splits up a combined access log into separate files based on the
-+ name of the virtual host (listed first in the log records by "%v").
-+ [Ken Coar]
-+
-+Changes with Apache 1.3b2 (there is no 1.3b1)
-+
-+ *) TestCompile was not passing $LIBS [Dean Gaudet]
-+
-+ *) Makefile.tmpl was not using $CFLAGS in the link phase.
-+ [Martin Kraemer]
-+
-+ *) Add debugging code to alloc.c. Defining ALLOC_DEBUG provides a
-+ rudimentary memory debugger which can be used on live servers with
-+ low impact -- it sets all allocated and freed memory bytes to 0xa5.
-+ Defining ALLOC_USE_MALLOC will cause the alloc code to use malloc()
-+ and free() for each object. This is far more expensive and should
-+ only be used for testing with tools such as Electric Fence and
-+ Purify. See main/alloc.c for more details. [Dean Gaudet]
-+
-+ *) Configure uses a sh trap and didn't set its exitcode properly.
-+ [Dean Gaudet] PR#1159
-+
-+ *) Yet another vhost revamp. Add the NameVirtualHost directive which
-+ explicitly lists the ip:port pairs that are to be used for name-vhosts.
-+ From a given ip:port, regardless what the Host: header is, you can
-+ only reach the vhosts defined on that ip:port. The precedence of
-+ vhosts was reversed to match other precedences in the config --
-+ the earlier vhosts override the later vhosts. All vhost matching was
-+ moved into http_vhost.[ch]. [Dean Gaudet]
-+
-+ *) ap_inline can be used to force inlining. GNUC __attribute__() can
-+ be used for whatever reason is appropriate (i.e. format() warnings
-+ for printf style functions). Both are enabled only with
-+ gcc >= 2.7.x (so that we have fewer support issues with older
-+ versions). [Dean Gaudet]
-+
-+ *) Fix support for Proxy Authentication (we were testing the response
-+ status too early). [Marc Slemko]
-+
-+ *) CoreDumpDirectory directive directs where the core file is
-+ written when a SIGSEGV, SIGBUS, SIGABORT or SIGABRT are
-+ received. [Marc Slemko, Dean Gaudet]
-+
-+ *) PORT: Support for Atari MINT.
-+ [Jan Paul Schmidt <Jan.P.Schmidt mni.fh-giessen.de>]
-+
-+ *) When booting, apache will now detach itself from stdin, stdout,
-+ and stderr. stderr will not be detached until after the config
-+ files have been read so you will be able to see initial error
-+ messages. After that all errors are logged in the error_log.
-+ This makes it more convenient to start apache via rsh, ssh,
-+ or crontabs. [Dean Gaudet] PR#523
-+
-+ *) mod_proxy was sending HTTP/1.1 responses to ftp requests by mistake.
-+ Also removed the auto-generated link to www.apache.org that was the
-+ source of so many misdirected bug reports. [Roy Fielding, Marc Slemko]
-+
-+ *) send_fb would not detect aborted connections in some situations.
-+ [Dean Gaudet]
-+
-+ *) mod_include would use uninitialized data when parsing certain
-+ expressions involving && and ||. [Brian Slesinsky] PR#1139
-+
-+ *) mod_imap should only handle GET methods. [Jay Bloodworth]
-+
-+ *) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
-+
-+ *) mod_autoindex improperly counted &escapes; as more than one
-+ character in the description. It also improperly truncated
-+ descriptions that were exactly the maximum length.
-+ [Martin Kraemer]
-+
-+ *) RedirectMatch was not properly escaping the result (PR#1155). Also
-+ "RedirectMatch /advertiser/(.*) $1" is now permitted.
-+ [Dean Gaudet]
-+
-+ *) mod_include now uses symbolic names to check for request success
-+ and return HTTP errors, and correctly handles all types of
-+ redirections (previously it only did temporary redirect correctly).
-+ [Ken Coar, Roy Fielding]
-+
-+ *) mod_userdir was modifying r->finfo in cases where it wasn't setting
-+ r->filename. Since those two are meant to be in sync with each other
-+ this is a bug. ["Paul B. Henson" <henson intranet.csupomona.edu>]
-+
-+ *) PORT: Support Unisys SVR4, whose uname returns mostly useless data.
-+ ["Kaufman, Steven E" <Steven.Kaufman unisys.com>]
-+
-+ *) Inetd mode (which is buggy) uses timeouts without having setup the
-+ jmpbuffer. [Dean Gaudet] PR#1064
-+
-+ *) Work around problem under Linux where a child will start looping
-+ reporting a select error over and over.
-+ [Rick Franchuk <rickf transpect.net>] PR#1107, 987, 588
-+
-+ *) Fixed error in proxy_util.c when looping through multiple host IP
-+ addresses. [Lars Eilebrecht] PR#974
-+
-+ *) If BUFFERED_LOGS is defined then mod_log_config will do atomic
-+ buffered writes -- that is, it will buffer up to PIPE_BUF (i.e. 4k)
-+ bytes before writing, but it will never split a log entry across a
-+ buffer boundary. [Dean Gaudet]
-+
-+ *) API: the short_score record has been split into two pieces, one which
-+ the parent writes on, and one which the child writes on. As part of
-+ this change the get_scoreboard_info() function was removed, and
-+ scoreboard_image was exported. This change fixes a race condition
-+ in file based scoreboard systems, and speeds up changes involving the
-+ scoreboard in earlier 1.3 development. [Dean Gaudet]
-+
-+ *) API: New register_other_child() API (see http_main.h) which allows
-+ modules to register children with the parent for maintenance. It
-+ is disabled by defining NO_OTHER_CHILD. [Dean Gaudet]
-+
-+ *) API: New piped_log API (see http_log.h) which implements piped logs,
-+ and will use register_other_child to implement reliable piped logs
-+ when it is available. The reliable piped logs part can be disabled
-+ by defining NO_RELIABLE_PIPED_LOGS. At the moment reliable piped
-+ logs is only available on Unix. [Dean Gaudet]
-+
-+ *) API: set_last_modified() broken into set_last_modified(), set_etag(), and
-+ meets_conditions(). This allows conditional HTTP selection to be
-+ handled separately from the storing of the header fields, and provides
-+ the ability for CGIs to set their own ETags for conditional checking.
-+ [Ken Coar, Roy Fielding] PR#895
-+
-+ *) Changes to mod_log_config to allow naming of format strings.
-+ Format nicknames are defined with "LogFormat fmt nickname", and can
-+ be used with "LogFormat nickname" and "CustomLog logtarget nickname".
-+ [Ken Coar]
-+
-+ *) New module, "mod_speling", which can help find files even when
-+ the URL is slightly misspelled. [Martin Kraemer, Alexei Kosut]
-+
-+ *) API: New function child_terminate() triggers the child process to
-+ exit, while allowing the child finish what it needs to for the
-+ current request first.
-+ [Doug MacEachern, Alexei Kosut]
-+
-+ *) Windows now defaults to using full status reports with mod_status.
-+ [Alexei Kosut] PR #1094
-+
-+ *) *Really* disable all mod_rewrite operations if the engine is off.
-+ Some things (like RewriteMaps) were checked/performed even if they
-+ weren't supposed to be. [Ken Coar] PR #991
-+
-+ *) Implement a new timer scheme which eliminates the need to call alarm() all
-+ the time. Instead a counter in the scoreboard for each child is used to
-+ show when the child has made forward progress. The parent samples this
-+ counter every scoreboard maintenance cycle, and issues SIGALRM if no
-+ progress has been made in the timeout period. This reduces the static
-+ request best-case syscall count to 22 from 29. This scheme is only
-+ used by systems with memory-based scoreboards. [Dean Gaudet]
-+
-+ *) The proxy now properly handles CONNECT requests which are sent
-+ to proxy servers when using ProxyRemote. [Marc Slemko] PR#1024
-+
-+ *) A script called apachectl has been added to the support
-+ directory. This script allows you to do things such as
-+ "apachectl start" and "apachectl restart" from the command
-+ line. [Marc Slemko]
-+
-+ *) Modules and core routines are now put into libraries, which
-+ simplifies the link line tremendously (among other advantages).
-+ [Paul Sutton]
-+
-+ *) Some of the MD5 names defined in Apache have been renamed to have
-+ an `ap_' prefix to avoid conflicts with routines supplied by
-+ external libraries. [Ken Coar]
-+
-+ *) Removal of mod_auth_msql.c from the distribution. There are many
-+ other options for databases today. Rather than offer one option,
-+ offer none at this time. mod_auth_msql and other SQL database
-+ authentication modules can be found at the Apache Module Registry.
-+ http://modules.apache.org/ It would be nice to offer a generic
-+ mod_auth_sql option in the near future.
-+
-+ *) PORT: BeOS support added [Alexei Kosut]
-+
-+ *) Configure no longer accepts the -make option, since it creates
-+ Makefile on the fly based on Makefile.tmpl and Configuration.
-+
-+ *) Apache now gracefully shuts down when it receives a SIGTERM, instead
-+ of forcibly killing off all its processes and exiting without
-+ cleaning up. [Alexei Kosut]
-+
-+ *) API: A new field in the request_rec, r->mtime, has been added to
-+ avoid gratuitous parsing of date strings. It is intended to hold
-+ the last-modified date of the resource (if applicable). An
-+ update_mtime() routine has also been added to advance it if
-+ appropriate. [Roy Fielding, Ken Coar]
-+
-+ *) SECURITY: If a htaccess file can not be read due to bad permissions,
-+ deny access to the directory with a HTTP_FORBIDDEN. The previous
-+ behavior was to ignore the htaccess file if it could not be read.
-+ This change may make some setups with unreadable htaccess files
-+ stop working. [Marc Slemko] PR#817
-+
-+ *) Add aplog_error() providing a mechanism to define levels of
-+ verbosity to the server error logging. This addition also provides
-+ the ability to log errors using syslogd. Error logging is configurable
-+ on a per-server basis using the LogLevel directive. Conversion
-+ of log_*() in progress. [Randy Terbush]
-+
-+ *) Further enhance aplog_error() to not log filename, line number, and
-+ errno information when it isn't applicable. [Ken Coar, Dean Gaudet]
-+
-+ *) WIN32: Canonicalise filenames under Win32. Short filenames are
-+ converted to long ones. Backslashes are converted to forward
-+ slashes. Case is converted to lower. Parts of URLs that do not
-+ correspond to files are left completely alone. [Ben Laurie]
-+
-+ *) PORT: 2 new OSs added to the list of ports:
-+ Encore's UMAX V: Arieh Markel <amarkel encore.com>
-+ Acorn RISCiX: Stephen Borrill <sborrill xemplar.co.uk>
-+
-+ *) Add the server version (SERVER_VERSION macro) to the "server
-+ configured and running" entry in the error_log. Also build an
-+ object file at link-time that contains the current time
-+ (SERVER_BUILT global const char[]), and include that in the
-+ message. [Ken Coar]
-+
-+ *) Set r->headers_out when sending responses from the proxy.
-+ This fixes things such as the logging of headers sent from
-+ the proxy. [Marc Slemko] PR#659
-+
-+ *) support/httpd_monitor is no longer distributed because the
-+ scoreboard should not be file based if at all possible. Use
-+ mod_status to see current server snapshot.
-+
-+ *) (set_file_slot): New function, allowing auth directives to be
-+ independent of the server root, so the server documents can be
-+ moved to a different directory or machine more easily.
-+ [David J. MacKenzie]
-+
-+ *) If no TransferLog is given explicitly, decline
-+ to log. This supports coexistence with other logging modules,
-+ such as the custom one that UUNET uses. [David J. MacKenzie]
-+
-+ *) Check for titles in server-parsed HTML files.
-+ Ignore leading newlines and returns in titles. The old behavior
-+ of replacing a newline after <title> with a space causes the
-+ title to be misaligned in the listing. [David J. MacKenzie]
-+
-+ *) Change mod_cern_meta to be configurable on a per-directory basis.
-+ [David J. MacKenzie]
-+
-+ *) Add 'Include' directive to allow inclusion of configuration
-+ files within configuration files. [Randy Terbush]
-+
-+ *) Proxy errors on connect() are logged to the error_log (nothing
-+ new); now they include the IP address and port that failed
-+ (*that's* new). [Ken Coar, Marc Slemko] PR#352
-+
-+ *) Various architectures now define USE_MMAP_FILES which causes
-+ the server to use mmap() for static files. There are two
-+ compile-time tunables MMAP_THRESHOLD (minimum number of bytes
-+ required to use mmap(), default is 0), and MMAP_SEGMENT_SIZE (maximum
-+ number of bytes written in one cycle from a single mmap()d object,
-+ default 32768). [Dean Gaudet]
-+
-+ *) API: Added post_read_request API phase which is run right after reading
-+ the request from a client, or right after an internal redirect. It is
-+ useful for modules setting environment variables that depend only on
-+ the headers/contents of the request. It does not run during subrequests
-+ because subrequests inherit pretty much everything from the main
-+ request. [Dean Gaudet]
-+
-+ *) Added mod_unique_id which is used to generate a unique identifier for
-+ each hit, available in the environment variable UNIQUE_ID.
-+ [Dean Gaudet]
-+
-+ *) init_modules is now called after the error logs have been opened. This
-+ allows modules to emit information messages into the error logs.
-+ [Dean Gaudet]
-+
-+ *) Fixed proxy-pass-through feature of mod_rewrite; Added error logging
-+ information for case where proxy module is not available. [Marc Slemko]
-+
-+ *) PORT: Apache has need for mutexes to serialize its children around
-+ accept. In prior versions either fcntl file locking or flock file
-+ locking were used. The method is chosen by the definition of
-+ USE_xxx_SERIALIZED_ACCEPT in conf.h. xxx is FCNTL for fcntl(),
-+ and FLOCK for flock(). New options have been added:
-+ - SYSVSEM to use System V style semaphores
-+ - PTHREAD to use POSIX threads (appears to work on Solaris only)
-+ - USLOCK to use IRIX uslock
-+ Based on timing various techniques, the following changes were made
-+ to the defaults:
-+ - Linux 2.x uses flock instead of fcntl
-+ - Solaris 2.x uses pthreads
-+ - IRIX uses SysV semaphores -- however multiprocessor IRIX boxes
-+ work far faster if you -DUSE_USLOCK_SERIALIZED_ACCEPT
-+ [Dean Gaudet, Pierre-Yves Kerembellec <Pierre-Yves.Kerembellec vtcom.fr>,
-+ Martijn Koster <m.koster pobox.com>]
-+
-+ *) PORT: The semantics of accept/select make it very desirable to use
-+ mutexes to serialize accept when multiple Listens are in use. But
-+ in the case where only a single socket is open it is sometimes
-+ redundant to serialize accept(). Not all unixes do a good job with
-+ potentially dozens of children blocked on accept() on the same
-+ socket. It's now possible to define SINGLE_LISTEN_UNSERIALIZED_ACCEPT and
-+ the server will avoid serialization when listening on only one socket,
-+ and use serialization when listening on multiple sockets.
-+ [Dean Gaudet] PR#467
-+
-+ *) Configure changes: TestLib replaced by TestCompile, which has
-+ some additional capability (such as doing a sanity check of
-+ the compiler and flags selected); the version of Solaris is now
-+ available via the #define value of SOLARIS2; IRIX n32bit libs
-+ now supported and selectable by new Configuration Rule: IRIXN32;
-+ We no longer default to -O2 optimization. [Jim Jagielski]
-+
-+ *) Updated Configure: Configuration now uses AddModule to specify
-+ module source or binary file location, relative to src directory.
-+ Modules can be dropped into modules/extra, or in their own
-+ directory, and modules can come with a Makefile or Configure can
-+ create one. Modules can add compiler or library information to
-+ generated Makefiles. [Paul Sutton]
-+
-+ *) Source core re-organisation: distributed modules are now in
-+ modules/standard. All other source code is in main. OS-specific
-+ code is in os/{unix,emx,win32} directories. [Paul Sutton]
-+
-+ *) mod_browser has been removed, since it's replaced by mod_setenvif.
-+ [Ken Coar]
-+
-+ *) Fix another long-standing bug in sub_req_lookup_file where it would
-+ happily skip past access checks on subdirectories looked up with
-+ relative paths. (It's used by mod_dir, mod_negotiation,
-+ and mod_include.) [Dean Gaudet]
-+
-+ *) directory_walk optimization to reduce an O(N*M) loop to O(N+M) where
-+ N is the number of <Directory> sections, and M is the number of
-+ components in the filename of an object.
-+
-+ To achieve this optimization the following config changes were made:
-+ - Wildcards (* and ?, not the regex forms) in <Directory>s,
-+ <Files>s, and <Location>s now treat a slash as a special
-+ character. For example "/home/*/public_html" previously would
-+ match "/home/a/andrew/public_html", now it only matches things
-+ like "/home/bob/public_html". This mimics /bin/sh behaviour.
-+ - It's possible now to use [] wildcarding in <Directory>, <Files>
-+ or <Location>.
-+ - Regex <Directory>s are applied after all non-regex <Directory>s.
-+
-+ [Dean Gaudet]
-+
-+ *) Fix a bug introduced in 1.3a1 directory_walk regarding .htaccess files
-+ and corrupted paths. [Dean Gaudet]
-+
-+ *) Enhanced and cleaned up the URL rewriting engine of mod_rewrite:
-+ First the grouped parts of RewriteRule pattern matches (parenthesis!) can
-+ be accessed now via backreferences $1..$9 in RewriteConds test-against
-+ strings in addition to RewriteRules subst string. Second the grouped
-+ parts of RewriteCond pattern matches (parenthesis!) can be accessed now
-+ via backreferences %1..%9 both in following RewriteCond test-against
-+ strings and RewriteRules subst string. This provides maximum flexibility
-+ through the use of backreferences.
-+ Additionally the rewriting engine was cleaned up by putting common
-+ code to the new expand_backrefs_inbuffer() function.
-+ [Ralf S. Engelschall]
-+
-+ *) When merging the main server's <Directory> and <Location> sections into
-+ a vhost, put the main server's first and the vhost's second. Otherwise
-+ the vhost can't override the main server. [Dean Gaudet] PR#717
-+
-+ *) The <Directory> code would merge and re-merge the same section after
-+ a match was found, possibly causing problems with some modules.
-+ [Dean Gaudet]
-+
-+ *) ip-based vhosts are stored and queried using a hashing function, which
-+ has been shown to improve performance on servers with many ip-vhosts.
-+ Some other changes had to be made to accommodate this:
-+ - the * address for vhosts now behaves like _default_
-+ - the matching process now is:
-+ - match an ip-vhost directly via hash (possibly matches main
-+ server)
-+ - if that fails, just pretend it matched the main server
-+ - if so far only the main server has been matched, perform
-+ name-based lookups (ServerName, ServerAlias, ServerPath)
-+ *only on name-based vhosts*
-+ - if they fail, look for _default_ vhosts
-+ [Dean Gaudet, Dave Hankins <dhankins sugarat.net>]
-+
-+ *) dbmmanage overhaul:
-+ - merge dbmmanage and dbmmanage.new functionality, remove dbmmanage.new
-+ - tie() to AnyDBM_File which will use one of DB_File, NDBM_File or
-+ GDBM_File (-ldb, -lndbm, -lgdbm) (trying each in that order)
-+ - provide better seed for rand
-+ - prompt for password as per getpass(3) (turn off echo, read from
-+ /dev/tty, etc.)
-+ - use "newstyle" crypt based on $Config{osname} ($^O)
-+ - will not add a user if already in database, use new `update' command
-+ instead
-+ - added `check' command to check a users' password
-+ - added `import' command to convert existing password text-files or
-+ dbm files exported with `view'
-+ - more descriptive usage, general cleanup, 'use strict' clean, etc.
-+ [Doug MacEachern]
-+
-+ *) Added psocket() which is a pool form of socket(), various places within
-+ the proxy weren't properly blocking alarms while registering the cleanup
-+ for its sockets. bclose() now uses pclose() and pclosesocket(). There
-+ was a bug where the client socket was being close()d twice due a still
-+ registered cleanup. [Dean Gaudet]
-+
-+ *) A few cleanups were made to reduce time(), getpid(), and signal() calls.
-+ [Dean Gaudet]
-+
-+ *) PORT: AIX >= 4.2 requires -lm due to libc changes.
-+ [Jason Venner <jason idiom.com>] PR#667
-+
-+ *) Enable ``=""'' for RewriteCond directives to match against
-+ the empty string. This is the preferred way instead of ``^$''.
-+ [Ralf S. Engelschall]
-+
-+ *) Fixed an infinite loop in mod_imap for references above the server root
-+ [Dean Gaudet] PR#748
-+
-+ *) mod_proxy now has a ReceiveBufferSize directive, similar to
-+ SendBufferSize, so that the TCP window can be set appropriately
-+ for LFNs. [Phillip A. Prindeville]
-+
-+ *) mod_browser has been replaced by the more general mod_setenvif
-+ (courtesy of Paul Sutton). BrowserMatch* directives are still
-+ available, but are now joined by SetEnvIf*, UnSetEnvIf*, and
-+ UnSetEnvIfZero directives. [Ken Coar]
-+
-+ *) "HostnameLookups double" forces double-reverse DNS to succeed in
-+ order for remote_host to be set (for logging, or for the env var
-+ REMOTE_HOST). The old define MAXIMUM_DNS has been deprecated.
-+ [Dean Gaudet]
-+
-+ *) mod_access overhaul:
-+ - Now understands network/netmask syntax (i.e. 10.1.0.0/255.255.0.0)
-+ and cidr syntax (i.e. 10.1.0.0/16). PR#762
-+ - Critical path was sped up by pre-computing a few things at config time.
-+ - The undocumented syntax "allow user-agents" was removed,
-+ the replacement is "allow from env=foobar" combined with mod_browser.
-+ - When used with hostnames it now forces a double-reverse lookup
-+ no matter what the directory settings are. This double-reverse
-+ doesn't affect any of the other routines that use the remote
-+ hostname. In particular it's still passed to CGIs and the log
-+ without the double-reverse check. Related PR#860.
-+ [Dean Gaudet]
-+
-+ *) When a large bwrite() occurs (larger than the internal buffer size),
-+ while there is already something in the buffer, apache will combine
-+ the large write and the buffer into a single writev(). (This is
-+ in anticipation of using mmap() for reading files.)
-+ [Dean Gaudet]
-+
-+ *) In obscure cases where a partial socket write occurred while chunking,
-+ Apache would omit the chunk header/footer on the next block. Cleaned
-+ up other bugs/inconsistencies in error conditions in buff.c. Fixed
-+ a bug where a long pause in DNS lookups could cause the last packet
-+ of a response to be unduly delayed. [Roy Fielding, Dean Gaudet]
-+
-+ *) API: Added child_exit function to module structure. This is called
-+ once per "heavy-weight process" just before a server child exit()'s
-+ e.g. when max_requests_per_child is reached, etc.
-+ [Doug MacEachern, Dean Gaudet]
-+
-+ *) mod_include cleanup showed that handle_else was being used to handle
-+ endif. It didn't cause problems, but it was cleaned up too.
-+ [Howard Fear]
-+
-+ *) mod_cern_meta would attempt to find meta files for the directory itself
-+ in some cases, but not in others. It now avoids it in all cases.
-+ [Dean Gaudet]
-+
-+ *) mod_mime_magic would core dump if there was a decompression error.
-+ [Martin Kraemer <Martin.Kraemer mch.sni.de>] PR#904
-+
-+ *) PORT: some variants of DGUX require -lsocket -lnsl
-+ [Alexander L Jones <alex systems-options.co.uk>] PR#732
-+
-+ *) mod_autoindex now allows sorting of FancyIndexed directory listings
-+ by the various fields (name, size, et cetera), either in ascending
-+ or descending order. Just click on the column header. [Ken Coar]
-+
-+ *) PORT: Various tweaks to eliminate pointer-int casting warnings on 64-bit
-+ CPUs like the Alpha. Apache still stores ints in pointers, but that's
-+ the relatively safe direction. [Dean Gaudet] PR#344
-+
-+ *) PORT: QNX mmap() support for faster/more reliable scoreboard handling.
-+ [Igor N Kovalenko <infoh mail.wplus.net>] PR#683
-+
-+ *) child_main avoids an unneeded call to select() when there is only one
-+ listening socket. [Dean Gaudet]
-+
-+ *) In the event that the server is starved for idle servers it will
-+ spawn 1, then 2, then 4, ..., then 32 servers each second,
-+ doubling each second. It'll also give a warning in the errorlog
-+ since the most common reason for this is a poor StartServers
-+ setting. The define MAX_SPAWN_RATE can be used to raise/lower
-+ the maximum. [Dean Gaudet]
-+
-+ *) Apache now provides an effectively unbuffered connection for
-+ CGI scripts. This means that data will be sent to the client
-+ as soon as the CGI pauses or stops output; previously, Apache would
-+ buffer the output up to a fixed buffer size before sending, which
-+ could result in the user viewing an empty page until the CGI finished
-+ or output a complete buffer. It is no longer necessary to use an
-+ "nph-" CGI to get unbuffered output. Given that most CGIs are written
-+ in a language that by default does buffering (e.g. perl) this
-+ shouldn't have a detrimental effect on performance.
-+
-+ "nph-" CGIs, which formerly provided a direct socket to the client
-+ without any server post-processing, were not fully compatible with
-+ HTTP/1.1 or SSL support. As such they would have had to implement
-+ the transport details, such as encryption or chunking, in order
-+ to work properly in certain situations. Now, the only difference
-+ between nph and non-nph scripts is "non-parsed headers".
-+ [Dean Gaudet, Sameer Parekh, Roy Fielding]
-+
-+ *) If a BUFF is switched from buffered to unbuffered reading the first
-+ bread() will return whatever remained in the buffer prior to the
-+ switch. [Dean Gaudet]
-+
-+Changes with Apache 1.3a1
-+
-+ *) Added another Configure helper script: TestLib. It determines
-+ if a specified library exists. [Jim Jagielski]
-+
-+ *) PORT: Allow for use of n32bit libraries under IRIX 6.x
-+ [derived from patch from Jeff Hayes <jhayes aw.sgi.com>]
-+ PR#721
-+
-+ *) PORT: Some architectures use size_t for various lengths in network
-+ functions such as accept(), and getsockname(). The definition
-+ NET_SIZE_T is used to control this. [Dean Gaudet]
-+
-+ *) PORT: Linux: Attempt to detect glibc based systems and include crypt.h
-+ and -lcrypt. Test for various db libraries (dbm, ndbm, db) when
-+ mod_auth_dbm or mod_auth_db are included. [Dean Gaudet]
-+
-+ *) PORT: QNX doesn't have initgroups() which support/suexec.c uses.
-+ [Igor N Kovalenko <infoh mail.wplus.net>]
-+
-+ *) "force-response-1.0" now only applies to requests which are HTTP/1.0 to
-+ begin with. "nokeepalive" now works for HTTP/1.1 clients. Added
-+ "downgrade-1.0" which causes Apache to pretend it received a 1.0.
-+ [Dean Gaudet] related PR#875
-+
-+ *) API: Correct child_init() slot declaration from int to void, to
-+ match the init() declaration. Update mod_example to use the new
-+ hook. [Ken Coar]
-+
-+ *) added transport handle slot (t_handle) to the BUFF structure
-+ [Doug MacEachern]
-+
-+ *) get_client_block() returns wrong length if policy is
-+ REQUEST_CHUNKED_DECHUNK.
-+ [Kenichi Hori <ken d2.bs1.fc.nec.co.jp>] PR#815
-+
-+ *) Support the image map format of FrontPage. For example:
-+ rect /url.hrm 10 20 30 40
-+ ["Chris O'Byrne" <obyrne iol.ie>] PR#807
-+
-+ *) PORT: -lresolv and -lsocks were in the wrong order for Solaris.
-+ ["Darren O'Shaughnessy" <darren aaii.oz.au>] PR#846
-+
-+ *) AddModuleInfo directive for mod_info which allows you to annotate
-+ the output of mod_info. ["Lou D. Langholtz" <ldl usi.utah.edu>]
-+
-+ *) Added NoProxy directive to avoid using ProxyRemote for selected
-+ addresses. Added ProxyDomain directive to cause unqualified
-+ names to be qualified by redirection.
-+ [Martin Kraemer <Martin.Kraemer mch.sni.de>]
-+
-+ *) Support Proxy Authentication, and don't pass the Proxy-Authorize
-+ header to the remote host in the proxy. [Sameer Parekh and
-+ Wallace]
-+
-+ *) Upgraded mod_rewrite from 3.0.6+ to latest officially available version
-+ 3.0.9. This upgrade includes: fixed deadlooping on rewriting to same
-+ URLs, fixed rewritelog(), fixed forced response code handling on
-+ redirects from within .htaccess files, disabled pipe locking under
-+ braindead SunOS 4.1.x, allow env variables to be set even on rules with
-+ no substitution, bugfixed situations where HostnameLookups is off, made
-+ mod_rewrite more thread-safe for NT port and fixed problem when creating
-+ an empty query string via "xxx?".
-+ This update also removes the copyright of Ralf S. Engelschall,
-+ i.e. now mod_rewrite no longer has a shared copyright. Instead is is
-+ exclusively copyrighted by the Apache Group now. This happened because
-+ the author now has gifted mod_rewrite exclusively to the Apache Group and
-+ no longer maintains an external version.
-+ [Ralf S. Engelschall]
-+
-+ *) API: Added child_init function to module structure. This is called
-+ once per "heavy-weight process" before any requests are handled.
-+ See http_config.h for more details. [Dean Gaudet]
-+
-+ *) Anonymous_LogEmail was logging on each subrequest.
-+ [Dean Gaudet] PR#421, 868
-+
-+ *) API: Added is_initial_req() which tests if the request being
-+ processed is the initial request, or a subrequest.
-+ [Doug MacEachern]
-+
-+ *) Extended SSI (mod_include) now handles additional relops for
-+ string comparisons (<, >, <=, and >=). [Bruno Wolff III] PR#41
-+
-+ *) Configure fixed to correctly propagate user-selected options and
-+ settings (such as CC and OPTIM) to Makefiles other than
-+ src/Makefile (notably support/Makefile). [Ken Coar] PR#666, #834
-+
-+ *) IndexOptions SuppressHTMLPreamble now causes the actual HTML of
-+ directory indices to start with the contents of the HeaderName file
-+ if there is one. If there isn't one, the behaviour is unchanged.
-+ [Ken Coar, Roy Fielding, Andrey A. Chernov]
-+
-+ *) WIN32: Modules can now be dynamically loaded DLLs using the
-+ LoadModule/LoadFile directives. Note that module DLLs must be
-+ compiled with the multithreaded DLL version of the runtime library.
-+ [Alexei Kosut and Ben Laurie]
-+
-+ *) Automatic indexing removed from mod_dir and placed into mod_autoindex.
-+ This allows the admin to completely remove automatic indexing
-+ from the server, while still supporting the basic functions of
-+ trailing-slash redirects and DirectoryIndex files. Note that if
-+ you're carrying over an old Configuration file and you use directory
-+ indexing then you'll want to add:
-+
-+ Module autoindex_module mod_autoindex.o
-+
-+ before mod_dir in your Configuration. [Dean Gaudet]
-+
-+ *) popendir/pclosedir created to properly protect directory scanning.
-+ [Dean Gaudet] PR#525
-+
-+ *) AliasMatch, ScriptAliasMatch and RedirectMatch directives added,
-+ giving regex support to mod_alias. <DirectoryMatch>, <LocationMatch>
-+ and <FilesMatch> sections added to succeed <DirectoryMatch ~>, etc...
-+ [Alexei Kosut]
-+
-+ *) The AccessFileName directive can now take more than one filename.
-+ ["Lou D. Langholtz" <ldl usi.utah.edu>]
-+
-+ *) The new mod_mime_magic can be used to "magically" determine the type
-+ of a file if the extension is unknown. Based on the unix file(1)
-+ command. [Ian Kluft <ikluft cisco.com>]
-+
-+ *) We now determine and display the time spent processing a
-+ request if desired. [Jim Jagielski]
-+
-+ *) mod_status: PID field of "dead" child slots no longer displays
-+ main httpd process's PID. [Jim Jagielski]
-+
-+ *) Makefile.nt added - to build all the bits from the command line:
-+ nmake -f Makefile.nt
-+ Doesn't yet work properly. [Ben Laurie]
-+
-+ *) Default text of 404 error is now "Not Found" rather than the
-+ potentially misleading "File Not Found". [Ken Coar]
-+
-+ *) CONFIG: "HostnameLookups" now defaults to off because it is far better
-+ for the net if we require people that actually need this data to
-+ enable it. [Linus Torvalds]
-+
-+ *) directory_walk() is an expensive function, keep a little more state to
-+ avoid needless string counting. Add two new functions make_dirstr_parent
-+ and make_dirstr_prefix which replace all existing uses of make_dirstr.
-+ The new functions are a little less general than make_dirstr, but
-+ work more efficiently (less memory, less string counting).
-+ [Dean Gaudet]
-+
-+ *) EXTRA_LFLAGS was changed to EXTRA_LDFLAGS (and LFLAGS was changed
-+ to LDFLAGS) to avoid complications with lex rules in make files.
-+ [Dean Gaudet] PR#372
-+
-+ *) run_method optimized to avoid needless scanning over NULLs in the
-+ module list. [Dean Gaudet]
-+
-+ *) Revamp of (unix) scoreboard management code such that it avoids
-+ unnecessary traversals of the scoreboard on each hit. This is
-+ particularly important for high volume sites with a large
-+ HARD_SERVER_LIMIT. Some of the previous operations were O(n^2),
-+ and are now O(n). See also SCOREBOARD_MAINTENANCE_INTERVAL in
-+ httpd.h. [Dean Gaudet]
-+
-+ *) In configurations using multiple Listen statements it was possible for
-+ busy sockets to starve other sockets of service. [Dean Gaudet]
-+
-+ *) Added hook so standalone_main can be replaced at compile time
-+ (define STANDALONE_MAIN)
-+ [Doug MacEachern]
-+
-+ *) Lowest-level read/write functions in buff.c will be replaced with
-+ the SFIO library calls sfread/sfwrite if B_SFIO is defined at
-+ compile time. The default sfio discipline will behave as apache
-+ would without sfio compiled in.
-+ [Doug MacEachern]
-+
-+ *) Enhance UserDir directive (mod_userdir) to accept a list of
-+ usernames for the 'disable' keyword, and add 'enable user...' to
-+ selectively *en*able userdirs if they're globally disabled.
-+ [Ken Coar]
-+
-+ *) If NETSCAPE_DBM_COMPAT is defined in EXTRA_CFLAGS then Apache
-+ will work with Netscape dbm files. (dbmmanage will probably not
-+ work however.) [Alexander Spohr <aspohr netmatic.com>] PR#444
-+
-+ *) Add a ListenBacklog directive to control the backlog parameter
-+ passed to listen(). Also change the default to 511 from 512.
-+ [Marc Slemko]
-+
-+ *) API: A new handler response DONE which informs apache that the
-+ request has been handled and it can finish off quickly, similar to
-+ how it handles errors. [Rob Hartill]
-+
-+ *) Turn off chunked encoding after sending terminating chunk/footer
-+ so that we can't do it twice by accident. [Roy Fielding]
-+
-+ *) mod_expire also issues Cache-Control: max-age headers.
-+ [Rob Hartill]
-+
-+ *) API: Added kill_only_once option for free_proc_chain so that it won't
-+ aggressively try to kill off specific children. For fastcgi.
-+ [Stanley Gambarin <gambarin OpenMarket.com>]
-+
-+ *) mod_auth deals with extra ':' delimited fields. [Marc Slemko]
-+
-+ *) Added IconHeight and IconWidth to mod_dir's IndexOptions directive.
-+ When used together, these cause mod_dir to emit HEIGHT and WIDTH
-+ attributes in the FancyIndexing IMG tags. [Ken Coar]
-+
-+ *) PORT: Sequent and SONY NEWS-OS support added. [Jim Jagielski]
-+
-+ *) PORT: Added Windows NT support
-+ [Ben Laurie and Ambarish Malpani <ambarish valicert.com>]
-+
-+Changes with Apache 1.2.6
-+
-+ *) mod_include when using XBitHack Full would send ETags in addition to
-+ sending Last-Modifieds. This is incorrect HTTP/1.1 behaviour.
-+ [Dean Gaudet] PR#1133
-+
-+ *) SECURITY: When a client connects to a particular port/addr, and
-+ gives a Host: header ensure that the virtual host requested can
-+ actually be reached via that port/addr. [Ed Korthof <ed organic.com>]
-+
-+ *) Support virtual hosts with wildcard port and/or multiple ports
-+ properly. [Ed Korthof <ed organic.com>]
-+
-+ *) Fixed some case-sensitivity issues according to RFC2068.
-+ [Dean Gaudet]
-+
-+ *) Set r->allowed properly in mod_asis.c, mod_dir.c, mod_info.c,
-+ and mod_include.c. [Dean Gaudet]
-+
-+ *) Variable 'cwd' was being used pointlessly before being set.
-+ [Ken Coar] PR#1738
-+
-+ *) SIGURG doesn't exist on all platforms.
-+ [Mark Andrew Heinrich <heinrich tinderbox.Stanford.EDU>]
-+
-+ *) When an error occurs during a POST, or other operation with a
-+ request body, the body has to be read from the net before allowing
-+ a keepalive session to continue. [Roy Fielding] PR#1399
-+
-+ *) When an error occurs in fcntl() locking suggest the user look up
-+ the docs for LockFile. [Dean Gaudet]
-+
-+ *) table_set() and table_unset() did not deal correctly with
-+ multiple occurrences of the same key. [Stephen Scheck
-+ <sscheck infonex.net>, Ben Laurie] PR#1604
-+
-+ *) send_fd_length() did not calculate total_bytes_sent properly in error
-+ cases. [Ben Reser <breser regnow.com>] PR#1366
-+
-+ *) r->connection->user was allocated in the wrong pool causing corruption
-+ in some cases when used with mod_cern_meta. [Dean Gaudet] PR#1500
-+
-+ *) mod_proxy was sending HTTP/1.1 responses to ftp requests by mistake.
-+ Also removed the auto-generated link to www.apache.org that was the
-+ source of so many misdirected bug reports. [Roy Fielding, Marc Slemko]
-+
-+ *) Multiple "close" tokens may have been set in the "Connection"
-+ header, not an error, but a waste.
-+ [<Ronald.Tschalaer psi.ch>] PR#1683
-+
-+ *) "basic" and "digest" auth tokens should be tested case-insensitive.
-+ [<Ronald.Tschalaer psi.ch>] PR#1599, PR#1666
-+
-+ *) It appears the "257th byte" bug (see
-+ htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
-+ at the 256th byte as well. Fixed. [Dean Gaudet]
-+
-+ *) mod_rewrite would not handle %3f properly in some situations.
-+ [Ralf Engelschall]
-+
-+ *) Apache could generate improperly chunked HTTP/1.1 responses when
-+ the bputc() or rputc() functions were used by modules (such as
-+ mod_include). [Dean Gaudet]
-+
-+ *) #ifdef wrap a few #defines in httpd.h to make life easier on
-+ some ports. [Ralf Engelschall]
-+
-+ *) Fix MPE compilation error in mod_usertrack.c. [Mark Bixby]
-+
-+ *) Quote CC='$(CC)' to improve recurse make calls. [Martin Kraemer]
-+
-+ *) Avoid B_ERROR redeclaration on sysvr4 systems. [Martin Kraemer]
-+
-+Changes with Apache 1.2.5
-+
-+ *) SECURITY: Fix a possible buffer overflow in logresolve. This is
-+ only an issue on systems without a MAXDNAME define or where
-+ the resolver returns domain names longer than MAXDNAME. [Marc Slemko]
-+
-+ *) Fix an improper length in an ap_snprintf call in proxy_date_canon().
-+ [Marc Slemko]
-+
-+ *) Fix core dump in the ftp proxy when reading incorrectly formatted
-+ directory listings. [Marc Slemko]
-+
-+ *) SECURITY: Fix possible minor buffer overflow in the proxy cache.
-+ [Marc Slemko]
-+
-+ *) SECURITY: Eliminate possible buffer overflow in cfg_getline, which
-+ is used to read various types of files such as htaccess and
-+ htpasswd files. [Marc Slemko]
-+
-+ *) SECURITY: Ensure that the buffer returned by ht_time is always
-+ properly null terminated. [Marc Slemko]
-+
-+ *) SECURITY: General mod_include cleanup, including fixing several
-+ possible buffer overflows and a possible infinite loop. This cleanup
-+ was done against 1.3 code and then backported to 1.2, the result
-+ is a large difference (due to indentation cleanup in 1.3 code).
-+ Users interested in seeing a smaller set of relevant differences
-+ should consider comparing against src/modules/standard/mod_include.c
-+ from the 1.3b3 release. Non-indentation changes to mod_include
-+ between 1.2 and 1.3 were minimal. [Dean Gaudet, Marc Slemko]
-+
-+ *) SECURITY: Numerous changes to mod_imap in a general cleanup
-+ including fixing a possible buffer overflow. This cleanup also
-+ was done with 1.3 code as a basis, see the previous note
-+ about mod_include. [Dean Gaudet]
-+
-+ *) SECURITY: If a htaccess file can not be read due to bad
-+ permissions, deny access to the directory with a HTTP_FORBIDDEN.
-+ The previous behavior was to ignore the htaccess file if it could not
-+ be read. This change may make some setups with unreadable
-+ htaccess files stop working. PR#817 [Marc Slemko]
-+
-+ *) SECURITY: no2slash() was O(n^2) in the length of the input.
-+ Make it O(n). This inefficiency could be used to mount a denial
-+ of service attack against the Apache server. Thanks to
-+ Michal Zalewski <lcamtuf boss.staszic.waw.pl> for reporting
-+ this. [Dean Gaudet]
-+
-+ *) mod_include used uninitialized data for some uses of && and ||.
-+ [Brian Slesinsky <bslesins wired.com>] PR#1139
-+
-+ *) mod_imap should decline all non-GET methods.
-+ [Jay Bloodworth <jay pathways.sde.state.sc.us>]
-+
-+ *) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
-+
-+ *) mod_userdir was modifying r->finfo in cases where it wasn't setting
-+ r->filename. Since those two are meant to be in sync with each other
-+ this is a bug. ["Paul B. Henson" <henson intranet.csupomona.edu>]
-+
-+ *) mod_include did not properly handle all possible redirects from sub-
-+ requests. [Ken Coar]
-+
-+ *) Inetd mode (which is buggy) uses timeouts without having setup the
-+ jmpbuffer. [Dean Gaudet] PR#1064
-+
-+ *) Work around problem under Linux where a child will start looping
-+ reporting a select error over and over.
-+ [Rick Franchuk <rickf transpect.net>] PR#1107
-+
-+Changes with Apache 1.2.4
-+
-+ *) The ProxyRemote change in 1.2.3 introduced a bug resulting in the proxy
-+ always making requests with the full-URI instead of just the URI path.
-+ [Marc Slemko, Roy Fielding]
-+
-+ *) Add -lm for AIX versions >= 4.2 to allow Apache to link properly
-+ on this platform. [Marc Slemko]
-+
-+Changes with Apache 1.2.3
-+
-+ *) The request to a remote proxy was mangled if it was generated as the
-+ result of a ProxyPass directive. URL schemes other than http:// were not
-+ supported when ProxyRemote was used. PR#260, PR#656, PR#699, PR#713,
-+ PR#812 [Lars Eilebrecht]
-+
-+ *) Fixed proxy-pass-through feature of mod_rewrite; Added error logging
-+ information for case where proxy module is not available. [Marc Slemko]
-+
-+ *) Force proxy to always respond as HTTP/1.0, which it was failing to
-+ do for errors and cached responses. [Roy Fielding]
-+
-+ *) PORT: Improved support for ConvexOS 11. [Jeff Venters]
-+
-+Changes with Apache 1.2.2 [not released]
-+
-+ *) Fixed another long-standing bug in sub_req_lookup_file where it would
-+ happily skip past access checks on subdirectories looked up with relative
-+ paths. (It's used by mod_dir, mod_negotiation, and mod_include.)
-+ [Dean Gaudet]
-+
-+ *) Add lockfile name to error message printed out when
-+ USE_FLOCK_SERIALIZED_ACCEPT is defined.
-+ [Marc Slemko]
-+
-+ *) Enhanced the chunking and error handling inside the buffer functions.
-+ [Dean Gaudet, Roy Fielding]
-+
-+ *) When merging the main server's <Directory> and <Location> sections into
-+ a vhost, put the main server's first and the vhost's second. Otherwise
-+ the vhost can't override the main server. [Dean Gaudet] PR#717
-+
-+ *) The <Directory> code would merge and re-merge the same section after
-+ a match was found, possibly causing problems with some modules.
-+ [Dean Gaudet]
-+
-+ *) Fixed an infinite loop in mod_imap for references above the server root.
-+ [Dean Gaudet] PR#748
-+
-+ *) mod_include cleanup showed that handle_else was being used to handle
-+ endif. It didn't cause problems, but it was cleaned up too.
-+ [Howard Fear]
-+
-+ *) Last official synchronization of mod_rewrite with author version (because
-+ mod_rewrite is now directly developed by the author at the Apache Group):
-+ o added diff between mod_rewrite 3.0.6+ and 3.0.9
-+ minus WIN32/NT stuff, but plus copyright removement.
-+ In detail:
-+ - workaround for detecting infinite rewriting loops
-+ - fixed setting of env vars when "-" is used as subst string
-+ - fixed forced response code on redirects (PR#777)
-+ - fixed cases where r->args is ""
-+ - kludge to disable locking on pipes under braindead SunOS
-+ - fix for rewritelog in cases where remote hostname is unknown
-+ - fixed totally damaged request_rec walk-back loop
-+ o remove static from local data and add static to global ones.
-+ o replaced ugly proxy finding stuff by simple
-+ find_linked_module("mod_proxy") call.
-+ o added missing negation char on rewritelog()
-+ o fixed a few comment typos
-+ [Ralf S. Engelschall]
-+
-+ *) Anonymous_LogEmail was logging on each subrequest.
-+ [Dean Gaudet] PR#421, PR#868
-+
-+ *) "force-response-1.0" now only applies to requests which are HTTP/1.0 to
-+ begin with. "nokeepalive" now works for HTTP/1.1 clients. Added
-+ "downgrade-1.0" which causes Apache to pretend it received a 1.0.
-+ Additionally mod_browser now triggers during translate_name to workaround
-+ a deficiency in the header_parse phase.
-+ [Dean Gaudet] PR#875
-+
-+ *) get_client_block() returns wrong length if policy is
-+ REQUEST_CHUNKED_DECHUNK.
-+ [Kenichi Hori <ken d2.bs1.fc.nec.co.jp>] PR#815
-+
-+ *) Properly treat <files> container like other containers in mod_info.
-+ [Marc Slemko] PR#848
-+
-+ *) The proxy didn't treat the "Host:" keyword of the host header as case-
-+ insensitive. The proxy would corrupt the first line of a response from
-+ an HTTP/0.9 server. [Kenichi Hori <ken d2.bs1.fc.nec.co.jp>] PR#813,814
-+
-+ *) mod_include would log some bogus values occasionally.
-+ [Skip Montanaro <skip calendar.com>, Marc Slemko] PR#797
-+
-+ *) PORT: The slack fd changes in 1.2.1 introduced a problem with SIGHUP
-+ under Solaris 2.x (up through 2.5.1). It has been fixed.
-+ [Dean Gaudet] PR#832
-+
-+ *) API: In HTTP/1.1, whether or not a request message contains a body
-+ is independent of the request method and based solely on the presence
-+ of a Content-Length or Transfer-Encoding. Therefore, our default
-+ handlers need to be prepared to read a body even if they don't know
-+ what to do with it; otherwise, the body would be mistaken for the
-+ next request on a persistent connection. discard_request_body()
-+ has been added to take care of that. [Roy Fielding] PR#378
-+
-+ *) API: Symbol APACHE_RELEASE provides a numeric form of the Apache
-+ release version number, such that it always increases along the
-+ same lines as our source code branching. [Roy Fielding]
-+
-+ *) Minor oversight on multiple variants fixed. [Paul Sutton] PR#94
-+
-+Changes with Apache 1.2.1
-+
-+ *) SECURITY: Don't serve file system objects unless they are plain files,
-+ symlinks, or directories. This prevents local users from using pipes
-+ or named sockets to invoke programs for an extremely crude form of
-+ CGI. [Dean Gaudet]
-+
-+ *) SECURITY: HeaderName and ReadmeName were settable in .htaccess and
-+ could contain "../" allowing a local user to "publish" any file on
-+ the system. No slashes are allowed now. [Dean Gaudet]
-+
-+ *) SECURITY: It was possible to violate the symlink Options using mod_dir
-+ (headers, readmes, titles), mod_negotiation (type maps), or
-+ mod_cern_meta (meta files). [Dean Gaudet]
-+
-+ *) SECURITY: Apache will refuse to run as "User root" unless
-+ BIG_SECURITY_HOLE is defined at compile time. [Dean Gaudet]
-+
-+ *) CONFIG: If a symlink pointed to a directory then it would be disallowed
-+ if it contained a .htaccess disallowing symlinks. This is contrary
-+ to the rule that symlink permissions are tested with the symlink
-+ options of the parent directory. [Dean Gaudet] PR#353
-+
-+ *) CONFIG: The LockFile directive can be used to place the serializing
-+ lockfile in any location. It previously defaulted to /usr/tmp/htlock.
-+ [Somehow it took four of us: Randy Terbush, Jim Jagielski, Dean Gaudet,
-+ Marc Slemko]
-+
-+ *) Request processing now retains state of whether or not the request
-+ body has been read, so that internal redirects and subrequests will
-+ not try to read it twice (and block). [Roy Fielding]
-+
-+ *) Add a placeholder in modules/Makefile to avoid errors with certain
-+ makes. [Marc Slemko]
-+
-+ *) QUERY_STRING was unescaped in mod_include, it shouldn't be.
-+ [Dean Gaudet] PR#644
-+
-+ *) mod_include was not properly changing the current directory.
-+ [Marc Slemko] PR#742
-+
-+ *) Attempt to work around problems with third party libraries that do not
-+ handle high numbered descriptors (examples include bind, and
-+ solaris libc). On all systems apache attempts to keep all permanent
-+ descriptors above 15 (called the low slack line). Solaris users
-+ can also benefit from adding -DHIGH_SLACK_LINE=256 to EXTRA_CFLAGS
-+ which keeps all non-FILE * descriptors above 255. On all systems
-+ this should make supporting large numbers of vhosts with many open
-+ log files more feasible. If this causes trouble please report it,
-+ you can disable this workaround by adding -DNO_SLACK to EXTRA_CFLAGS.
-+ [Dean Gaudet] various PRs
-+
-+ *) Related to the last entry, network sockets are now opened before
-+ log files are opened. The only known case where this can cause
-+ problems is under Solaris with many virtualhosts and many Listen
-+ directives. But using -DHIGH_SLACK_LINE=256 described above will
-+ work around this problem. [Dean Gaudet]
-+
-+ *) USE_FLOCK_SERIALIZED_ACCEPT is now default for FreeBSD, A/UX, and
-+ SunOS 4.
-+
-+ *) Improved unix error response logging. [Marc Slemko]
-+
-+ *) Update mod_rewrite from 3.0.5 to 3.0.6. New ruleflag
-+ QSA=query_string_append. Also fixed a nasty bug in per-dir context:
-+ when a URL http://... was used in conjunction with a special
-+ redirect flag, e.g. R=permanent, the permanent status was lost.
-+ [Ronald Tschalaer <Ronald.Tschalaer psi.ch>, Ralf S. Engelschall]
-+
-+ *) If an object has multiple variants that are otherwise equal Apache
-+ would prefer the last listed variant rather than the first.
-+ [Paul Sutton] PR#94
-+
-+ *) "make clean" at the top level now removes *.o. [Dean Gaudet] PR#752
-+
-+ *) mod_status dumps core in inetd mode. [Marc Slemko and Roy Fielding]
-+ PR#566
-+
-+ *) pregsub had an off-by-1 in its error checking code. [Alexei Kosut]
-+
-+ *) PORT: fix rlim_t problems with AIX 4.2. [Marc Slemko] PR#333
-+
-+ *) PORT: Update UnixWare support for 2.1.2.
-+ [Lawrence Rosenman <ler lerctr.org>] PR#511
-+
-+ *) PORT: NonStop-UX [Joachim Schmitz <schmitz_joachim tandem.com>] PR#327
-+
-+ *) PORT: Update ConvexOS support for 11.5.
-+ [David DeSimone <fox convex.com>] PR#399
-+
-+ *) PORT: Support for DEC cc compiler under ULTRIX.
-+ ["P. Alejandro Lopez-Valencia" <alejolo ideam.gov.co>] PR#388
-+
-+ *) PORT: Support for Maxion/OS SVR4.2 Real Time Unix. [no name given] PR#383
-+
-+ *) PORT: Workaround for AIX 3.x compiler bug in http_bprintf.c.
-+ [Marc Slemko] PR#725
-+
-+ *) PORT: fix problem compiling http_bprintf.c with gcc under SCO
-+ [Marc Slemko] PR#695
-+
-+Changes with Apache 1.2
-+
-+Changes with Apache 1.2b11
-+
-+ *) Fixed open timestamp fd in proxy_cache.c [Chuck Murcko]
-+
-+ *) Added undocumented perl SSI mechanism for -DUSE_PERL_SSI and mod_perl.
-+ [Doug MacEachern, Rob Hartill]
-+
-+ *) Proxy needs to use hard_timeout instead of soft_timeout when it is
-+ reading from one buffer and writing to another, at least until it has
-+ a custom timeout handler. [Roy Fielding and Petr Lampa]
-+
-+ *) Fixed problem on IRIX with servers hanging in IdentityCheck,
-+ apparently due to a mismatch between sigaction and setjmp.
-+ [Roy Fielding] PR#502
-+
-+ *) Log correct status code if we timeout before receiving a request (408)
-+ or if we received a request-line that was too long to process (414).
-+ [Ed Korthof and Roy Fielding] PR#601
-+
-+ *) Virtual hosts with the same ServerName, but on different ports, were
-+ not being selected properly. [Ed Korthof]
-+
-+ *) Added code to return the requested IP address from proxy_host2addr()
-+ if gethostbyaddr() fails due to reverse DNS lookup problems. Original
-+ change submitted by Jozsef Hollosi <hollosi sbcm.com>.
-+ [Chuck Murcko] PR#614
-+
-+ *) If multiple requests on a single connection are used to retrieve
-+ data from different virtual hosts, the virtual host list would be
-+ scanned starting with the most recently used VH instead of the first,
-+ causing most virtual hosts to be ignored.
-+ [Paul Sutton and Martin Mares] PR#610
-+
-+ *) The OS/2 handling of process group was broken by a porting patch for
-+ MPE, so restored prior code for OS/2. [Roy Fielding and Garey Smiley]
-+
-+ *) Inherit virtual server port from main server if none (or "*") is
-+ given for VirtualHost. [Dean Gaudet] PR#576
-+
-+ *) If the lookup for a DirectoryIndex name with content negotiation
-+ has found matching variants, but none are acceptable, return the
-+ negotiation result if there are no more DirectoryIndex names to lookup.
-+ [Petr Lampa and Roy Fielding]
-+
-+ *) If a soft_timeout occurs after keepalive is set, then the main child
-+ loop would try to read another request even though the connection
-+ has been aborted. [Roy Fielding]
-+
-+ *) Configure changes: Allow for whitespace at the start of a
-+ Module declaration. Also, be more understanding about the
-+ CC=/OPTIM= format in Configuration. Finally, fix compiler
-+ flags if using HP-UX's cc compiler. [Jim Jagielski]
-+
-+ *) Subrequests and internal redirects now inherit the_request from the
-+ original request-line. [Roy Fielding]
-+
-+ *) Test for error conditions before creating output header fields, since
-+ we don't want the error message to include those fields. Likewise,
-+ reset the content_language(s) and content_encoding of the response
-+ before generating or redirecting to an error message, since the new
-+ message will have its own Content-* definitions. [Dean Gaudet]
-+
-+ *) Restored the semantics of headers_out (headers sent only with 200..299
-+ and 304 responses) and err_headers_out (headers sent with all responses).
-+ Avoid the overhead of copying tables if err_headers_out is empty
-+ (the usual case). [Roy Fielding]
-+
-+ *) Fixed a couple places where a check for the default Content-Type was
-+ not properly checking both the value configured by the DefaultType
-+ directive and the DEFAULT_TYPE symbol in httpd.h. Changed the value
-+ of DEFAULT_TYPE to match the documented default (text/plain).
-+ [Dean Gaudet] PR#506
-+
-+ *) Escape the HTML-sensitive characters in the Request-URI that is
-+ output for each child by mod_status. [Dean Gaudet and Ken Coar] PR#501
-+
-+ *) Properly initialize the flock structures used by the mutex locking
-+ around accept() when USE_FCNTL_SERIALIZED_ACCEPT is defined.
-+ [Marc Slemko]
-+
-+ *) The method for determining PATH_INFO has been restored to the pre-1.2b
-+ (and NCSA httpd) definition wherein it was the extra path info beyond
-+ the CGI script filename. The environment variable FILEPATH_INFO has
-+ been removed, and instead we supply the original REQUEST_URI to any
-+ script that wants to be Apache-specific and needs the real URI path.
-+ This solves a problem with existing scripts that use extra path info
-+ in the ScriptAlias directive to pass options to the CGI script.
-+ [Roy Fielding]
-+
-+ *) The _default_ change in 1.2b10 will change the behaviour on configs
-+ that use multiple Listen statements for listening on multiple ports.
-+ But that change is necessary to make _default_ consistent with other
-+ forms of <VirtualHost>. It requires such configs to be modified
-+ to use <VirtualHost _default_:*>. The documentation has been
-+ updated. [Dean Gaudet] PR#530
-+
-+ *) If an ErrorDocument CGI script is used to respond to an error
-+ generated by another CGI script which has already read the message
-+ body of the request, the server would block trying to read the
-+ message body again. [Rob Hartill]
-+
-+ *) signal() replacement conflicted with a define on QNX (and potentially
-+ other platforms). Fixed. [Ben Laurie] PR#512
-+
-+Changes with Apache 1.2b10
-+
-+ *) Allow HTTPD_ROOT, SERVER_CONFIG_FILE, DEFAULT_PATH, and SHELL_PATH
-+ to be configured via -D in Configuration. [Dean Gaudet] PR#449
-+
-+ *) <VirtualHost _default_:portnum> didn't work properly. [Dean Gaudet]
-+
-+ *) Added prototype for mktemp() for SUNOS4 [Marc Slemko]
-+
-+ *) In mod_proxy.c, check return values for proxy_host2addr() when reading
-+ config, in case the hostent struct returned is trash.
-+ [Chuck Murcko] PR #491
-+
-+ *) Fixed the fix in 1.2b9 for parsing URL query info into args for CGI
-+ scripts. [Dean Gaudet, Roy Fielding, Marc Slemko]
-+
-+Changes with Apache 1.2b9 [never announced]
-+
-+ *) Reset the MODULE_MAGIC_NUMBER to account for the unsigned port
-+ changes and in anticipation of 1.2 final release. [Roy Fielding]
-+
-+ *) Fix problem with scripts not receiving a SIGPIPE when client drops
-+ the connection (e.g., when user presses Stop). Apache will now stop
-+ trying to send a message body immediately after an error from write.
-+ [Roy Fielding and Nathan Kurz] PR#335
-+
-+ *) Rearrange Configuration.tmpl so that mod_rewrite has higher priority
-+ than mod_alias, and mod_alias has higher priority than mod_proxy;
-+ rearranged other modules to enhance understanding of their purpose
-+ and relative order (and maybe even reduce some overhead).
-+ [Roy Fielding and Sameer Parekh]
-+
-+ *) Fix graceful restart. Eliminate many signal-related race
-+ conditions in both forms of restart, and in SIGTERM. See
-+ htdocs/manual/stopping.html for details on stopping and
-+ restarting the parent. [Dean Gaudet]
-+
-+ *) Fix memory leaks in mod_rewrite, mod_browser, mod_include. Tune
-+ memory allocator to avoid a behaviour that required extra blocks to
-+ be allocated. [Dean Gaudet]
-+
-+ *) Allow suexec to access files relative to current directory but not
-+ above. (Excluding leading / or any .. directory.) [Ken Coar]
-+ PR#269, 319, 395
-+
-+ *) Fix suexec segfault when group doesn't exist. [Gregory Neil Shapiro]
-+ PR#367, 368, 354, 453
-+
-+ *) Fix the above fix: if suexec is enabled, avoid destroying r->url
-+ while obtaining the /~user and save the username in a separate data
-+ area so that it won't be overwritten by the call to getgrgid(), and
-+ fix some misuse of the pool string allocation functions. Also fixes
-+ a general problem with parsing URL query info into args for CGI scripts.
-+ [Roy Fielding] PR#339, 367, 354, 453
-+
-+ *) Fix IRIX warning about bzero undefined. [Marc Slemko]
-+
-+ *) Fix problem with <Directory proxy:...>. [Martin Kraemer] PR#271
-+
-+ *) Corrected spelling of "authoritative". AuthDBAuthoratative became
-+ AuthDBAuthoritative. [Marc Slemko] PR#420
-+
-+ *) MaxClients should be at least 1. [Lars Eilebrecht] PR#375
-+
-+ *) The default handler now logs invalid methods or URIs (i.e. PUT on an
-+ object that can't be PUT, or FOOBAR for some method FOOBAR that
-+ apache doesn't know about at all). Log 404s that occur in mod_include.
-+ [Paul Sutton, John Van Essen]
-+
-+ *) If a soft timeout (or lingerout) occurs while trying to flush a
-+ buffer or write inside buff.c or fread'ing from a CGI's output,
-+ then the timeout would be ignored. [Roy Fielding] PR#373
-+
-+ *) Work around a bug in Netscape Navigator versions 2.x, 3.x and 4.0b2's
-+ parsing of headers. If the terminating empty-line CRLF occurs starting
-+ at the 256th or 257th byte of output, then Navigator will think a normal
-+ image is invalid. We are guessing that this is because their initial
-+ read of a new request uses a 256 byte buffer. We check the bytes written
-+ so far and, if we are about to tickle the bug, we instead insert a
-+ padding header of eminent bogosity. [Roy Fielding and Dean Gaudet] PR#232
-+
-+ *) Fixed SIGSEGV problem when a DirectoryIndex file is also the source
-+ of an external redirection. [Roy Fielding and Paul Sutton]
-+
-+ *) Configure would create a broken Makefile if the configuration file
-+ contained a commented-out Rule. [Roy Fielding]
-+
-+ *) Promote per_dir_config and subprocess_env from the subrequest to the
-+ main request in mod_negotiation. In particular this fixes a bug
-+ where <Files> sections wouldn't properly apply to negotiated content.
-+ [Dean Gaudet]
-+
-+ *) Fix a potential deadlock in mod_cgi script_err handling.
-+ [Ralf S. Engelschall]
-+
-+ *) rotatelogs zero-pads the logfile names to improve alphabetic sorting.
-+ [Mitchell Blank Jr]
-+
-+ *) Updated mod_rewrite to 3.0.4: Fixes HTTP redirects from within
-+ .htaccess files because the RewriteBase was not replaced correctly.
-+ Updated mod_rewrite to 3.0.5: Fixes problem with rewriting inside
-+ <Directory> sections missing a trailing /. [Ralf S. Engelschall]
-+
-+ *) Clean up Linux settings in conf.h by detecting 2.x versus 1.x. For
-+ 1.x the settings are those of pre-1.2b8. For 2.x we include
-+ USE_SHMGET_SCOREBOARD (scoreboard in shared memory rather than file) and
-+ HAVE_SYS_RESOURCE_H (enable the RLimit commands).
-+ [Dean Gaudet] PR#336, PR#340
-+
-+ *) Redirect did not preserve ?query_strings when present in the client's
-+ request. [Dean Gaudet]
-+
-+ *) Configure was finding non-modules on EXTRA_LIBS. [Frank Cringle] PR#380
-+
-+ *) Use /bin/sh5 on ULTRIX. [P. Alejandro Lopez-Valencia] PR#369
-+
-+ *) Add UnixWare compile/install instructions. [Chuck Murcko]
-+
-+ *) Add mod_example (illustration of API techniques). [Ken Coar]
-+
-+ *) Add macro for memmove to conf.h for SUNOS4. [Marc Slemko]
-+
-+ *) Improve handling of directories when filenames have spaces in them.
-+ [Chuck Murcko]
-+
-+ *) For hosts with multiple IP addresses, try all additional addresses if
-+ necessary to get a connect. Fail only if hostent address list is
-+ exhausted. [Chuck Murcko]
-+
-+ *) More signed/unsigned port fixes. [Dean Gaudet]
-+
-+ *) HARD_SERVER_LIMIT can be defined in the Configuration file now.
-+ [Dean Gaudet]
-+
-+Changes with Apache 1.2b8
-+
-+ *) suexec.c doesn't close the log file, allowing CGIs to continue writing
-+ to it. [Marc Slemko]
-+
-+ *) The addition of <Location> and <File> directives made the
-+ sub_req_lookup_simple() function bogus, so we now handle
-+ the special cases directly. [Dean Gaudet]
-+
-+ *) We now try to log where the server is dumping core when a fatal
-+ signal is received. [Ken Coar]
-+
-+ *) Improved lingering_close by adding a special timeout, removing the
-+ spurious log messages, removing the nonblocking settings (they
-+ are not needed with the better timeout), and adding commentary
-+ about the NO_LINGCLOSE and USE_SO_LINGER issues. NO_LINGCLOSE is
-+ now the default for SunOS4, UnixWare, NeXT, and IRIX. [Roy Fielding]
-+
-+ *) Send error messages about setsockopt failures to the server error
-+ log instead of stderr. [Roy Fielding]
-+
-+ *) Fix loopholes in proxy cache expiry vis a vis alarms. [Brian Moore]
-+
-+ *) Stopgap solution for CGI 3-second delay with server-side includes: if
-+ processing a subrequest, allocate memory from r->main->pool instead
-+ of r->pool so that we can avoid waiting for free_proc_chain to cleanup
-+ in the middle of an SSI request. [Dean Gaudet] PR #122
-+
-+ *) Fixed status of response when POST is received for a nonexistent URL
-+ (was sending 405, now 404) and when any method is sent with a
-+ full-URI that doesn't match the server and the server is not acting
-+ as a proxy (was sending 501, now 403). [Roy Fielding]
-+
-+ *) Host port changed to unsigned short. [Ken Coar] PR #276
-+
-+ *) Fix typo in command definition of AuthAuthoritative. [Ken Coar] PR #246
-+
-+ *) Defined USE_SHMGET_SCOREBOARD for shared memory on Linux. [Dean Gaudet]
-+
-+ *) Report extra info from errno with many errors that cause httpd to exit.
-+ spawn_child, popenf, and pclosef now have valid errno returns in the
-+ event of an error. Correct problems where errno was stomped on
-+ before being reported. [Dean Gaudet]
-+
-+ *) In the proxy, if the cache filesystem was full, garbage_coll() was
-+ never called, and thus the filesystem would remain full indefinitely.
-+ We now also remove incomplete cache files left if the origin server
-+ didn't send a Content-Length header and either the client has aborted
-+ transfer or bwrite() to client has failed. [Petr Lampa]
-+
-+ *) Fixed the handling of module and script-added header fields.
-+ Improved the interface for sending header fields and reduced
-+ the duplication of code between sending okay responses and errors.
-+ We now always send both headers_out and err_headers_out, and
-+ ensure that the server-reserved fields are not being overridden,
-+ while not overriding those that are not reserved. [Roy Fielding]
-+
-+ *) Moved transparent content negotiation fields to err_headers_out
-+ to reflect above changes. [Petr Lampa]
-+
-+ *) Fixed the determination of whether or not we should make the
-+ connection persistent for all of the cases where some other part
-+ of the server has already indicated that we should not. Also
-+ improved the ordering of the test so that chunked encoding will
-+ be set whenever it is desired instead of only when KeepAlive
-+ is enabled. Added persistent connection capability for most error
-+ responses (those that do not indicate a bad input stream) when
-+ accessed by an HTTP/1.1 client. [Roy Fielding]
-+
-+ *) Added missing timeouts for sending header fields, error responses,
-+ and the last chunk of chunked encoding, each of which could have
-+ resulted in a process being stuck in write forever. Using soft_timeout
-+ requires that the sender check for an aborted connection rather than
-+ continuing after an EINTR. Timeouts that used to be initiated before
-+ send_http_header (and never killed) are now initiated only within or
-+ around the routines that actually do the sending, and not allowed to
-+ propagate above the caller. [Roy Fielding]
-+
-+ *) mod_auth_anon required an @ or a . in the email address, not both.
-+ [Dirk vanGulik]
-+
-+ *) per_dir_defaults weren't set correctly until directory_walk for
-+ name-based vhosts. This fixes an obscure bug with the wrong config
-+ info being used for vhosts that share the same ip as the server.
-+ [Dean Gaudet]
-+
-+ *) Improved generation of modules/Makefile to be more generic for
-+ new module directories. [Ken Coar, Chuck Murcko, Roy Fielding]
-+
-+ *) Generate makefile dependency for Configuration based on the actual
-+ name given when running the Configure process. [Dean Gaudet]
-+
-+ *) Fixed problem with vhost error log not being set prior to
-+ initializing virtual hosts. [Dean Gaudet]
-+
-+ *) Fixed infinite loop when a trailing slash is included after a type map
-+ file URL (extra path info). [Petr Lampa]
-+
-+ *) Fixed server status updating of per-connection counters. [Roy Fielding]
-+
-+ *) Add documentation for DNS issues (reliability and security), and try
-+ to explain the virtual host matching process. [Dean Gaudet]
-+
-+ *) Try to continue gracefully by disabling the vhost if a DNS lookup
-+ fails while parsing the configuration file. [Dean Gaudet]
-+
-+ *) Improved calls to setsockopt. [Roy Fielding]
-+
-+ *) Negotiation changes: Don't output empty content-type in variant list;
-+ Output charset in variant list; Return sooner from handle_multi() if
-+ no variants found; Add handling of '*' wildcard in Accept-Charset.
-+ [Petr Lampa and Paul Sutton]
-+
-+ *) Fixed overlaying of request/sub-request notes and headers in
-+ mod_negotiation. [Dean Gaudet]
-+
-+ *) If two variants' charset quality are equal and one is the default
-+ charset (iso-8859-1), then prefer the variant that was specifically
-+ listed in Accept-Charset instead of the default. [Petr Lampa]
-+
-+ *) Memory allocation problem in push_array() -- it would corrupt memory
-+ when nalloc==0. [Kai Risku <krisku tf.hut.fi> and Roy Fielding]
-+
-+ *) invoke_handler() doesn't handle mime arguments in content-type
-+ [Petr Lampa] PR#160
-+
-+ *) Reduced IdentityCheck timeout to 30 seconds, as per RFC 1413 minimum.
-+ [Ken Coar]
-+
-+ *) Fixed problem with ErrorDocument not working for virtual hosts
-+ due to one of the performance changes in 1.2b7. [Dean Gaudet]
-+
-+ *) Log an error message if we get a request header that is too long,
-+ since it may indicate a buffer overflow attack. [Marc Slemko]
-+
-+ *) Made is_url() allow "[-.+a-zA-Z0-9]+:" as a valid scheme and
-+ not reject URLs without a double-slash, as per RFC2068 section 3.2.
-+ [Ken Coar] PR #146, #187
-+
-+ *) Added table entry placeholder for new header_parser callback
-+ in all of the distributed modules. [Ken Coar] PR #191
-+
-+ *) Allow for cgi files without the .EXE extension on them under OS/2.
-+ [Garey Smiley] PR #59
-+
-+ *) Fixed error message when resource is not found and URL contains
-+ path info. [Petr Lampa and Dean Gaudet] PR #40
-+
-+ *) Fixed user and server confusion over what should be a virtual host
-+ and what is the main server, resulting in access to something
-+ other than the name defined in the virtualhost directive (but
-+ with the same IP address) failing. [Dean Gaudet]
-+
-+ *) Updated mod_rewrite to version 3.0.2, which: fixes compile error on
-+ AIX; improves the redirection stuff to enable the users to generally
-+ redirect to http, https, gopher and ftp; added TIME variable for
-+ RewriteCond which expands to YYYYMMDDHHMMSS strings and added the
-+ special patterns >STRING, <STRING and =STRING to RewriteCond, which
-+ can be used in conjunction with %{TIME} or other variables to create
-+ time-dependent rewriting rules. [Ralf S. Engelschall]
-+
-+ *) bpushfd() no longer notes cleanups for the file descriptors it is handed.
-+ Module authors may need to adjust their code for proper cleanup to take
-+ place (that is, call note_cleanups_for_fd()). This change fixes problems
-+ with file descriptors being erroneously closed when the proxy module was
-+ in use. [Ben Laurie]
-+
-+ *) Fix bug in suexec reintroduced by changes in 1.2b7 which allows
-+ initgroups() to hose the group information needed for later
-+ comparisons. [Randy Terbush]
-+
-+ *) Remove unnecessary call to va_end() in create_argv() which
-+ caused a SEGV on some systems.
-+
-+ *) Use proper MAXHOSTNAMELEN symbol for limiting length of server name.
-+ [Dean Gaudet]
-+
-+ *) Clear memory allocated for listeners. [Randy Terbush]
-+
-+ *) Improved handling of IP address as a virtualhost address and
-+ introduced "_default_" as a synonym for the default vhost config.
-+ [Dean Gaudet] PR #212
-+
-+Changes with Apache 1.2b7
-+
-+ *) Port to UXP/DS(V20) [Toshiaki Nomura <nom yk.fujitsu.co.jp>]
-+
-+ *) unset Content-Length if chunked (RFC-2068) [Petr Lampa]
-+
-+ *) mod_negotiation fixes [Petr Lampa] PR#157, PR#158, PR#159
-+ - replace protocol response numbers with symbols
-+ - save variant-list into main request notes
-+ - free allocated memory from subrequests
-+ - merge notes, headers_out and err_headers_out
-+
-+ *) changed status check mask in proxy_http.c from "HTTP/#.# ### *" to
-+ "HTTP/#.# ###*" to be more lenient about what we accept.
-+ [Chuck Murcko]
-+
-+ *) more proxy FTP bug fixes:
-+ - Changed send_dir() to remove user/passwd from displayed URL.
-+ - Changed login error messages to be more descriptive.
-+ - remove setting of SO_DEBUG socket option
-+ - Make ftp_getrc() more lenient about multiline responses,
-+ specifically, 230 responses which don't have continuation 230-
-+ on each line). These seem to be all NT FTP servers, and while
-+ perhaps questionable, they appear to be legal by RFC 959.
-+ - Add missing kill_timeout() after transfer to user completes.
-+ [Chuck Murcko]
-+
-+ *) Fixed problem where a busy server could hang when restarting
-+ after being sent a SIGHUP due to child processes not exiting.
-+ [Marc Slemko]
-+
-+ *) Modify mod_include escaping so a '\' only signifies an escaped
-+ character if the next character is one that needs
-+ escaping. [Ben Laurie]
-+
-+ *) Eliminated possible infinite loop in mod_imap when relative URLs are
-+ used with a 'base' directive that does not have a '/' in it.
-+ [Marc Slemko, reported by Onno Witvliet <onno tc.hsa.nl>]
-+
-+ *) Reduced the default timeout from 1200 seconds to 300, and the
-+ one in the sample configfile from 400 to 300. [Marc Slemko]
-+
-+ *) Stop vbprintf from crashing if given a NULL string pointer;
-+ print (null) instead. [Ken Coar]
-+
-+ *) Don't disable Nagle algorithm if system doesn't have TCP_NODELAY.
-+ [Marc Slemko and Roy Fielding]
-+
-+ *) Fixed problem with mod_cgi-generated internal redirects trying to
-+ read the request message-body twice. [Archie Cobbs and Roy Fielding]
-+
-+ *) Reduced timeout on lingering close, removed possibility of a blocked
-+ read causing the child to hang, and stopped logging of errors if
-+ the socket is not connected (reset by client). [Roy Fielding]
-+
-+ *) Rearranged main child loop to remove duplication of code in
-+ select/accept and keep-alive requests, fixed several bugs regarding
-+ checking scoreboard_image for exit indication and failure to
-+ account for all success conditions and trap all error conditions,
-+ prevented multiple flushes before closing the socket; close the entire
-+ socket buffer instead of just one descriptor, prevent logging of
-+ EPROTO and ECONNABORTED on platforms where supported, and generally
-+ improved readability. [Roy Fielding]
-+
-+ *) Extensive performance improvements. Cleaned up inefficient use of
-+ auto initializers, multiple is_matchexp calls on a static string,
-+ and excessive merging of response_code_strings. [Dean Gaudet]
-+
-+ *) Added double-buffering to mod_include to improve performance on
-+ server-side includes. [Marc Slemko]
-+
-+ *) Several fixes for suexec wrapper. [Randy Terbush]
-+ - Make wrapper work for files on NFS filesystem.
-+ - Fix portability problem of MAXPATHLEN.
-+ - Fix array overrun problem in clean_env().
-+ - Fix allocation of PATH environment variable
-+
-+ *) Removed extraneous blank line is description of mod_status chars.
-+ [Kurt Kohler]
-+
-+ *) Logging of errors from the call_exec routine simply went nowhere,
-+ since the logfile fd has been closed, so now we send them to stderr.
-+ [Harald T. Alvestrand]
-+
-+ *) Fixed core dump when DocumentRoot is a CGI.
-+ [Ben Laurie, reported by <geddis tesserae.com>]
-+
-+ *) Fixed potential file descriptor leak in mod_asis; updated it and
-+ http_core to use pfopen/pfclose instead of fopen/fclose.
-+ [Randy Terbush and Roy Fielding]
-+
-+ *) Fixed handling of unsigned ints in ap_snprintf() on some chips such
-+ as the DEC Alpha which is 64-bit but uses 32-bit ints.
-+ [Dean Gaudet and Ken Coar]
-+
-+ *) Return a 302 response code to the client when sending a redirect
-+ due to a missing trailing '/' on a directory instead of a 301; now
-+ it is cacheable. [Markus Gyger]
-+
-+ *) Fix condition where, if a bad directive occurs in .htaccess, and
-+ sub_request() goes first to this directory, then log_reason() will
-+ SIGSEGV because it doesn't have initialized r->per_dir_config.
-+ [PR#162 from Petr Lampa, fix by Marc Slemko and Dean Gaudet]
-+
-+ *) Fix handling of lang_index in is_variant_better(). This was
-+ causing problems which resulted in the server sending the
-+ wrong language document in some cases. [Petr Lampa]
-+
-+ *) Remove free() from clean_env() in suexec wrapper. This was nuking
-+ the clean environment on some systems.
-+
-+ *) Tweak byteserving code (e.g. serving PDF files) to work around
-+ bugs in Netscape Navigator and Microsoft Internet Explorer.
-+ Emit Content-Length header when sending multipart/byteranges.
-+ [Alexei Kosut]
-+
-+ *) Port to HI-UX/WE2. [Nick Maclaren]
-+
-+ *) Port to HP MPE operating system for HP 3000 machines
-+ [Mark Bixby <markb cccd.edu>]
-+
-+ *) Fixed bug which caused a segmentation fault if only one argument
-+ given to RLimit* directives. [Ed Korthof]
-+
-+ *) Continue persistent connection after 204 or 304 response. [Dean Gaudet]
-+
-+ *) Improved buffered output to the client by delaying the flush decision
-+ until the BUFF code is actually about to read the next request.
-+ This fixes a problem introduced in 1.2b5 with clients that send
-+ an extra CRLF after a POST request. Also improved chunked output
-+ performance by combining writes using writev() and removing as
-+ many bflush() calls as possible. NOTE: Platforms without writev()
-+ must add -DNO_WRITEV to the compiler CFLAGS, either in Configuration
-+ or Configure, unless we have already done so. [Dean Gaudet]
-+
-+ *) Fixed mod_rewrite bug which truncated the rewritten URL [Marc Slemko]
-+
-+ *) Fixed mod_info output corruption bug introduced by buffer overflow
-+ fixes. [Dean Gaudet]
-+
-+ *) Fixed http_protocol to correctly output all HTTP/1.1 headers, including
-+ for the special case of a 304 response. [Paul Sutton]
-+
-+ *) Improved handling of TRACE method by bypassing normal method handling
-+ and header parsing routines; fixed Allow response to always allow TRACE.
-+ [Dean Gaudet]
-+
-+ *) Fixed compiler warnings in the regex library. [Dean Gaudet]
-+
-+ *) Cleaned-up some of the generated HTML. [Ken Coar]
-+
-+Changes with Apache 1.2b6
-+
-+ *) Allow whitespace in imagemap mapfile coordinates. [Marc Slemko]
-+
-+ *) Fix typo introduced in fix for potential infinite loop around
-+ accept() in child_main(). This change caused the rev to 1.2b6.
-+ 1.2b5 was never a public beta.
-+
-+Changes with Apache 1.2b5
-+
-+ *) Change KeepAlive semantics (On|Off instead of a number), add
-+ MaxKeepAliveRequests directive. [Alexei Kosut]
-+
-+ *) Various NeXT compilation patches, as well as a change in
-+ regex/regcomp.c since that file also used a NEXT define.
-+ [Andreas Koenig]
-+
-+ *) Allow * to terminate the end of a directory match in mod_dir.
-+ Allows /~* to match for both /~joe and /~joe/. [David Bronder]
-+
-+ *) Don't call can_exec() if suexec_enabled. Calling this requires
-+ scripts executed by the suexec wrapper to be world executable, which
-+ defeats one of the advantages of running the wrapper. [Randy Terbush]
-+
-+ *) Portability Fix: IRIX complained with 'make clean' about *pure* (removed)
-+ [Jim Jagielski]
-+
-+ *) Migration from sprintf() to snprintf() to avoid buffer
-+ overflows. [Marc Slemko]
-+
-+ *) Provide portable snprintf() implementation (ap_snprintf)
-+ as well as *cvt family. [Jim Jagielski]
-+
-+ *) Portability Fix: NeXT lacks unistd.h so we wrap it's inclusion
-+ [Jim Jagielski]
-+
-+ *) Remove mod_fastcgi.c from the distribution. This module appears
-+ to be maintained more through the Open Market channels and should
-+ continue to be easily available at http://www.fastcgi.com/
-+
-+ *) Fixed bug in modules/Makefile that wouldn't allow building in more
-+ than one subdirectory (or cleaning, either). [Jeremy Laidman]
-+
-+ *) mod_info assumed that the config files were relative to ServerRoot.
-+ [Ken the Rodent]
-+
-+ *) CGI scripts called as an error document resulting from failed
-+ CGI execution would hang waiting for POST'ed data. [Rob Hartill]
-+
-+ *) Log reason when mod_dir returns access HTTP_FORBIDDEN
-+ [Ken the Rodent]
-+
-+ *) Properly check errno to prevent display of a directory index
-+ when server receives a long enough URL to confuse stat().
-+ [Marc Slemko]
-+
-+ *) Several security enhancements to suexec wrapper. It is _highly_
-+ recommended that previously installed versions of the wrapper
-+ be replaced with this version. [Randy Terbush, Jason Dour]
-+
-+ - ~user execution now properly restricted to ~user's home
-+ directory and below.
-+ - execution restricted to UID/GID > 100
-+ - restrict passed environment to known variables
-+ - call setgid() before initgroups() (portability fix)
-+ - remove use of setenv() (portability fix)
-+
-+ *) Add HTTP/1.0 response forcing. [Ben Laurie]
-+
-+ *) Add access control via environment variables. [Ben Laurie]
-+
-+ *) Add rflush() function. [Alexei Kosut]
-+
-+ *) remove duplicate pcalloc() call in new_connection().
-+
-+ *) Fix incorrect comparison which could allow number of children =
-+ MaxClients + 1 if less than HARD_SERVER_LIMIT. Also fix potential
-+ problem if StartServers > HARD_SERVER_LIMIT. [Ed Korthof]
-+
-+ *) Updated support for OSes (MachTen, ULTRIX, Paragon, ISC, OpenBSD
-+ AIX PS/2, CONVEXOS. [Jim Jagielski]
-+
-+ *) Replace instances of inet_ntoa() with inet_addr() for ProxyBlock.
-+ It's more portable. [Martin Kraemer]
-+
-+ *) Replace references to make in Makefile.tmpl with $(MAKE).
-+ [Chuck Murcko]
-+
-+ *) Add ProxyBlock directive w/IP address caching. Add IP address
-+ caching to NoCache directive as well. ProxyBlock works with all
-+ handlers; NoCache now also works with FTP for anonymous logins.
-+ Still more code cleanup. [Chuck Murcko]
-+
-+ *) Add "header parse" API hook [Ben Laurie]
-+
-+ *) Fix byte ordering problems for REMOTE_PORT [Chuck Murcko]
-+
-+ *) suEXEC wrapper was freeing memory that had not been malloc'ed.
-+
-+ *) Correctly allow access and auth directives in <Files> sections in
-+ server config files. [Alexei Kosut]
-+
-+ *) Fix bug with ServerPath that could cause certain files to be not
-+ found by the server. [Alexei Kosut]
-+
-+ *) Fix handling of ErrorDocument so that it doesn't remove a trailing
-+ double-quote from text and so that it properly checks for unsupported
-+ status codes using the new index_of_response interface. [Roy Fielding]
-+
-+ *) Multiple fixes to the lingering_close code in order to avoid being
-+ interrupted by a stray timeout, to avoid lingering on a connection
-+ that has already been aborted or never really existed, to ensure that
-+ we stop lingering as soon as any error condition is received, and to
-+ prevent being stuck indefinitely if the read blocks. Also improves
-+ reporting of error conditions. [Marc Slemko and Roy Fielding]
-+
-+ *) Fixed initialization of parameter structure for sigaction.
-+ [<mgyger itr.ch>, Adrian Filipi-Martin]
-+
-+ *) Fixed reinitializing the parameters before each call to accept and
-+ select, and removed potential for infinite loop in accept.
-+ [Roy Fielding, after useful PR from <adrian virginia.edu>]
-+
-+ *) Fixed condition where, if a child fails to fork, the scoreboard would
-+ continue to say SERVER_STARTING forever. Eventually, the main process
-+ would refuse to start new children because count_idle_servers() will
-+ count those SERVER_STARTING entries and will always report that there
-+ are enough idle servers. [Phillip Vandry]
-+
-+ *) Fixed bug in bcwrite regarding failure to account for partial writes.
-+ Avoided calling bflush() when the client is pipelining requests.
-+ Removed unnecessary flushes from http_protocol. [Dean Gaudet]
-+
-+ *) Added description of "." mode in server-status [Jim Jagielski]
-+
-+Changes with Apache 1.2b4
-+
-+ *) Fix possible race condition in accept_mutex_init() that
-+ could leave a small security hole open allowing files to be
-+ overwritten in cases where the server UID has write permissions.
-+ [Marc Slemko]
-+
-+ *) Fix awk compatibilty problem in Configure. [Jim Jagielski]
-+
-+ *) Fix portablity problem in util_script where ARG_MAX may not be
-+ defined for some systems.
-+
-+ *) Add changes to allow compilation on Machten 4.0.3 for PowerPC.
-+ [Randal Schwartz]
-+
-+ *) OS/2 changes to support an MMAP style scoreboard file and UNIX
-+ style magic #! token for better script portability. [Garey Smiley]
-+
-+ *) Fix bug in suexec wrapper introduced in b3 that would cause failed
-+ execution for ~userdir CGI. [Jason Dour]
-+
-+ *) Fix initgroups() business in suexec wrapper. [Jason Dour]
-+
-+ *) Fix month off by one in suexec wrapper logging.
-+
-+Changes with Apache 1.2b3:
-+
-+ *) Fix error in mod_cgi which could cause resources not to be properly
-+ freed, or worse. [Dean Gaudet]
-+
-+ *) Fix find_string() NULL pointer dereference. [Howard Fear]
-+
-+ *) Add set_flag_slot() at the request of Dirk and others.
-+ [Dirk vanGulik]
-+
-+ *) Sync mod_rewrite with patch level 10. [Ralf Engelschall]
-+
-+ *) Add changes to improve the error message given for invalid
-+ ServerName parameters. [Dirk vanGulik]
-+
-+ *) Add "Authoritative" directive for Auth modules that don't
-+ currently have it. This gives admin control to assign authoritative
-+ control to an authentication scheme and allow "fall through" for
-+ those authentication modules that aren't "Authoritative" thereby
-+ allowing multiple authentication mechanisms to be chained.
-+ [Dirk vanGulik]
-+
-+ *) Remove requirement for ResourceConfig/AccessConfig if not using
-+ the three config file layout. [Randy Terbush]
-+
-+ *) Add PASV mode to mod_proxy FTP handler. [Chuck Murcko]
-+
-+ *) Changes to suexec wrapper to fix the following problems:
-+ 1. symlinked homedirs will kill ~userdirs.
-+ 2. initgroups() on Linux 2.0.x clobbers gr->grid.
-+ 3. CGI command lines paramters problems
-+ 4. pw-pwdir for "docroot check" still the httpd user's pw record.
-+ [Randy Terbush, Jason Dour]
-+
-+ *) Change create_argv() to accept variable arguments. This fixes
-+ a problem where arguments were not getting passed to the CGI via
-+ argv[] when the suexec wrapper was active. [Randy Terbush, Jake Buchholz]
-+
-+ *) Collapse multiple slashes in path URLs to properly apply
-+ handlers defined by <Location>. [Alexei Kosut]
-+
-+ *) Define a sane set of DEFAULT_USER and DEFAULT_GROUP values for AIX.
-+
-+ *) Improve the accuracy of request duration timings by setting
-+ r->request_time in read_request_line() instead of read_request().
-+ [Dean Gaudet]
-+
-+ *) Reset timeout while reading via get_client_block() in mod_cgi.c
-+ Fixes problem with timed out transfers of large files. [Rasmus Lerdorf]
-+
-+ *) Add the ability to pass different Makefile.tmpl files to Configure
-+ using the -make flag. [Rob Hartill]
-+
-+ *) Fix coredump triggered when sending a SIGHUP to the server caused
-+ by an assertion failure, in turn caused by an uninitialised field in a
-+ listen_rec.
-+ [Ben Laurie]
-+
-+ *) Add FILEPATH_INFO variable to CGI environment, which is equal to
-+ PATH_INFO from previous versions of Apache (in certain situations,
-+ Apache 1.2's PATH_INFO will be different than 1.1's). [Alexei Kosut]
-+ [later removed in 1.2b11]
-+
-+ *) Add rwrite() function to API to allow for sending strings of
-+ arbitrary length. [Doug MacEachern]
-+
-+ *) Remove rlim_t typedef for NetBSD. Do older versions need this?
-+
-+ *) Defined rlim_t and WANTHSREGEX=yes and fixed waitpid() substitute for
-+ NeXT. [Jim Jagielski]
-+
-+ *) Removed recent modification to promote the status code on internal
-+ redirects, since the correct fix was to change the default log format
-+ in mod_log_config so that it outputs the original status. [Rob Hartill]
-+
-+Changes with Apache 1.2b2:
-+
-+ *) Update set_signals() to use sigaction() for setting handlers.
-+ This appears to fix a re-entrant problem in the seg_fault()
-+ bus_error() handlers. [Randy Terbush]
-+
-+ *) Changes to allow mod_status compile for OS/2 [Garey Smiley]
-+
-+ *) changes for DEC AXP running OSF/1 v3.0. [Marc Evans]
-+
-+ *) proxy_http.c bugfixes: [Chuck Murcko]
-+ 1) fixes possible NULL pointer reference w/NoCache
-+ 2) fixes NoCache behavior when using ProxyRemote (ProxyRemote
-+ host would cache nothing if it was in the local domain,
-+ and the local domain was in the NoCache list)
-+ 3) Adds Host: header when not available
-+ 4) Some code cleanup and clarification
-+
-+ *) mod_include.c bugfixes:
-+ 1) Fixed an ommission that caused include variables to not
-+ be parsed in config errmsg directives [Howard Fear]
-+ 2) Remove HAVE_POSIX_REGEX cruft [Alexei Kosut]
-+ 3) Patch to fix compiler warnings [<perrot lal.in2p3.fr>]
-+ 4) Allow backslash-escaping to all quoted text
-+ [Ben Yoshino <ben wiliki.eng.hawaii.edu>]
-+ 5) Pass variable to command line if not set in XSSI's env
-+ [Howard Fear]
-+
-+ *) Fix infinite loop when processing Content-language lines in
-+ type-map files. [Alexei Kosut]
-+
-+ *) Closed file-globbing hole in test-cgi script. [Brian Behlendorf]
-+
-+ *) Fixed problem in set_[user|group] that prevented CGI execution
-+ for non-virtualhosts when suEXEC was enabled. [Randy Terbush]
-+
-+ *) Added PORTING information file. [Jim Jagielski]
-+
-+ *) Added definitions for S_IWGRP and S_IWOTH to conf.h [Ben Laurie]
-+
-+ *) Changed default group to "nogroup" instead of "nobody" [Randy Terbush]
-+
-+ *) Fixed define typo of FCNTL_SERIALIZED_ACCEPT where
-+ USE_FCNTL_SERIALIZED_ACCEPT was intended.
-+
-+ *) Fixed additional uses of 0xffffffff where INADDR_NONE was intended,
-+ which caused problems of systems where socket s_addr is >32bits.
-+
-+ *) Added comment to explain (r->chunked = 1) side-effect in
-+ http_protocol.c [Roy Fielding]
-+
-+ *) Replaced use of index() in mod_expires.c with more appropriate
-+ and portable isdigit() test. [Ben Laurie]
-+
-+ *) Updated Configure for ...
-+ OS/2 (DEF_WANTHSREGEX=yes, other code changes)
-+ *-dg-dgux* (bad pattern match)
-+ QNX (DEF_WANTHSREGEX=yes)
-+ *-sunos4* (DEF_WANTHSREGEX=yes, -DUSEBCOPY)
-+ *-ultrix (new)
-+ *-unixware211 (new)
-+ and added some user diagnostic info. [Ben Laurie]
-+
-+ *) In helpers/CutRule, replaced "cut" invocation with "awk" invocation
-+ for better portability. [Jim Jagielski]
-+
-+ *) Updated helpers/GuessOS for ...
-+ SCO 5 (recognize minor releases)
-+ SCO UnixWare (braindamaged uname, whatever-whatever-unixware2)
-+ SCO UnixWare 2.1.1 (requires a separate set of #defines in conf.h)
-+ IRIX64 (-sgi-irix64)
-+ ULTRIX (-unknown-ultrix)
-+ SINIX (-whatever-sysv4)
-+ NCR Unix (-ncr-sysv4)
-+ and fixed something in helpers/PrintPath [Ben Laurie]
-+
-+Changes with Apache 1.2b1
-+
-+ *) Not listed. See <http://www.apache.org/docs/new_features_1_2.html>
-+
-+Changes with Apache 1.1.1
-+
-+ *) Fixed bug where Cookie module would make two entries in the
-+ logfile for each access [Mark Cox]
-+
-+ *) Fixed bug where Redirect in .htaccess files would cause memory
-+ leak. [Nathan Neulinger]
-+
-+ *) MultiViews now works correctly with AddHandler [Alexei Kosut]
-+
-+ *) Problems with mod_auth_msql fixed [Dirk vanGulik]
-+
-+ *) Fix misspelling of "Anonymous_Authorative" directive in mod_auth_anon.
-+
-+Changes with Apache 1.1.0
-+
-+ *) Bring NeXT support up to date. [Takaaki Matsumoto]
-+
-+ *) Bring QNX support up to date. [Ben Laurie]
-+
-+ *) Make virtual hosts default to main server keepalive parameters.
-+ [Alexei Kosut, Ben Laurie]
-+
-+ *) Allow ScanHTMLTitles to work with lowercase <title> tags. [Alexei Kosut]
-+
-+ *) Fix missing address family for connect, also remove unreachable statement
-+ in mod_proxy. [Ben Laurie]
-+
-+ *) mod_env now turned on by default in Configuration.tmpl.
-+
-+ *) Bugs which were fixed:
-+ a) yet more mod_proxy bugs [Ben Laurie]
-+ b) CGI works again with inetd [Alexei Kosut]
-+ c) Leading colons were stripped from passwords [<osm interguide.com>]
-+ d) Another fix to multi-method Limit problem [<jk tools.de>]
-+
-+Changes with Apache 1.1b4
-+
-+ *) r->bytes_sent variable restored. [Robert Thau]
-+
-+ *) Previously broken multi-method <Limit> parsing fixed. [Robert Thau]
-+
-+ *) More possibly unsecure programs removed from the support directory.
-+
-+ *) More mod_auth_msql authentication improvements.
-+
-+ *) VirtualHosts based on Host: headers no longer conflict with the
-+ Listen directive.
-+
-+ *) OS/2 compatibility enhancements. [Gary Smiley]
-+
-+ *) POST now allowed to directory index CGI scripts.
-+
-+ *) Actions now work with files of the default type.
-+
-+ *) Bugs which were fixed:
-+ a) more mod_proxy bugs
-+ b) early termination of inetd requests
-+ c) compile warnings on several systems
-+ d) problems when scripts stop reading output early
-+
-+Changes with Apache 1.1b3
-+
-+ *) Much of cgi-bin and all of cgi-src has been removed, due to
-+ various security holes found and that we could no longer support
-+ them.
-+
-+ *) The "Set-Cookie" header is now special-cased to not merge multiple
-+ instances, since certain popular browsers can not handle multiple
-+ Set-Cookie instructions in a single header. [Paul Sutton]
-+
-+ *) rprintf() added to buffer code, occurrences of sprintf removed.
-+ [Ben Laurie]
-+
-+ *) CONNECT method for proxy module, which means tunneling SSL should work.
-+ (No crypto needed) Also a NoCache config directive.
-+
-+ *) Several API additions: pstrndup(), table_unset() and get_token()
-+ functions now available to modules.
-+
-+ *) mod_imap fixups, in particular Location: headers are now complete
-+ URL's.
-+
-+ *) New "info" module which reports on installed module set through a
-+ special URL, a la mod_status.
-+
-+ *) "ServerPath" directive added - allows for graceful transition
-+ for Host:-header-based virtual hosts.
-+
-+ *) Anonymous authentication module improvements.
-+
-+ *) MSQL authentication module improvements.
-+
-+ *) Status module design improved - output now table-based. [Ben Laurie]
-+
-+ *) htdigest utility included for use with digest authentication
-+ module.
-+
-+ *) mod_negotiation: Accept values with wildcards to be treated with
-+ less priority than those without wildcards at the same quality
-+ value. [Alexei Kosut]
-+
-+ *) Bugs which were fixed:
-+ a) numerous mod_proxy bugs
-+ b) CGI early-termination bug [Ben Laurie]
-+ c) Keepalives not working with virtual hosts
-+ d) RefererIgnore problems
-+ e) closing fd's twice in mod_include (causing core dumps on
-+ Linux and elsewhere).
-+
-+Changes with Apache 1.1b2
-+
-+ *) Bugfixes:
-+ a) core dumps in mod_digest
-+ b) truncated hostnames/ip address in the logs
-+ c) relative URL's in mod_imap map files
-+
-+Changes with Apache 1.1b1
-+
-+ *) Not listed. See <http://www.apache.org/docs/new_features_1_1.html>
-+
-+Changes with Apache 1.0.3
-+
-+ *) Internal redirects which occur in mod_dir.c now preserve the
-+ query portion of a request (the bit after the question mark).
-+ [Adam Sussman]
-+
-+ *) Escape active characters '<', '>' and '&' in html output in
-+ directory listings, error messages and redirection links.
-+ [David Robinson]
-+
-+ *) Apache will now work with LynxOS 2.3 and later [Steven Watt]
-+
-+ *) Fix for POSIX compliance in waiting for processes in alloc.c.
-+ [Nick Williams]
-+
-+ *) setsockopt no longer takes a const declared argument [Martijn Koster]
-+
-+ *) Reset timeout timer after each successful fwrite() to the network.
-+ This patch adds a reset_timeout() procedure that is called by
-+ send_fd() to reset the timeout ever time data is written to the net.
-+ [Nathan Schrenk]
-+
-+ *) timeout() signal handler now checks for SIGPIPE and reports
-+ lost connections in a more user friendly way. [Rob Hartill]
-+
-+ *) Location of the "scoreboard" file which used to live in /tmp is
-+ now configurable (for OSes that can't use mmap) via ScoreBoardFile
-+ which works similar to PidFile (in httpd.conf) [Rob Hartill]
-+
-+ *) Include sys/resource.h in the correct place for SunOS4 [Sameer Parekh]
-+
-+ *) the pstrcat call in mod_cookies.c didn't have an ending NULL,
-+ which caused a SEGV with cookies enabled
-+
-+ *) Output warning when MinSpareServers is set to <= 0 and change it to 1
-+ [Rob Hartill]
-+
-+ *) Log the UNIX textual error returned by some system calls, in
-+ particular errors from accept() [David Robinson]
-+
-+ *) Add strerror function to util.c for SunOS4 [Randy Terbush]
-+
-+Changes with Apache 1.0.2
-+
-+ *) patch to get Apache compiled on UnixWare 2.x, recommended as
-+ a temporary measure, pending rewrite of rfc931.c. [Chuck Murcko]
-+
-+ *) Fix get_basic_auth_pw() to set the auth_type of the request.
-+ [David Robinson]
-+
-+ *) past changes to http_config.c to only use the
-+ setrlimit function on systems defining RLIMIT_NOFILE
-+ broke the feature on SUNOS4. Now defines HAVE_RESOURCE
-+ for SUNOS and prototypes the needed functions.
-+
-+ *) Remove uses of MAX_STRING_LEN/HUGE_STRING_LEN from several routines.
-+ [David Robinson]
-+
-+ *) Fix use of pointer to scratch memory. [Cliff Skolnick]
-+
-+ *) Merge multiple headers from CGI scripts instead of taking last
-+ one. [David Robinson]
-+
-+ *) Add support for SCO 5. [Ben Laurie]
-+
-+Changes with Apache 1.0.1
-+
-+ *) Silence mod_log_referer and mod_log_agent if not configured
-+ [Randy Terbush]
-+
-+ *) Recursive includes can occur if the client supplies PATH_INFO data
-+ and the server provider uses relative links; as file.html
-+ relative to /doc.shtml/pathinfo is /doc.shtml/file.html. [David Robinson]
-+
-+ *) The replacement for initgroups() did not call {set,end}grent(). This
-+ had two implications: if anything else used getgrent(), then
-+ initgroups() would fail, and it was consuming a file descriptor.
-+ [Ben Laurie]
-+
-+ *) On heavily loaded servers it was possible for the scoreboard to get
-+ out of sync with reality, as a result of a race condition.
-+ The observed symptoms are far more Apaches running than should
-+ be, and heavy system loads, generally followed by catastrophic
-+ system failure. [Ben Laurie]
-+
-+ *) Fix typo in license. [David Robinson]
-+
-+Changes with Apache 1.0.0 23 Nov 1995
-+
-+ *) Not listed. See <http://www.apache.org/docs/new_features_1_0.html>
-+
-+Changes with Apache 0.8.16 05 Nov 1995
-+
-+ *) New man page for 'httpd' added to support directory [David Robinson]
-+
-+ *) .htgroup files can have more than one line giving members for a
-+ given group (each must have the group name in front), for NCSA
-+ back-compatibility [Robert Thau]
-+
-+ *) Mutual exclusion around accept() is on by default for SVR4 systems
-+ generally, since they generally can't handle multiple processes in
-+ accept() on the same socket. This should cure flaky behavior on
-+ a lot of those systems. [David Robinson]
-+
-+ *) AddType, AddEncoding, and AddLanguage directives take multiple
-+ extensions on a single command line [David Robinson]
-+
-+ *) UserDir can be disabled for a given virtual host by saying
-+ "UserDir disabled" in the <VirtualHost> section --- it was a bug
-+ that this didn't work. [David Robinson]
-+
-+ *) Compiles on QNX [Ben Laurie]
-+
-+ *) Corrected parsing of ctime time format [David Robinson]
-+
-+ *) httpd does a perror() before exiting if it can't log its pid
-+ to the PidFile, to make diagnosing the error a bit easier.
-+ [David Robinson]
-+
-+ *) <!--#include file="..."--> can no longer include files in the
-+ parent directory, for NCSA back-compatibility. [David Robinson]
-+
-+ *) '~' is *not* escaped in URIs generated for directory listings
-+ [Roy Fielding]
-+
-+ *) Eliminated compiler warning in the imagemap module [Randy Terbush]
-+
-+ *) Fixed bug involving handling URIs with escaped %-characters
-+ in redirects [David Robinson]
-+
-+Changes with Apache 0.8.15 14 Oct 1995
-+
-+ *) Switched to new, simpler license
-+
-+ *) Eliminated core dumps with improperly formatted DBM group files [Mark Cox]
-+
-+ *) Don't allow requests for ordinary files to have PATH_INFO [Ben Laurie]
-+
-+ *) Reject paths containing %-escaped '%' or null characters [David Robinson]
-+
-+ *) Correctly handles internal redirects to files with names containing '%'
-+ [David Robinson]
-+
-+ *) Repunctuated some error messages [Aram Mirzadeh, Andrew Wilson]
-+
-+ *) Use geteuid() rather than getuid() to see if we have root privilege,
-+ so that server correctly resets privilege if run setuid root. [Andrew
-+ Wilson]
-+
-+ *) Handle ftp: and telnet: URLs correctly in imagemaps (built-in module)
-+ [Randy Terbush]
-+
-+ *) Fix relative URLs in imagemap files [Randy Terbush]
-+
-+ *) Somewhat better fix for the old "Alias /foo/ /bar/" business
-+ [David Robinson]
-+
-+ *) Don't repeatedly open the ErrorLog if a bunch of <VirtualHost>
-+ entries all name the same one. [David Robinson]
-+
-+ *) Fix directory listings with filenames containing unusual characters
-+ [David Robinson]
-+
-+ *) Better URI-escaping for generated URIs in directories with filenames
-+ containing unusual characters [Ben Laurie]
-+
-+ *) Fixed potential FILE* leak in http_main.c [Ben Laurie]
-+
-+ *) Unblock alarms on error return from spawn_child() [David Robinson]
-+
-+ *) Sample Config files have extra note for SCO users [Ben Laurie]
-+
-+ *) Configuration has note for HP-UX users [Rob Hartill]
-+
-+ *) Eliminated some bogus Linux-only #defines in conf.h [Aram Mirzadeh]
-+
-+ *) Nuked bogus #define in httpd.h [David Robinson]
-+
-+ *) Better test for whether a system has setrlimit() [David Robinson]
-+
-+ *) Calls update_child_status() after reopen_scoreboard() [David Robinson]
-+
-+ *) Doesn't send itself SIGHUP on startup when run in the -X debug-only mode
-+ [Ben Laurie]
-+
-+Changes with Apache 0.8.14 19 Sep 1995
-+
-+ *) Compiles on SCO ODT 3.0 [Ben Laurie]
-+
-+ *) AddDescription works (better) [Ben Laurie]
-+
-+ *) Leaves an intelligible error diagnostic when it can't set group
-+ privileges on standalone startup [Andrew Wilson]
-+
-+ *) Compiles on NeXT again --- the 0.8.13 RLIMIT patch was failing on
-+ that machine, which claims to be BSD but does not support RLIMIT.
-+ [Randy Terbush]
-+
-+ *) gcc -Wall no longer complains about an unused variable when util.c
-+ is compiled with -DMINIMAL_DNS [Andrew Wilson]
-+
-+ *) Nuked another compiler warning for -Wall on Linux [Aram Mirzadeh]
-+
-+Changes with Apache 0.8.13 07 Sep 1995
-+
-+ *) Make IndexIgnore *work* (ooops) [Jarkko Torppa]
-+
-+ *) Have built-in imagemap code recognize & honor Point directive [James
-+ Cloos]
-+
-+ *) Generate cleaner directory listings in directories with a mix of
-+ long and short filenames [Rob Hartill]
-+
-+ *) Properly initialize dynamically loaded modules [Royston Shufflebotham]
-+
-+ *) Properly default ServerName for virtual servers [Robert Thau]
-+
-+ *) Rationalize handling of BSD in conf.h and elsewhere [Randy Terbush,
-+ Paul Richards and a cast of thousands...]
-+
-+ *) On self-identified BSD systems (we don't try to guess any more),
-+ allocate a few extra file descriptors per virtual host with setrlimit,
-+ if we can, to avoid running out. [Randy Terbush]
-+
-+ *) Write 22-character lock file name into buffer with enough space
-+ on startup [Konstantin Olchanski]
-+
-+ *) Use archaic setpgrp() interface on NeXT, which requires it [Brian
-+ Pinkerton]
-+
-+ *) Suppress -Wall warning by casting const away in util.c [Aram Mirzadeh]
-+
-+ *) Suppress -Wall warning by initializing variable in negotiation code
-+ [Tobias Weingartner]
-+
-+Changes with Apache 0.8.12 31 Aug 1995
-+
-+ *) Doesn't pause three seconds after including a CGI script which is
-+ too slow to die off (this is done by not even trying to kill off
-+ subprocesses, including the SIGTERM/pause/SIGKILL routine, until
-+ after the entire document has been processed). [Robert Thau]
-+
-+ *) Doesn't do SSI if Options Includes is off. (Ooops). [David Robinson]
-+
-+ *) Options IncludesNoExec allows inclusion of at least text/* [Roy Fielding]
-+
-+ *) Allows .htaccess files to override <Directory> sections naming the
-+ same directory [David Robinson]
-+
-+ *) Removed an efficiency hack in sub_req_lookup_uri which was
-+ causing certain extremely marginal cases (e.g., ScriptAlias of a
-+ *particular* index.html file) to fail. [David Robinson]
-+
-+ *) Doesn't log an error when the requested URI requires
-+ authentication, but no auth header line was supplied by the
-+ client; this is a normal condition (the client doesn't no auth is
-+ needed here yet). [Robert Thau]
-+
-+ *) Behaves more sanely when the name server loses its mind [Sean Welch]
-+
-+ *) RFC931 code compiles cleanly on old BSDI releases [Randy Terbush]
-+
-+ *) RFC931 code no longer passes out name of prior clients on current
-+ requests if the current request came from a server that doesn't
-+ do RFC931. [David Robinson]
-+
-+ *) Configuration script accepts "Module" lines with trailing whitespace.
-+ [Robert Thau]
-+
-+ *) Cleaned up compiler warning from mod_access.c [Robert Thau]
-+
-+ *) Cleaned up comments in mod_cgi.c [Robert Thau]
-+
-+Changes with Apache 0.8.11 24 Aug 1995
-+
-+ *) Wildcard <Directory> specifications work. [Robert Thau]
-+
-+ *) Doesn't loop for buggy CGI on Solaris [Cliff Skolnick]
-+
-+ *) Symlink checks (FollowSymLinks off, or SymLinkIfOwnerMatch) always check
-+ the file being requested itself, in addition to the directories leading
-+ up to it. [Robert Thau]
-+
-+ *) Logs access failures due to symlink checks or invalid client address
-+ in the error log [Roy Fielding, Robert Thau]
-+
-+ *) Symlink checks deal correctly with systems where lstat of
-+ "/path/to/some/link/" follows the link. [Thau, Fielding]
-+
-+ *) Doesn't reset DirectoryIndex to 'index.html' when
-+ other directory options are set in a .htaccess file. [Robert Thau]
-+
-+ *) Clarified init code and nuked bogus warning in mod_access.c
-+ [Florent Guillaume]
-+
-+ *) Corrected several directives in sample srm.conf
-+ --- includes corrections to directory indexing icon-related directives
-+ (using unknown.gif rather than unknown.xbm as the DefaultIcon, doing
-+ icons for encodings right, and turning on AddEncoding by default).
-+ [Roy Fielding]
-+
-+ *) Corrected descriptions of args to AddIcon and AddAlt in command table
-+ [James Cloos]
-+
-+ *) INSTALL & README mention "contributed modules" directory [Brian
-+ Behlendorf]
-+
-+ *) Fixed English in the license language... "for for" --> "for".
-+ [Roy Fielding]
-+
-+ *) Fixed ScriptAlias/Alias interaction by moving ScriptAlias handling to
-+ mod_alias.c, merging it almost completely with handling of Alias, and
-+ adding a 'notes' field to the request_rec which allows the CGI module
-+ to discover whether the Alias module has put this request through
-+ ScriptAlias (which it needs to know for back-compatibility, as the old
-+ NCSA code did not check Options ExecCGI in ScriptAlias directories).
-+ [Robert Thau]
-+
-+Changes with Apache 0.8.10 18 Aug 1995
-+
-+ *) AllowOverride applies to the named directory, and not just
-+ subdirectories. [David Robinson]
-+
-+ *) Do locking for accept() exclusion (on systems that need it)
-+ using a special file created for the purpose in /usr/tmp, and
-+ not the error log; using the error log causes real problems
-+ if it's NFS-mounted; this is known to be the cause of a whole
-+ lot of "server hang" problems with Solaris. [David Robinson;
-+ thanks to Merten Schumann for help diagnosing the problem].
-+
-+Changes with Apache 0.8.9 12 Aug 1995
-+
-+ *) Compiles with -DMAXIMUM_DNS ---- ooops! [Henrik Mortensen]
-+
-+ *) Nested includes see environment variables of the including document,
-+ for NCSA bug-compatibility (some sites have standard footer includes
-+ which try to print out the last-modified date). [Eric Hagberg/Robert
-+ Thau]
-+
-+ *) <!--exec cgi="/some/uri/here"--> always treats the item named by the
-+ URI as a CGI script, even if it would have been treated as something
-+ else if requested directly, for NCSA back-compatibility. (Note that
-+ this means that people who know the name of the script can see the
-+ code just by asking for it). [Robert Thau]
-+
-+ *) New version of dbmmanage script included in support directory as
-+ dbmmanage.new.
-+
-+ *) Check if scoreboard file couldn't be opened, and say so, rather
-+ then going insane [David Robinson]
-+
-+ *) POST to CGI works on A/UX [Jim Jagielski]
-+
-+ *) AddIcon and AddAlt commands work properly [Rob Hartill]
-+
-+ *) NCSA server push works properly --- the Arena bug compatibility
-+ workaround, which broke it, is gone (use -DARENA_BUG_WORKAROUND
-+ if you still want the workaround). [Rob Hartill]
-+
-+ *) If client didn't submit any Accept-encodings, ignore encodings in
-+ content negotiation. (NB this will all have to be reworked anyway
-+ for the new HTTP draft). [Florent Guillaume]
-+
-+ *) Don't dump core when trying to log timed-out requests [Jim Jagielski]
-+
-+ *) Really honor CacheNegotiatedDocs [Florent Guillaume]
-+
-+ *) Give Redirect priority over Alias, for NCSA bug compatibility
-+ [David Robinson]
-+
-+ *) Correctly set PATH_TRANSLATED in all cases from <!--#exec cmd=""-->,
-+ paralleling earlier bug fix for CGI [David Robinson]
-+
-+ *) If DBM auth is improperly configured, report a server error and don't
-+ dump core.
-+
-+ *) Deleted FCNTL_SERIALIZED_ACCEPTS from conf.h entry for A/UX;
-+ it seems to work well enough without it (even in a 10 hits/sec
-+ workout), and the overhead for the locking under A/UX is
-+ alarmingly high (though it is very low on other systems).
-+ [Eric Hagberg, Jim Jagielski]
-+
-+ *) Fixed portability problems with mod_cookies.c [Cliff Skolnick]
-+
-+ *) Further de-Berklize mod_cookies.c; change the bogus #include. [Brian
-+ Behlendorf/Eric Hagberg]
-+
-+ *) More improvements to default Configuration for A/UX [Jim Jagielski]
-+
-+ *) Compiles clean on NEXT [Rob Hartill]
-+
-+ *) Compiles clean on SGI [Robert Thau]
-+
-+Changes with Apache 0.8.8 08 Aug 1995
-+
-+ *) SunOS library prototypes now never included unless explicitly
-+ requested in the configuration (via -DSUNOS_LIB_PROTOTYPES);
-+ people using GNU libc on SunOS are screwed by prototypes for the
-+ standard library.
-+
-+ (Those who wish to compile clean with gcc -Wall on a standard
-+ SunOS setup need the prototypes, and may obtain them using
-+ -DSUNOS_LIB_PROTOTYPES. Those wishing to use -Wall on a system
-+ with nonstandard libraries are presumably competent to make their
-+ own arrangements).
-+
-+ *) Strips trailing '/' characters off both args to the Alias command,
-+ to make 'Alias /foo/ /bar/' work.
-+
-+Changes with Apache 0.8.7 03 Aug 1995
-+
-+ *) Don't hang when restarting with a child from 'TransferLog "|..."' running
-+ [reported by David Robinson]
-+
-+ *) Compiles clean on OSF/1 [David Robinson]
-+
-+ *) Added some of the more recent significant changes (AddLanguage stuff,
-+ experimental LogFormat support) to CHANGES file in distribution root
-+ directory
-+
-+Changes with Apache 0.8.6 02 Aug 1995
-+
-+ *) Deleted Netscape reload workaround --- it's in violation of HTTP specs.
-+ (If you actually wanted a conditional GET which bypassed the cache, you
-+ couldn't get it). [Reported by Roy Fielding]
-+
-+ *) Properly terminate headers on '304 Not Modified' replies to conditional
-+ GETs --- no browser we can find cares much, but the CERN proxy chokes.
-+ [Reported by Cliff Skolnick; fix discovered independently by Rob Hartill]
-+
-+ *) httpd -v doesn't call itself "Shambhala". [Reported by Chuck Murcko]
-+
-+ *) SunOS lib-function prototypes in conf.h conditionalized on __GNUC__,
-+ not __SUNPRO_C (they're needed to quiet gcc -Wall, but acc chokes on 'em,
-+ and older versions don't set the __SUNPRO_C preprocessor variable). On
-+ all other systems, these are never used anyway. [Reported by Mark Cox].
-+
-+ *) Scoreboard file (/tmp/htstatus.*) no longer publically writable.
-+
-+Changes with Apache 0.8.5 01 Aug 1995
-+
-+ *) Added last-minute configurable log experiment, as optional module
-+
-+ *) Correctly set r->bytes_sent for HTTP/0.9 requests, so they get logged
-+ properly. (One-line fix to http_protocol.c).
-+
-+ *) Work around bogus behavior when reloading from Netscape.
-+ It's Netscape's bug --- for some reason they expect a request with
-+ If-modified-since: to not function as a conditional GET if it also
-+ comes with Pragma: no-cache, which is way out of line with the HTTP
-+ spec (according to Roy Fielding, the redactor).
-+
-+ *) Added parameter to set maximum number of server processes.
-+
-+ *) Added patches to make it work on A/UX. A/UX is *weird*. [Eric Hagberg,
-+ Jim Jagielski]
-+
-+ *) IdentityCheck bugfix [Chuck Murcko].
-+
-+ *) Corrected cgi-src/Makefile entry for new imagemap script. [Alexei Kosut]
-+
-+ *) More sample config file corrections; add extension to AddType for
-+ *.asis, move AddType generic description to its proper place, and
-+ fix miscellaneous typos. [ Alexei Kosut ]
-+
-+ *) Deleted the *other* reference to the regents from the Berkeley
-+ legal disclaimer (everyplace).
-+
-+ *) Nuked Shambhala name from src/README; had already cleaned it out
-+ of everywhere else.
-+
-+Changes with Apache 0.8.4
-+
-+ *) Changes to server-pool management parms --- renamed current
-+ StartServers to MinSpareServers, created separate StartServers
-+ parameter which means what it says, and renamed MaxServers to
-+ MaxSpareServers (though the old name still works, for NCSA 1.4
-+ back-compatibility). The old names were generally regarded as
-+ too confusing. Also altered "docs" in sample config files.
-+
-+ *) More improvements to default config files ---
-+ sample directives (commented out) for XBitHack, BindAddress,
-+ CacheNegotiatedDocs, VirtualHost; decent set of AddLanguage
-+ defaults, AddTypes for send-as-is and imagemap magic types, and
-+ improvements to samples for DirectoryIndex [Alexei Kosut]
-+
-+ *) Yet more improvements to default config files --- changes to
-+ Alexei's sample AddLanguage directives, and sample LanguagePriority
-+ [ Florent Guillaume ]
-+
-+ *) Set config file locations properly if not set in httpd.conf
-+ [ David Robinson ]
-+
-+ *) Don't escape URIs in internal redirects multiple times; don't
-+ do that when translating PATH_INFO to PATH_TRANSLATED either.
-+ [ David Robinson ]
-+
-+ *) Corrected spelling of "Required" in 401 error reports [Andrew Wilson]
-+
-+Changes with Apache 0.8.3
-+
-+ *) Edited distribution README to *briefly* summarize installation
-+ procedures, and give a pointer to the INSTALL file in the src/
-+ directory.
-+
-+ *) Upgraded imagemap script in cgi-bin to 1.8 version from more
-+ recent NCSA distributions.
-+
-+ *) Bug fix to previous bug fix --- if .htaccess file and <Directory>
-+ exist for the same directory, use both and don't segfault. [Reported
-+ by David Robinson]
-+
-+ *) Proper makefile dependencies [David Robinson]
-+
-+ *) Note (re)starts in error log --- reported by Rob Hartill.
-+
-+ *) Only call no2slash() after get_path_info() has been done, to
-+ preserve multiple slashes in the PATH_INFO [NCSA compatibility,
-+ reported by Andrew Wilson, though this one is probably a real bug]
-+
-+ *) Fixed mod_imap.c --- relative paths with base_uri referer don't
-+ dump core when Referer is not supplied. [Randy Terbush]
-+
-+ *) Lightly edited sample config files to refer people to our documentation
-+ instead of NCSA's, and to list Rob McCool as *original* author (also
-+ deleted his old, and no doubt non-functional email address). Would be
-+ nice to have examples of new features...
-+
-+Changes with Apache 0.8.2 19 Jul 1995
-+
-+ *) Added AddLanuage code [Florent Guillaume]
-+
-+ *) Don't say "access forbidden" when a CGI script is not found. [Mark Cox]
-+
-+ *) All sorts of problems when MultiViews finds a directory. It would
-+ be nice if mod_dir.c was robust enough to handle that, but for now,
-+ just punt. [reported by Brian Behlendorf]
-+
-+ *) Wait for all children on restart, to make sure that the old socket
-+ is gone and we can reopen it. [reported by Randy Terbush]
-+
-+ *) Imagemap module is enabled in default Configuration
-+
-+ *) RefererLog and UserAgentLog modules properly default the logfile
-+ [Randy Terbush]
-+
-+ *) Mark Cox's mod_cookies added to the distribution as an optional
-+ module (commented out in the default Configuration, and noted as
-+ an experiment, along with mod_dld). [Mark Cox]
-+
-+ *) Compiles on ULTRIX (a continuing battle...). [Robert Thau]
-+
-+ *) Fixed nasty bug in SIGTERM handling [reported by Randy Terbush]
-+
-+ *) Changed "Shambhala" to "Apache" in API docs. [Robert Thau]
-+
-+ *) Added new, toothier legal disclaimer. [Robert Thau; copied from BSD
-+ license]
-+
-+Changes with Apache 0.8.1
-+
-+ *) New imagemap module [Randy Terbush]
-+
-+ *) Replacement referer log module with NCSA-compatible RefererIgnore
-+ [Matthew Gray again]
-+
-+ *) Don't mung directory listings with very long filenames.
-+ [Florent Guillaume]
-+
-+Changes with Apache 0.8.0 (nee Shambhala 0.6.2) 16 Jul 1995
-+
-+ *) New config script. See INSTALL for info. [Robert Thau]
-+
-+ *) Scoreboard mechanism for regulating the number of extant server
-+ processes. MaxServers and StartServers defaults are the same as
-+ for NCSA, but the meanings are slightly different. (Actually,
-+ I should probably lower the MaxServers default to 10).
-+
-+ Before asking for a new connection, each server process checks
-+ the number of other servers which are also waiting for a
-+ connection. If there are more than MaxServers, it quietly dies
-+ off. Conversely, every second, the root, or caretaker, process
-+ looks to see how many servers are waiting for a new connection;
-+ if there are fewer than StartServers, it starts a new one. This
-+ does not depend on the number of server processes already extant.
-+ The accounting is arranged through a "scoreboard" file, named
-+ /tmp/htstatus.*, on which each process has an independent file
-+ descriptor (they need to seek without interference).
-+
-+ The end effect is that MaxServers is the maximum number of
-+ servers on an *inactive* server machine, but more will be forked
-+ off to handle unusually heavy loads (or unusually slow clients);
-+ these will die off when they are no longer needed --- without
-+ reverting to the overhead of full forking operation. There is a
-+ hard maximum of 150 server processes compiled in, largely to
-+ avoid forking out of control and dragging the machine down.
-+ (This is arguably too high).
-+
-+ In my server endurance tests, this mechanism did not appear to
-+ impose any significant overhead, even after I forced it to put the
-+ scoreboard file on a normal filesystem (which might have more
-+ overhead than tmpfs). [Robert Thau]
-+
-+ *) Set HTTP_FOO variables for SSI <!--#exec cmd-->s, not just CGI scripts.
-+ [Cliff Skolnick]
-+
-+ *) Read .htaccess files even in directory with <Directory> section.
-+ (Former incompatibility noted on mailing list, now fixed). [Robert
-+ Thau]
-+
-+ *) "HEAD /" gives the client a "Bad Request" error message, rather
-+ than trying to send no body *and* no headers. [Cliff Skolnick].
-+
-+ *) Don't produce double error reports for some very obscure cases
-+ mainly involving auth configuration (the "all modules decline to
-+ handle" case which is a sure sign of a server bug in most cases,
-+ but also happens when authentication is badly misconfigured).
-+ [Robert Thau]
-+
-+ *) Moved FCNTL_SERIALIZED_ACCEPT defines into conf.h (that's what
-+ it's *for*, and this sort of thing really shouldn't be cluttering
-+ up the Makefile). [Robert Thau]
-+
-+ *) Incidental code cleanups in http_main.c --- stop dragging
-+ sa_client around; just declare it where used. [Robert Thau]
-+
-+ *) Another acc-related fix. (It doesn't like const char
-+ in some places...). [Mark Cox]
-+
-+Changes with Shambhala 0.6.1 13 Jul 1995
-+
-+ *) Fixed auth_name-related typos in http_core.c [Brian Behlendorf]
-+ Also, fixed auth typo in http_protocol.c unmasked by this fix.
-+
-+ *) Compiles clean with acc on SunOS [Paul Sutton]
-+
-+ *) Reordered modules in modules.c so that Redirect takes priority
-+ over ScriptAlias, for NCSA bug-compatibility [Rob Hartill] ---
-+ believe it or not, he has an actual site with a ScriptAlias and
-+ a Redirect declared for the *exact same directory*. Even *my*
-+ compatibility fetish wouldn't motivate me to fix this if the fix
-+ required any effort, but it doesn't, so what the hey.
-+
-+ *) Fixed to properly default several server_rec fields for virtual
-+ servers from the corresponding fields in the main server_rec.
-+ [Cliff Skolnick --- 'port' was a particular irritant].
-+
-+ *) No longer kills off nph- child processes before they are
-+ finished sending output. [Matthew Gray]
-+
-+Changes with Shambhala 0.6.0 10 Jul 1995
-+
-+ *) Two styles of timeout --- hard and soft. soft_timeout()s just put
-+ the connection to the client in an "aborted" state, but otherwise
-+ allow whatever handlers are running to clean up. hard_timeout()s
-+ abort the request in progress completely; anything not tied to some
-+ resource pool cleanup will leak. They're still around because I
-+ haven't yet come up with a more elegant way of handling
-+ timeouts when talking to something that isn't the client. The
-+ default_handler and the dir_handler now use soft timeouts, largely
-+ so I can test the feature. [Robert Thau]
-+
-+ *) TransferLog "| my_postprocessor ..." seems to be there. Note that
-+ the case of log handlers dying prematurely is probably handled VERY
-+ gracelessly at this point, and if the logger stops reading input,
-+ the server will hang. (It is known to correctly restart the
-+ logging process on server restart; this is (should be!) going through
-+ the same SIGTERM/pause/SIGKILL routine used to ding an errant CGI
-+ script). [Robert Thau]
-+
-+ *) asis files supported (new module). [Robert Thau]
-+
-+ *) IdentityCheck code is compiled in, but has not been tested. (I
-+ don't know anyone who runs identd). [Robert Thau]
-+
-+ *) PATH_INFO and PATH_TRANSLATED are not set unless some real PATH_INFO
-+ came in with the request, for NCSA bug-compatibility. [Robert Thau]
-+
-+ *) Don't leak the DIR * on HEAD request for a directory. [Robert Thau]
-+
-+ *) Deleted the block_alarms() stuff from dbm_auth; no longer necessary,
-+ as timeouts are not in scope. [Robert Thau]
-+
-+ *) quoted-string args in config files now handled correctly (doesn't drop
-+ the last character). [Robert Thau; reported by Randy Terbush]
-+
-+ *) Fixed silly typo in http_main.c which was suddenly fatal in HP-UX.
-+ How the hell did it ever work? [Robert Thau; reported by Rob Hartill]
-+
-+ *) mod_core.c --- default_type returns DEFAULT_TYPE (the compile-time
-+ default default type); the former default default behavior when all
-+ type-checkers defaulted had been a core dump. [Paul Sutton]
-+
-+ *) Copy filenames out of the struct dirent when indexing
-+ directories. (On Linux, readdir() returns a pointer to the same
-+ memory area every time). Fix is in mod_dir.c. [Paul Sutton]
-+
-+Changes with Shambhala 0.5.3 [not released]
-+
-+ *) Default response handler notes "file not found" in the error log,
-+ if the file was not found. [Cliff Skolnick].
-+
-+ *) Another Cliff bug --- "GET /~user" now properly redirects (the userdir
-+ code no longer sets up bogus PATH_INFO which fakes out the directory
-+ handler). [Cliff Skolnick]
-+
-+Changes with Shambhala 0.5.2 06 Jul 1995
-+
-+ *) Changes to http_main.c --- root server no longer plays silly
-+ games with SIGCHLD, and so now detects and replaces dying
-+ children. Child processes just die on SIGTERM, without taking
-+ the whole process group with them. Potential problem --- if any
-+ child process refuses to die, we hang in restart.
-+ MaxRequestsPerChild may still not work, but it certainly works
-+ better than it did before this! [Robert Thau]
-+
-+ *) mod_dir.c bug fixes: ReadmeName and HeaderName
-+ work (or work better, at least); over-long description lines
-+ properly terminated. [Mark Cox]
-+
-+ *) http_request.c now calls unescape_url() more places where it
-+ should [Paul Sutton].
-+
-+ *) More directory handling bugs (reported by Cox)
-+ Parent Directory link is now set correctly. [Robert Thau]
-+
-+Changes with Shambhala 0.5.1 04 Jul 1995
-+
-+ *) Generalized cleanup interface in alloc.c --- any function can be
-+ registered with alloc.c as a cleanup for a resource pool;
-+ tracking of files and file descriptors has been reimplemented in
-+ terms of this interface, so I can give it some sort of a test.
-+ [Robert Thau]
-+
-+ *) More changes in alloc.c --- new cleanup_for_exec() function,
-+ which tracks down and closes all file descriptors which have been
-+ registered with the alloc.c machinery before the server exec()s a
-+ child process for CGI or <!--#exec-->. CGI children now get
-+ started with exactly three file descriptors open. Hopefully,
-+ this cures the problem Rob H. was having with overly persistent
-+ CGI connections. [Robert Thau]
-+
-+ *) Mutual exclusion around the accept() in child_main() --- this is
-+ required on at least SGI, Solaris and Linux, and is #ifdef'ed in
-+ by default on those systems only (-DFCNTL_SERIALIZED_ACCEPT).
-+ This uses fcntl(F_SETLK,...) on the error log descriptor because
-+ flock() on that descriptor won't work on systems which have BSD
-+ flock() semantics, including (I think) Linux 1.3 and Solaris.
-+
-+ This does work on SunOS (when the server is idle, only one
-+ process in the pool is waiting on accept()); it *ought* to work
-+ on the other systems. [Robert Thau]
-+
-+ *) FreeBSD and BSDI portability tweaks [Chuck Murcko]
-+
-+ *) sizeof(*sa_client) bugfix from [Rob Hartill]
-+
-+ *) pstrdup(..., NULL) returns NULL, [Randy Terbush]
-+
-+ *) block_alarms() to avoid leaking the DBM* in dbm auth (this should
-+ be unnecessary if I go to the revised timeout-handling scheme).
-+ [Robert Thau]
-+
-+ *) For NCSA bug-compatibility, set QUERY_STRING env var (to a null
-+ string) even if none came in with the request. [Robert Thau]
-+
-+ *) CHANGES file added to distribution ;-).
-+
-+Changes with Shambhala 0.4.5
-+
-+ *) mod_dld --- early dynamic loading support [rst]
-+ *) Add wildcard content handlers for XBITHACK; default_hander now
-+ invoked with that mechanism (as a handler hanging off mod_core) [rst]
-+ *) XBITHACK supported as a wildcard content-handler, and
-+ configurable at run-time (not just at compile time, as in the
-+ "patchy server" releases) [rst]
-+
-+Changes with Shambhala 0.4.4 30 Jun 1995
-+
-+ *) Fixed basic thinkos in mod_dbm_auth.c [rst, reported by Mark Cox]
-+ *) Handle Addtype x/y .z [rst, reported by Cox]
-+
-+Changes with Shambhala 0.4.3
-+
-+ *) Fixed very dumb bug in mod_alias; "Alias" and "Redirect" are not
-+ synonymous [rst, terbush]
-+
-+Changes with Shambhala 0.4.1 28 Jun 1995
-+
-+ *) First-cut virtual host implementation; some refit in the config
-+ reading code, and log management, was necessary to support this [rst]
-+ *) Sub-pool machinery, originally added to avoid excessive storage
-+ allocation on listings of large directories (which turned out to
-+ be the problem that the 0.3 storage accounting was added to
-+ find). Subrequests and mod_dir changed to use subpools. [rst]
-+ *) More memory debugging --- free list consistency checks. [rst]
-+ *) Added err_headers to request_rec, with support elsewhere [rst]
-+ *) Other fixes to minor bugs in mod_dir and mod_includes [rst, terbush]
-+
-+Changes with Shambhala 0.3 19 Jun 1995
-+
-+ *) Switch ONE_PROCESS to a runtime command-line option (-X)
-+ *) Don't compile in mod_ai_backcompat by default
-+ *) Switch name of server from Apache to Shambhala in Makefile
-+ *) Add some accounting routines to track memory usage in the pools,
-+ for debugging
-+
-+Changes with Shambhala 0.2
-+
-+ *) Set DOCUMENT_ROOT CGI variable
-+ *) Add single-process debugging, as a compile-time option (ONE_PROCESS)
-+ *) Add critical section protection to handling of cleanup structures
-+ in alloc.c [rst]
-+ *) Significant code reorg within the server core to group related
-+ functions together [rst]
-+ *) Correctly handle clients that hang up before sending any request
-+ [rst]
-+ *) Replace dying child processes. [rst]
-+
-+Changes with Shambhala 0.1 12 Jun 1995
-+
-+ Major rewrite of the pre-existing "patchy server" codebase, by
-+ Robert Thau (rst). Significant portions of the server code, such
-+ as configuration-file handling and HTTP authentication support,
-+ were ripped out and rewritten from scratch. Code that was not
-+ completely rewritten was significantly altered.
-+
-+ Major changes with this release include:
-+
-+ *) Introduction of the module API; in request handling, the central
-+ machinery just dispatches to various modules, which actually do
-+ most of the work. Configuration handling is similar --- modules
-+ declare their own commands, and the central machinery just
-+ dispatches to them.
-+
-+ API features from shambhala/0.1 were substantially unchanged in
-+ Apache 1.0 and 1.1. (1.0 API features not yet present in this
-+ release, such as wildcard handlers and subpools, were added in
-+ subsequent Shambhala releases, and were also generally rst's
-+ work).
-+
-+ *) This release included the following modules:
-+
-+ mod_access (access control --- allow and deny directives),
-+ mod_alias (Alias and Redirect commands),
-+ mod_auth (straight HTTP authentication, based on flat-files)
-+ mod_auth_dbm (same, with dbm files)
-+ mod_cgi (CGI scripts and, in this release, ScriptAlias)
-+ mod_common_log (CLF access logs; later renamed mod_log_common)
-+ mod_dir (directory indexing)
-+ mod_include (server-side includes)
-+ mod_mime (AddType directives)
-+ mod_negotiation (content negotiation)
-+ mod_userdir (support for users' public_html directories)
-+
-+ It also included a mod_ai_backcompat, which was a private hack
-+ for back-compatibility with rst's own AI-lab servers.
-+
-+ All of these modules were substantially complete, and functional
-+ or nearly so (a few, which implemented features not in use at
-+ Thau's site, required patches of a few lines).
-+
-+ *) sub-request machinery, to allow modules to determine how other
-+ modules would assign MIME types to a given file, or optionally
-+ serve its content (this is heavily used by mod_dir, mod_include
-+ and mod_negotiation).
-+
-+ *) Resource pool system for keeping track of memory allocated and
-+ files opened in service of a particular request. Much of the
-+ code in the modules (when they weren't rewrites) was adjusted to
-+ replace a pervasive convention of using fixed-size buffers on
-+ the stack with an equally pervasive convention of using memory
-+ allocated with palloc().
-+
-+ *) Reorganization of data structures associated with a given
-+ request to eliminate use of global variables and the troublesome
-+ unmunge_name function (used in NCSA and early Apache releases to
-+ attempt to determine the URI which mapped to a given filename
-+ --- a difficult proposition, given that it is easy to produce
-+ setups in which multiple URIs map to the same file).
-+
-+ *) Source files renamed and rearranged
-+
-+ *) Very simple pre-forking behavior --- parent process forked off a
-+ fixed number of children, and then just waited for SIGHUP.
-+
-+ *) Other more minor changes too numerous to list.
-+
-+ This release included modified versions of a lot of code from the
-+ Apache 0.6.4 public release, plus an early pre-forking patch
-+ codeveloped by Robert Thau and Rob Hartill.
-+
-+Changes with Apache 0.7.3 20 Jun 1995
-+
-+ *) There were a bunch of changes between Apache 0.6.4 and 0.7.3 that
-+ were incorporated by Rob Hartill on the main branch while Robert Thau
-+ worked on the Shambhala rewrite above. Most were merged into the
-+ Shambala architecture after Apache 0.8.0.
-+
-+Changes with Apache 0.6.4 13 May 1995
-+
-+ *) Patches by Rob Hartill, Cliff Skolnick, Randy Terbush, Robert Thau,
-+ and others.
-+
-+Changes with Apache 0.5.1 10 Apr 1995
-+
-+Changes with Apache 0.4 02 Apr 1995
-+
-+ *) Patches by Brian Behlendorf, Andrew Wilson, Robert Thau,
-+ and Rob Hartill.
-+
-+Changes with Apache 0.3 24 Mar 1995
-+
-+ *) Patches by Robert Thau, David Robinson, Rob Hartill, and
-+ Carlos Varela.
-+
-+Changes with Apache 0.2 18 Mar 1995
-+
-+ *) Based on NCSA httpd 1.3 by Rob McCool and patches by CERT,
-+ Roy Fielding, Robert Thau, Nicolas Pioch, David Robinson,
-+ Brian Behlendorf, Rob Hartill, and Cliff Skolnick.
-diff -Naur httpd-2.0.49/CHANGES.rej httpd-2.0.49-gentoo/CHANGES.rej
---- httpd-2.0.49/CHANGES.rej 1970-01-01 00:00:00.000000000 +0000
-+++ httpd-2.0.49-gentoo/CHANGES.rej 2004-05-20 00:52:06.000000000 +0000
-@@ -0,0 +1,18 @@
-+***************
-+*** 2,7 ****
-+
-+ [Remove entries to the current 2.0 section below, when backported]
-+
-+ *) Fix a potential SEGV in the 'shmcb' session cache when session data
-+ size is greater than the size of the cache. PR 27751
-+ [Geoff Thorpe <geoff geoffthorpe.net>]
-+--- 2,10 ----
-+
-+ [Remove entries to the current 2.0 section below, when backported]
-+
-++ *) External rewrite map responses are no longer limited to 2048
-++ bytes. [André Malo]
-++
-+ *) Fix a potential SEGV in the 'shmcb' session cache when session data
-+ size is greater than the size of the cache. PR 27751
-+ [Geoff Thorpe <geoff geoffthorpe.net>]
-diff -Naur httpd-2.0.49/modules/loggers/mod_log_config.c httpd-2.0.49-gentoo/modules/loggers/mod_log_config.c
---- httpd-2.0.49/modules/loggers/mod_log_config.c 2004-03-03 11:07:50.000000000 +0000
-+++ httpd-2.0.49-gentoo/modules/loggers/mod_log_config.c 2004-05-20 21:17:05.979020712 +0000
-@@ -170,8 +170,11 @@
-
- module AP_MODULE_DECLARE_DATA log_config_module;
-
-+#ifndef APR_LARGEFILE
-+#define APR_LARGEFILE 0
-+#endif
-
--static int xfer_flags = (APR_WRITE | APR_APPEND | APR_CREATE);
-+static int xfer_flags = (APR_WRITE | APR_APPEND | APR_CREATE | APR_LARGEFILE);
- static apr_fileperms_t xfer_perms = APR_OS_DEFAULT;
- static apr_hash_t *log_hash;
- static apr_status_t ap_default_log_writer(request_rec *r,
-diff -Naur httpd-2.0.49/server/log.c httpd-2.0.49-gentoo/server/log.c
---- httpd-2.0.49/server/log.c 2004-03-08 23:12:44.000000000 +0000
-+++ httpd-2.0.49-gentoo/server/log.c 2004-05-20 20:11:22.000000000 +0000
-@@ -50,6 +50,10 @@
- #include "util_time.h"
- #include "ap_mpm.h"
-
-+#ifndef APR_LARGEFILE
-+#define APR_LARGEFILE 0
-+#endif
-+
- typedef struct {
- char *t_name;
- int t_val;
-@@ -158,7 +162,7 @@
- return APR_EBADPATH;
- }
- if ((rc = apr_file_open(&stderr_file, filename,
-- APR_APPEND | APR_READ | APR_WRITE | APR_CREATE,
-+ APR_APPEND | APR_WRITE | APR_CREATE | APR_LARGEFILE,
- APR_OS_DEFAULT, p)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_STARTUP, rc, NULL,
- "%s: could not open error log file %s.",
-@@ -271,7 +275,7 @@
- return DONE;
- }
- if ((rc = apr_file_open(&s->error_log, fname,
-- APR_APPEND | APR_READ | APR_WRITE | APR_CREATE,
-+ APR_APPEND | APR_WRITE | APR_CREATE | APR_LARGEFILE,
- APR_OS_DEFAULT, p)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_STARTUP, rc, NULL,
- "%s: could not open error log file %s.",
-diff -Naur httpd-2.0.49/server/protocol.c httpd-2.0.49-gentoo/server/protocol.c
---- httpd-2.0.49/server/protocol.c 2004-03-08 22:54:20.000000000 +0000
-+++ httpd-2.0.49-gentoo/server/protocol.c 2004-05-20 00:47:13.000000000 +0000
-@@ -250,6 +250,15 @@
- /* Would this overrun our buffer? If so, we'll die. */
- if (n < bytes_handled + len) {
- *read = bytes_handled;
-+ if (*s) {
-+ /* ensure this string is terminated */
-+ if (bytes_handled < n) {
-+ (*s)[bytes_handled] = '\0';
-+ }
-+ else {
-+ (*s)[n-1] = '\0';
-+ }
-+ }
- return APR_ENOSPC;
- }
-
-@@ -380,6 +389,8 @@
- /* Do we have enough space? We may be full now. */
- if (bytes_handled >= n) {
- *read = n;
-+ /* ensure this string is terminated */
-+ (*s)[n-1] = '\0';
- return APR_ENOSPC;
- }
- else {
diff --git a/net-www/apache/files/patches/2.0.49-r2/01_gentoo_ipv6.patch b/net-www/apache/files/patches/2.0.49-r2/01_gentoo_ipv6.patch
deleted file mode 100644
index 46f8f85e5fa1..000000000000
--- a/net-www/apache/files/patches/2.0.49-r2/01_gentoo_ipv6.patch
+++ /dev/null
@@ -1,22 +0,0 @@
---- httpd-2.0.49/server/.orig/listen.c 2004-03-24 18:01:40.000000000 -0600
-+++ httpd-2.0.49/server/listen.c 2004-03-24 18:07:30.000000000 -0600
-@@ -74,19 +74,6 @@
- return stat;
- }
-
--#if APR_HAVE_IPV6
-- if (server->bind_addr->family == APR_INET6) {
-- stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting);
-- if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
-- ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p,
-- "make_sock: for address %pI, apr_socket_opt_set: "
-- "(IPV6_V6ONLY)",
-- server->bind_addr);
-- apr_socket_close(s);
-- return stat;
-- }
-- }
--#endif
-
- /*
- * To send data over high bandwidth-delay connections at full
diff --git a/net-www/apache/files/patches/2.0.49-r2/01_ssl_engine_kernel.patch b/net-www/apache/files/patches/2.0.49-r2/01_ssl_engine_kernel.patch
deleted file mode 100644
index 4caf45f2041f..000000000000
--- a/net-www/apache/files/patches/2.0.49-r2/01_ssl_engine_kernel.patch
+++ /dev/null
@@ -1,1842 +0,0 @@
-diff -Naur httpd-2.0.49/modules/ssl/ssl_engine_kernel.c httpd-2.0.49-gentoo/modules/ssl/ssl_engine_kernel.c
---- httpd-2.0.49/modules/ssl/ssl_engine_kernel.c 2004-02-09 20:53:20.000000000 +0000
-+++ httpd-2.0.49-gentoo/modules/ssl/ssl_engine_kernel.c 2004-05-29 09:39:18.605535640 +0000
-@@ -793,7 +793,6 @@
- SSLConnRec *sslconn = myConnConfig(r->connection);
- SSLSrvConfigRec *sc = mySrvConfig(r->server);
- SSLDirConfigRec *dc = myDirConfig(r);
-- char buf1[MAX_STRING_LEN], buf2[MAX_STRING_LEN];
- char *clientdn;
- const char *auth_line, *username, *password;
-
-@@ -872,14 +871,16 @@
- * adding the string "xxj31ZMTZzkVA" as the password in the user file.
- * This is just the crypted variant of the word "password" ;-)
- */
-- apr_snprintf(buf1, sizeof(buf1), "%s:password", clientdn);
-- ssl_util_uuencode(buf2, buf1, FALSE);
--
-- apr_snprintf(buf1, sizeof(buf1), "Basic %s", buf2);
-- apr_table_set(r->headers_in, "Authorization", buf1);
-+ auth_line = apr_pstrcat(r->pool, "Basic ",
-+ ap_pbase64encode(r->pool,
-+ apr_pstrcat(r->pool, clientdn,
-+ ":password", NULL)),
-+ NULL);
-+ apr_table_set(r->headers_in, "Authorization", auth_line);
-
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
-- "Faking HTTP Basic Auth header: \"Authorization: %s\"", buf1);
-+ "Faking HTTP Basic Auth header: \"Authorization: %s\"",
-+ auth_line);
-
- return DECLINED;
- }
-diff -Naur httpd-2.0.49/modules/ssl/ssl_engine_kernel.c.orig httpd-2.0.49-gentoo/modules/ssl/ssl_engine_kernel.c.orig
---- httpd-2.0.49/modules/ssl/ssl_engine_kernel.c.orig 1970-01-01 00:00:00.000000000 +0000
-+++ httpd-2.0.49-gentoo/modules/ssl/ssl_engine_kernel.c.orig 2004-02-09 20:53:20.000000000 +0000
-@@ -0,0 +1,1804 @@
-+/* Copyright 2001-2004 The Apache Software Foundation
-+ *
-+ * Licensed under the Apache License, Version 2.0 (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ *
-+ * http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+
-+/* _ _
-+ * _ __ ___ ___ __| | ___ ___| | mod_ssl
-+ * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
-+ * | | | | | | (_) | (_| | \__ \__ \ |
-+ * |_| |_| |_|\___/ \__,_|___|___/___/_|
-+ * |_____|
-+ * ssl_engine_kernel.c
-+ * The SSL engine kernel
-+ */
-+ /* ``It took me fifteen years to discover
-+ I had no talent for programming, but
-+ I couldn't give it up because by that
-+ time I was too famous.''
-+ -- Unknown */
-+#include "mod_ssl.h"
-+
-+/*
-+ * Post Read Request Handler
-+ */
-+int ssl_hook_ReadReq(request_rec *r)
-+{
-+ SSLConnRec *sslconn = myConnConfig(r->connection);
-+ SSL *ssl;
-+
-+ if (!sslconn) {
-+ return DECLINED;
-+ }
-+
-+ if (sslconn->non_ssl_request) {
-+ const char *errmsg;
-+ char *thisurl;
-+ char *thisport = "";
-+ int port = ap_get_server_port(r);
-+
-+ if (!ap_is_default_port(port, r)) {
-+ thisport = apr_psprintf(r->pool, ":%u", port);
-+ }
-+
-+ thisurl = ap_escape_html(r->pool,
-+ apr_psprintf(r->pool, "https://%s%s/",
-+ ap_get_server_name(r),
-+ thisport));
-+
-+ errmsg = apr_psprintf(r->pool,
-+ "Reason: You're speaking plain HTTP "
-+ "to an SSL-enabled server port.<br />\n"
-+ "Instead use the HTTPS scheme to access "
-+ "this URL, please.<br />\n"
-+ "<blockquote>Hint: "
-+ "<a href=\"%s\"><b>%s</b></a></blockquote>",
-+ thisurl, thisurl);
-+
-+ apr_table_setn(r->notes, "error-notes", errmsg);
-+
-+ /* Now that we have caught this error, forget it. we are done
-+ * with using SSL on this request.
-+ */
-+ sslconn->non_ssl_request = 0;
-+
-+
-+ return HTTP_BAD_REQUEST;
-+ }
-+
-+ /*
-+ * Get the SSL connection structure and perform the
-+ * delayed interlinking from SSL back to request_rec
-+ */
-+ if ((ssl = sslconn->ssl)) {
-+ SSL_set_app_data2(ssl, r);
-+ }
-+
-+ return DECLINED;
-+}
-+
-+/*
-+ * Move SetEnvIf information from request_rec to conn_rec/BUFF
-+ * to allow the close connection handler to use them.
-+ */
-+
-+static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn)
-+{
-+ int i;
-+ const apr_array_header_t *arr = apr_table_elts(r->subprocess_env);
-+ const apr_table_entry_t *elts = (const apr_table_entry_t *)arr->elts;
-+
-+ sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_STANDARD;
-+
-+ for (i = 0; i < arr->nelts; i++) {
-+ const char *key = elts[i].key;
-+
-+ switch (*key) {
-+ case 's':
-+ /* being case-sensitive here.
-+ * and not checking for the -shutdown since these are the only
-+ * SetEnvIf "flags" we support
-+ */
-+ if (!strncmp(key+1, "sl-", 3)) {
-+ key += 4;
-+ if (!strncmp(key, "unclean", 7)) {
-+ sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
-+ }
-+ else if (!strncmp(key, "accurate", 8)) {
-+ sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_ACCURATE;
-+ }
-+ return; /* should only ever be one ssl-*-shutdown */
-+ }
-+ break;
-+ }
-+ }
-+}
-+
-+/*
-+ * URL Translation Handler
-+ */
-+int ssl_hook_Translate(request_rec *r)
-+{
-+ SSLConnRec *sslconn = myConnConfig(r->connection);
-+
-+ if (!(sslconn && sslconn->ssl)) {
-+ return DECLINED;
-+ }
-+
-+ /*
-+ * Log information about incoming HTTPS requests
-+ */
-+ if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
-+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
-+ "%s HTTPS request received for child %ld (server %s)",
-+ (r->connection->keepalives <= 0 ?
-+ "Initial (No.1)" :
-+ apr_psprintf(r->pool, "Subsequent (No.%d)",
-+ r->connection->keepalives+1)),
-+ r->connection->id,
-+ ssl_util_vhostid(r->pool, r->server));
-+ }
-+
-+ /* SetEnvIf ssl-*-shutdown flags can only be per-server,
-+ * so they won't change across keepalive requests
-+ */
-+ if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {
-+ ssl_configure_env(r, sslconn);
-+ }
-+
-+ return DECLINED;
-+}
-+
-+/*
-+ * Access Handler
-+ */
-+int ssl_hook_Access(request_rec *r)
-+{
-+ SSLDirConfigRec *dc = myDirConfig(r);
-+ SSLSrvConfigRec *sc = mySrvConfig(r->server);
-+ SSLConnRec *sslconn = myConnConfig(r->connection);
-+ SSL *ssl = sslconn ? sslconn->ssl : NULL;
-+ SSL_CTX *ctx = NULL;
-+ apr_array_header_t *requires;
-+ ssl_require_t *ssl_requires;
-+ char *cp;
-+ int ok, i;
-+ BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
-+ X509 *cert;
-+ X509 *peercert;
-+ X509_STORE *cert_store = NULL;
-+ X509_STORE_CTX cert_store_ctx;
-+ STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
-+ SSL_CIPHER *cipher = NULL;
-+ int depth, verify_old, verify, n;
-+
-+ if (ssl) {
-+ ctx = SSL_get_SSL_CTX(ssl);
-+ }
-+
-+ /*
-+ * Support for SSLRequireSSL directive
-+ */
-+ if (dc->bSSLRequired && !ssl) {
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-+ "access to %s failed, reason: %s",
-+ r->filename, "SSL connection required");
-+
-+ /* remember forbidden access for strict require option */
-+ apr_table_setn(r->notes, "ssl-access-forbidden", "1");
-+
-+ return HTTP_FORBIDDEN;
-+ }
-+
-+ /*
-+ * Check to see if SSL protocol is on
-+ */
-+ if (!(sc->enabled || ssl)) {
-+ return DECLINED;
-+ }
-+ /*
-+ * Support for per-directory reconfigured SSL connection parameters.
-+ *
-+ * This is implemented by forcing an SSL renegotiation with the
-+ * reconfigured parameter suite. But Apache's internal API processing
-+ * makes our life very hard here, because when internal sub-requests occur
-+ * we nevertheless should avoid multiple unnecessary SSL handshakes (they
-+ * require extra network I/O and especially time to perform).
-+ *
-+ * But the optimization for filtering out the unnecessary handshakes isn't
-+ * obvious and trivial. Especially because while Apache is in its
-+ * sub-request processing the client could force additional handshakes,
-+ * too. And these take place perhaps without our notice. So the only
-+ * possibility is to explicitly _ask_ OpenSSL whether the renegotiation
-+ * has to be performed or not. It has to performed when some parameters
-+ * which were previously known (by us) are not those we've now
-+ * reconfigured (as known by OpenSSL) or (in optimized way) at least when
-+ * the reconfigured parameter suite is stronger (more restrictions) than
-+ * the currently active one.
-+ */
-+
-+ /*
-+ * Override of SSLCipherSuite
-+ *
-+ * We provide two options here:
-+ *
-+ * o The paranoid and default approach where we force a renegotiation when
-+ * the cipher suite changed in _any_ way (which is straight-forward but
-+ * often forces renegotiations too often and is perhaps not what the
-+ * user actually wanted).
-+ *
-+ * o The optimized and still secure way where we force a renegotiation
-+ * only if the currently active cipher is no longer contained in the
-+ * reconfigured/new cipher suite. Any other changes are not important
-+ * because it's the servers choice to select a cipher from the ones the
-+ * client supports. So as long as the current cipher is still in the new
-+ * cipher suite we're happy. Because we can assume we would have
-+ * selected it again even when other (better) ciphers exists now in the
-+ * new cipher suite. This approach is fine because the user explicitly
-+ * has to enable this via ``SSLOptions +OptRenegotiate''. So we do no
-+ * implicit optimizations.
-+ */
-+ if (dc->szCipherSuite) {
-+ /* remember old state */
-+
-+ if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
-+ cipher = SSL_get_current_cipher(ssl);
-+ }
-+ else {
-+ cipher_list_old = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
-+
-+ if (cipher_list_old) {
-+ cipher_list_old = sk_SSL_CIPHER_dup(cipher_list_old);
-+ }
-+ }
-+
-+ /* configure new state */
-+ if (!modssl_set_cipher_list(ssl, dc->szCipherSuite)) {
-+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
-+ r->server,
-+ "Unable to reconfigure (per-directory) "
-+ "permitted SSL ciphers");
-+ ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
-+
-+ if (cipher_list_old) {
-+ sk_SSL_CIPHER_free(cipher_list_old);
-+ }
-+
-+ return HTTP_FORBIDDEN;
-+ }
-+
-+ /* determine whether a renegotiation has to be forced */
-+ cipher_list = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
-+
-+ if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
-+ /* optimized way */
-+ if ((!cipher && cipher_list) ||
-+ (cipher && !cipher_list))
-+ {
-+ renegotiate = TRUE;
-+ }
-+ else if (cipher && cipher_list &&
-+ (sk_SSL_CIPHER_find(cipher_list, cipher) < 0))
-+ {
-+ renegotiate = TRUE;
-+ }
-+ }
-+ else {
-+ /* paranoid way */
-+ if ((!cipher_list_old && cipher_list) ||
-+ (cipher_list_old && !cipher_list))
-+ {
-+ renegotiate = TRUE;
-+ }
-+ else if (cipher_list_old && cipher_list) {
-+ for (n = 0;
-+ !renegotiate && (n < sk_SSL_CIPHER_num(cipher_list));
-+ n++)
-+ {
-+ SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list, n);
-+
-+ if (sk_SSL_CIPHER_find(cipher_list_old, value) < 0) {
-+ renegotiate = TRUE;
-+ }
-+ }
-+
-+ for (n = 0;
-+ !renegotiate && (n < sk_SSL_CIPHER_num(cipher_list_old));
-+ n++)
-+ {
-+ SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list_old, n);
-+
-+ if (sk_SSL_CIPHER_find(cipher_list, value) < 0) {
-+ renegotiate = TRUE;
-+ }
-+ }
-+ }
-+ }
-+
-+ /* cleanup */
-+ if (cipher_list_old) {
-+ sk_SSL_CIPHER_free(cipher_list_old);
-+ }
-+
-+ /* tracing */
-+ if (renegotiate) {
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
-+ "Reconfigured cipher suite will force renegotiation");
-+ }
-+ }
-+
-+ /*
-+ * override of SSLVerifyDepth
-+ *
-+ * The depth checks are handled by us manually inside the verify callback
-+ * function and not by OpenSSL internally (and our function is aware of
-+ * both the per-server and per-directory contexts). So we cannot ask
-+ * OpenSSL about the currently verify depth. Instead we remember it in our
-+ * ap_ctx attached to the SSL* of OpenSSL. We've to force the
-+ * renegotiation if the reconfigured/new verify depth is less than the
-+ * currently active/remembered verify depth (because this means more
-+ * restriction on the certificate chain).
-+ */
-+ if (dc->nVerifyDepth != UNSET) {
-+ /* XXX: doesnt look like sslconn->verify_depth is actually used */
-+ if (!(n = sslconn->verify_depth)) {
-+ sslconn->verify_depth = n = sc->server->auth.verify_depth;
-+ }
-+
-+ /* determine whether a renegotiation has to be forced */
-+ if (dc->nVerifyDepth < n) {
-+ renegotiate = TRUE;
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
-+ "Reduced client verification depth will force "
-+ "renegotiation");
-+ }
-+ }
-+
-+ /*
-+ * override of SSLVerifyClient
-+ *
-+ * We force a renegotiation if the reconfigured/new verify type is
-+ * stronger than the currently active verify type.
-+ *
-+ * The order is: none << optional_no_ca << optional << require
-+ *
-+ * Additionally the following optimization is possible here: When the
-+ * currently active verify type is "none" but a client certificate is
-+ * already known/present, it's enough to manually force a client
-+ * verification but at least skip the I/O-intensive renegotation
-+ * handshake.
-+ */
-+ if (dc->nVerifyClient != SSL_CVERIFY_UNSET) {
-+ /* remember old state */
-+ verify_old = SSL_get_verify_mode(ssl);
-+ /* configure new state */
-+ verify = SSL_VERIFY_NONE;
-+
-+ if (dc->nVerifyClient == SSL_CVERIFY_REQUIRE) {
-+ verify |= SSL_VERIFY_PEER_STRICT;
-+ }
-+
-+ if ((dc->nVerifyClient == SSL_CVERIFY_OPTIONAL) ||
-+ (dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA))
-+ {
-+ verify |= SSL_VERIFY_PEER;
-+ }
-+
-+ modssl_set_verify(ssl, verify, ssl_callback_SSLVerify);
-+ SSL_set_verify_result(ssl, X509_V_OK);
-+
-+ /* determine whether we've to force a renegotiation */
-+ if (!renegotiate && verify != verify_old) {
-+ if (((verify_old == SSL_VERIFY_NONE) &&
-+ (verify != SSL_VERIFY_NONE)) ||
-+
-+ (!(verify_old & SSL_VERIFY_PEER) &&
-+ (verify & SSL_VERIFY_PEER)) ||
-+
-+ (!(verify_old & SSL_VERIFY_PEER_STRICT) &&
-+ (verify & SSL_VERIFY_PEER_STRICT)))
-+ {
-+ renegotiate = TRUE;
-+ /* optimization */
-+
-+ if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) &&
-+ (verify_old == SSL_VERIFY_NONE) &&
-+ ((peercert = SSL_get_peer_certificate(ssl)) != NULL))
-+ {
-+ renegotiate_quick = TRUE;
-+ X509_free(peercert);
-+ }
-+
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
-+ r->server,
-+ "Changed client verification type will force "
-+ "%srenegotiation",
-+ renegotiate_quick ? "quick " : "");
-+ }
-+ }
-+ }
-+
-+ /*
-+ * override SSLCACertificateFile & SSLCACertificatePath
-+ * This is only enabled if the SSL_set_cert_store() function
-+ * is available in the ssl library. the 1.x based mod_ssl
-+ * used SSL_CTX_set_cert_store which is not thread safe.
-+ */
-+
-+#ifdef HAVE_SSL_SET_CERT_STORE
-+ /*
-+ * check if per-dir and per-server config field are not the same.
-+ * if f is defined in per-dir and not defined in per-server
-+ * or f is defined in both but not the equal ...
-+ */
-+#define MODSSL_CFG_NE(f) \
-+ (dc->f && (!sc->f || (sc->f && strNE(dc->f, sc->f))))
-+
-+#define MODSSL_CFG_CA(f) \
-+ (dc->f ? dc->f : sc->f)
-+
-+ if (MODSSL_CFG_NE(szCACertificateFile) ||
-+ MODSSL_CFG_NE(szCACertificatePath))
-+ {
-+ STACK_OF(X509_NAME) *ca_list;
-+ const char *ca_file = MODSSL_CFG_CA(szCACertificateFile);
-+ const char *ca_path = MODSSL_CFG_CA(szCACertificatePath);
-+
-+ cert_store = X509_STORE_new();
-+
-+ if (!X509_STORE_load_locations(cert_store, ca_file, ca_path)) {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-+ "Unable to reconfigure verify locations "
-+ "for client authentication");
-+ ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
-+
-+ X509_STORE_free(cert_store);
-+
-+ return HTTP_FORBIDDEN;
-+ }
-+
-+ /* SSL_free will free cert_store */
-+ SSL_set_cert_store(ssl, cert_store);
-+
-+ if (!(ca_list = ssl_init_FindCAList(r->server, r->pool,
-+ ca_file, ca_path)))
-+ {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-+ "Unable to determine list of available "
-+ "CA certificates for client authentication");
-+
-+ return HTTP_FORBIDDEN;
-+ }
-+
-+ SSL_set_client_CA_list(ssl, ca_list);
-+ renegotiate = TRUE;
-+
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
-+ "Changed client verification locations will force "
-+ "renegotiation");
-+ }
-+#endif /* HAVE_SSL_SET_CERT_STORE */
-+
-+ /*
-+ * SSL renegotiations in conjunction with HTTP
-+ * requests using the POST method are not supported.
-+ *
-+ * Background:
-+ *
-+ * 1. When the client sends a HTTP/HTTPS request, Apache's core code
-+ * reads only the request line ("METHOD /path HTTP/x.y") and the
-+ * attached MIME headers ("Foo: bar") up to the terminating line ("CR
-+ * LF"). An attached request body (for instance the data of a POST
-+ * method) is _NOT_ read. Instead it is read by mod_cgi's content
-+ * handler and directly passed to the CGI script.
-+ *
-+ * 2. mod_ssl supports per-directory re-configuration of SSL parameters.
-+ * This is implemented by performing an SSL renegotiation of the
-+ * re-configured parameters after the request is read, but before the
-+ * response is sent. In more detail: the renegotiation happens after the
-+ * request line and MIME headers were read, but _before_ the attached
-+ * request body is read. The reason simply is that in the HTTP protocol
-+ * usually there is no acknowledgment step between the headers and the
-+ * body (there is the 100-continue feature and the chunking facility
-+ * only), so Apache has no API hook for this step.
-+ *
-+ * 3. the problem now occurs when the client sends a POST request for
-+ * URL /foo via HTTPS the server and the server has SSL parameters
-+ * re-configured on a per-URL basis for /foo. Then mod_ssl has to
-+ * perform an SSL renegotiation after the request was read and before
-+ * the response is sent. But the problem is the pending POST body data
-+ * in the receive buffer of SSL (which Apache still has not read - it's
-+ * pending until mod_cgi sucks it in). When mod_ssl now tries to perform
-+ * the renegotiation the pending data leads to an I/O error.
-+ *
-+ * Solution Idea:
-+ *
-+ * There are only two solutions: Either to simply state that POST
-+ * requests to URLs with SSL re-configurations are not allowed, or to
-+ * renegotiate really after the _complete_ request (i.e. including
-+ * the POST body) was read. Obviously the latter would be preferred,
-+ * but it cannot be done easily inside Apache, because as already
-+ * mentioned, there is no API step between the body reading and the body
-+ * processing. And even when we mod_ssl would hook directly into the
-+ * loop of mod_cgi, we wouldn't solve the problem for other handlers, of
-+ * course. So the only general solution is to suck in the pending data
-+ * of the request body from the OpenSSL BIO into the Apache BUFF. Then
-+ * the renegotiation can be done and after this step Apache can proceed
-+ * processing the request as before.
-+ *
-+ * Solution Implementation:
-+ *
-+ * We cannot simply suck in the data via an SSL_read-based loop because of
-+ * HTTP chunking. Instead we _have_ to use the Apache API for this step which
-+ * is aware of HTTP chunking. So the trick is to suck in the pending request
-+ * data via the Apache API (which uses Apache's BUFF code and in the
-+ * background mod_ssl's I/O glue code) and re-inject it later into the Apache
-+ * BUFF code again. This way the data flows twice through the Apache BUFF, of
-+ * course. But this way the solution doesn't depend on any Apache specifics
-+ * and is fully transparent to Apache modules.
-+ *
-+ * !! BUT ALL THIS IS STILL NOT RE-IMPLEMENTED FOR APACHE 2.0 !!
-+ */
-+ if (renegotiate && !renegotiate_quick && (r->method_number == M_POST)) {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-+ "SSL Re-negotiation in conjunction "
-+ "with POST method not supported!\n"
-+ "hint: try SSLOptions +OptRenegotiate");
-+
-+ return HTTP_METHOD_NOT_ALLOWED;
-+ }
-+
-+ /*
-+ * now do the renegotiation if anything was actually reconfigured
-+ */
-+ if (renegotiate) {
-+ /*
-+ * Now we force the SSL renegotation by sending the Hello Request
-+ * message to the client. Here we have to do a workaround: Actually
-+ * OpenSSL returns immediately after sending the Hello Request (the
-+ * intent AFAIK is because the SSL/TLS protocol says it's not a must
-+ * that the client replies to a Hello Request). But because we insist
-+ * on a reply (anything else is an error for us) we have to go to the
-+ * ACCEPT state manually. Using SSL_set_accept_state() doesn't work
-+ * here because it resets too much of the connection. So we set the
-+ * state explicitly and continue the handshake manually.
-+ */
-+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
-+ "Requesting connection re-negotiation");
-+
-+ if (renegotiate_quick) {
-+ STACK_OF(X509) *cert_stack;
-+
-+ /* perform just a manual re-verification of the peer */
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
-+ "Performing quick renegotiation: "
-+ "just re-verifying the peer");
-+
-+ cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl);
-+
-+ cert = SSL_get_peer_certificate(ssl);
-+
-+ if (!cert_stack && cert) {
-+ /* client cert is in the session cache, but there is
-+ * no chain, since ssl3_get_client_certificate()
-+ * sk_X509_shift-ed the peer cert out of the chain.
-+ * we put it back here for the purpose of quick_renegotiation.
-+ */
-+ cert_stack = sk_new_null();
-+ sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert);
-+ }
-+
-+ if (!cert_stack || (sk_X509_num(cert_stack) == 0)) {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-+ "Cannot find peer certificate chain");
-+
-+ return HTTP_FORBIDDEN;
-+ }
-+
-+ if (!(cert_store ||
-+ (cert_store = SSL_CTX_get_cert_store(ctx))))
-+ {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-+ "Cannot find certificate storage");
-+
-+ return HTTP_FORBIDDEN;
-+ }
-+
-+ if (!cert) {
-+ cert = sk_X509_value(cert_stack, 0);
-+ }
-+
-+ X509_STORE_CTX_init(&cert_store_ctx, cert_store, cert, cert_stack);
-+ depth = SSL_get_verify_depth(ssl);
-+
-+ if (depth >= 0) {
-+ X509_STORE_CTX_set_depth(&cert_store_ctx, depth);
-+ }
-+
-+ X509_STORE_CTX_set_ex_data(&cert_store_ctx,
-+ SSL_get_ex_data_X509_STORE_CTX_idx(),
-+ (char *)ssl);
-+
-+ if (!modssl_X509_verify_cert(&cert_store_ctx)) {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-+ "Re-negotiation verification step failed");
-+ ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
-+ }
-+
-+ SSL_set_verify_result(ssl, cert_store_ctx.error);
-+ X509_STORE_CTX_cleanup(&cert_store_ctx);
-+
-+ if (cert_stack != SSL_get_peer_cert_chain(ssl)) {
-+ /* we created this ourselves, so free it */
-+ sk_X509_pop_free(cert_stack, X509_free);
-+ }
-+ }
-+ else {
-+ request_rec *id = r->main ? r->main : r;
-+
-+ /* do a full renegotiation */
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
-+ "Performing full renegotiation: "
-+ "complete handshake protocol");
-+
-+ SSL_set_session_id_context(ssl,
-+ (unsigned char *)&id,
-+ sizeof(id));
-+
-+ SSL_renegotiate(ssl);
-+ SSL_do_handshake(ssl);
-+
-+ if (SSL_get_state(ssl) != SSL_ST_OK) {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-+ "Re-negotiation request failed");
-+
-+ r->connection->aborted = 1;
-+ return HTTP_FORBIDDEN;
-+ }
-+
-+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
-+ "Awaiting re-negotiation handshake");
-+
-+ SSL_set_state(ssl, SSL_ST_ACCEPT);
-+ SSL_do_handshake(ssl);
-+
-+ if (SSL_get_state(ssl) != SSL_ST_OK) {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-+ "Re-negotiation handshake failed: "
-+ "Not accepted by client!?");
-+
-+ r->connection->aborted = 1;
-+ return HTTP_FORBIDDEN;
-+ }
-+ }
-+
-+ /*
-+ * Remember the peer certificate's DN
-+ */
-+ if ((cert = SSL_get_peer_certificate(ssl))) {
-+ if (sslconn->client_cert) {
-+ X509_free(sslconn->client_cert);
-+ }
-+ sslconn->client_cert = cert;
-+ sslconn->client_dn = NULL;
-+ }
-+
-+ /*
-+ * Finally check for acceptable renegotiation results
-+ */
-+ if (dc->nVerifyClient != SSL_CVERIFY_NONE) {
-+ BOOL do_verify = (dc->nVerifyClient == SSL_CVERIFY_REQUIRE);
-+
-+ if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-+ "Re-negotiation handshake failed: "
-+ "Client verification failed");
-+
-+ return HTTP_FORBIDDEN;
-+ }
-+
-+ if (do_verify) {
-+ if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-+ "Re-negotiation handshake failed: "
-+ "Client certificate missing");
-+
-+ return HTTP_FORBIDDEN;
-+ }
-+
-+ X509_free(peercert);
-+ }
-+ }
-+ }
-+
-+ /*
-+ * Check SSLRequire boolean expressions
-+ */
-+ requires = dc->aRequirement;
-+ ssl_requires = (ssl_require_t *)requires->elts;
-+
-+ for (i = 0; i < requires->nelts; i++) {
-+ ssl_require_t *req = &ssl_requires[i];
-+ ok = ssl_expr_exec(r, req->mpExpr);
-+
-+ if (ok < 0) {
-+ cp = apr_psprintf(r->pool,
-+ "Failed to execute "
-+ "SSL requirement expression: %s",
-+ ssl_expr_get_error());
-+
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-+ "access to %s failed, reason: %s",
-+ r->filename, cp);
-+
-+ /* remember forbidden access for strict require option */
-+ apr_table_setn(r->notes, "ssl-access-forbidden", "1");
-+
-+ return HTTP_FORBIDDEN;
-+ }
-+
-+ if (ok != 1) {
-+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
-+ "Access to %s denied for %s "
-+ "(requirement expression not fulfilled)",
-+ r->filename, r->connection->remote_ip);
-+
-+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
-+ "Failed expression: %s", req->cpExpr);
-+
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-+ "access to %s failed, reason: %s",
-+ r->filename,
-+ "SSL requirement expression not fulfilled "
-+ "(see SSL logfile for more details)");
-+
-+ /* remember forbidden access for strict require option */
-+ apr_table_setn(r->notes, "ssl-access-forbidden", "1");
-+
-+ return HTTP_FORBIDDEN;
-+ }
-+ }
-+
-+ /*
-+ * Else access is granted from our point of view (except vendor
-+ * handlers override). But we have to return DECLINED here instead
-+ * of OK, because mod_auth and other modules still might want to
-+ * deny access.
-+ */
-+
-+ return DECLINED;
-+}
-+
-+/*
-+ * Authentication Handler:
-+ * Fake a Basic authentication from the X509 client certificate.
-+ *
-+ * This must be run fairly early on to prevent a real authentication from
-+ * occuring, in particular it must be run before anything else that
-+ * authenticates a user. This means that the Module statement for this
-+ * module should be LAST in the Configuration file.
-+ */
-+int ssl_hook_UserCheck(request_rec *r)
-+{
-+ SSLConnRec *sslconn = myConnConfig(r->connection);
-+ SSLSrvConfigRec *sc = mySrvConfig(r->server);
-+ SSLDirConfigRec *dc = myDirConfig(r);
-+ char buf1[MAX_STRING_LEN], buf2[MAX_STRING_LEN];
-+ char *clientdn;
-+ const char *auth_line, *username, *password;
-+
-+ /*
-+ * Additionally forbid access (again)
-+ * when strict require option is used.
-+ */
-+ if ((dc->nOptions & SSL_OPT_STRICTREQUIRE) &&
-+ (apr_table_get(r->notes, "ssl-access-forbidden")))
-+ {
-+ return HTTP_FORBIDDEN;
-+ }
-+
-+ /*
-+ * We decline when we are in a subrequest. The Authorization header
-+ * would already be present if it was added in the main request.
-+ */
-+ if (!ap_is_initial_req(r)) {
-+ return DECLINED;
-+ }
-+
-+ /*
-+ * Make sure the user is not able to fake the client certificate
-+ * based authentication by just entering an X.509 Subject DN
-+ * ("/XX=YYY/XX=YYY/..") as the username and "password" as the
-+ * password.
-+ */
-+ if ((auth_line = apr_table_get(r->headers_in, "Authorization"))) {
-+ if (strcEQ(ap_getword(r->pool, &auth_line, ' '), "Basic")) {
-+ while ((*auth_line == ' ') || (*auth_line == '\t')) {
-+ auth_line++;
-+ }
-+
-+ auth_line = ap_pbase64decode(r->pool, auth_line);
-+ username = ap_getword_nulls(r->pool, &auth_line, ':');
-+ password = auth_line;
-+
-+ if ((username[0] == '/') && strEQ(password, "password")) {
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-+ "Encountered FakeBasicAuth spoof: %s", username);
-+ return HTTP_FORBIDDEN;
-+ }
-+ }
-+ }
-+
-+ /*
-+ * We decline operation in various situations...
-+ * - SSLOptions +FakeBasicAuth not configured
-+ * - r->user already authenticated
-+ * - ssl not enabled
-+ * - client did not present a certificate
-+ */
-+ if (!(sc->enabled && sslconn->ssl && sslconn->client_cert) ||
-+ !(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user)
-+ {
-+ return DECLINED;
-+ }
-+
-+ if (!sslconn->client_dn) {
-+ X509_NAME *name = X509_get_subject_name(sslconn->client_cert);
-+ char *cp = X509_NAME_oneline(name, NULL, 0);
-+ sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
-+ modssl_free(cp);
-+ }
-+
-+ clientdn = (char *)sslconn->client_dn;
-+
-+ /*
-+ * Fake a password - which one would be immaterial, as, it seems, an empty
-+ * password in the users file would match ALL incoming passwords, if only
-+ * we were using the standard crypt library routine. Unfortunately, OpenSSL
-+ * "fixes" a "bug" in crypt and thus prevents blank passwords from
-+ * working. (IMHO what they really fix is a bug in the users of the code
-+ * - failing to program correctly for shadow passwords). We need,
-+ * therefore, to provide a password. This password can be matched by
-+ * adding the string "xxj31ZMTZzkVA" as the password in the user file.
-+ * This is just the crypted variant of the word "password" ;-)
-+ */
-+ apr_snprintf(buf1, sizeof(buf1), "%s:password", clientdn);
-+ ssl_util_uuencode(buf2, buf1, FALSE);
-+
-+ apr_snprintf(buf1, sizeof(buf1), "Basic %s", buf2);
-+ apr_table_set(r->headers_in, "Authorization", buf1);
-+
-+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
-+ "Faking HTTP Basic Auth header: \"Authorization: %s\"", buf1);
-+
-+ return DECLINED;
-+}
-+
-+/* authorization phase */
-+int ssl_hook_Auth(request_rec *r)
-+{
-+ SSLDirConfigRec *dc = myDirConfig(r);
-+
-+ /*
-+ * Additionally forbid access (again)
-+ * when strict require option is used.
-+ */
-+ if ((dc->nOptions & SSL_OPT_STRICTREQUIRE) &&
-+ (apr_table_get(r->notes, "ssl-access-forbidden")))
-+ {
-+ return HTTP_FORBIDDEN;
-+ }
-+
-+ return DECLINED;
-+}
-+
-+/*
-+ * Fixup Handler
-+ */
-+
-+static const char *ssl_hook_Fixup_vars[] = {
-+ "SSL_VERSION_INTERFACE",
-+ "SSL_VERSION_LIBRARY",
-+ "SSL_PROTOCOL",
-+ "SSL_CIPHER",
-+ "SSL_CIPHER_EXPORT",
-+ "SSL_CIPHER_USEKEYSIZE",
-+ "SSL_CIPHER_ALGKEYSIZE",
-+ "SSL_CLIENT_VERIFY",
-+ "SSL_CLIENT_M_VERSION",
-+ "SSL_CLIENT_M_SERIAL",
-+ "SSL_CLIENT_V_START",
-+ "SSL_CLIENT_V_END",
-+ "SSL_CLIENT_S_DN",
-+ "SSL_CLIENT_S_DN_C",
-+ "SSL_CLIENT_S_DN_ST",
-+ "SSL_CLIENT_S_DN_L",
-+ "SSL_CLIENT_S_DN_O",
-+ "SSL_CLIENT_S_DN_OU",
-+ "SSL_CLIENT_S_DN_CN",
-+ "SSL_CLIENT_S_DN_T",
-+ "SSL_CLIENT_S_DN_I",
-+ "SSL_CLIENT_S_DN_G",
-+ "SSL_CLIENT_S_DN_S",
-+ "SSL_CLIENT_S_DN_D",
-+ "SSL_CLIENT_S_DN_UID",
-+ "SSL_CLIENT_S_DN_Email",
-+ "SSL_CLIENT_I_DN",
-+ "SSL_CLIENT_I_DN_C",
-+ "SSL_CLIENT_I_DN_ST",
-+ "SSL_CLIENT_I_DN_L",
-+ "SSL_CLIENT_I_DN_O",
-+ "SSL_CLIENT_I_DN_OU",
-+ "SSL_CLIENT_I_DN_CN",
-+ "SSL_CLIENT_I_DN_T",
-+ "SSL_CLIENT_I_DN_I",
-+ "SSL_CLIENT_I_DN_G",
-+ "SSL_CLIENT_I_DN_S",
-+ "SSL_CLIENT_I_DN_D",
-+ "SSL_CLIENT_I_DN_UID",
-+ "SSL_CLIENT_I_DN_Email",
-+ "SSL_CLIENT_A_KEY",
-+ "SSL_CLIENT_A_SIG",
-+ "SSL_SERVER_M_VERSION",
-+ "SSL_SERVER_M_SERIAL",
-+ "SSL_SERVER_V_START",
-+ "SSL_SERVER_V_END",
-+ "SSL_SERVER_S_DN",
-+ "SSL_SERVER_S_DN_C",
-+ "SSL_SERVER_S_DN_ST",
-+ "SSL_SERVER_S_DN_L",
-+ "SSL_SERVER_S_DN_O",
-+ "SSL_SERVER_S_DN_OU",
-+ "SSL_SERVER_S_DN_CN",
-+ "SSL_SERVER_S_DN_T",
-+ "SSL_SERVER_S_DN_I",
-+ "SSL_SERVER_S_DN_G",
-+ "SSL_SERVER_S_DN_S",
-+ "SSL_SERVER_S_DN_D",
-+ "SSL_SERVER_S_DN_UID",
-+ "SSL_SERVER_S_DN_Email",
-+ "SSL_SERVER_I_DN",
-+ "SSL_SERVER_I_DN_C",
-+ "SSL_SERVER_I_DN_ST",
-+ "SSL_SERVER_I_DN_L",
-+ "SSL_SERVER_I_DN_O",
-+ "SSL_SERVER_I_DN_OU",
-+ "SSL_SERVER_I_DN_CN",
-+ "SSL_SERVER_I_DN_T",
-+ "SSL_SERVER_I_DN_I",
-+ "SSL_SERVER_I_DN_G",
-+ "SSL_SERVER_I_DN_S",
-+ "SSL_SERVER_I_DN_D",
-+ "SSL_SERVER_I_DN_UID",
-+ "SSL_SERVER_I_DN_Email",
-+ "SSL_SERVER_A_KEY",
-+ "SSL_SERVER_A_SIG",
-+ "SSL_SESSION_ID",
-+ NULL
-+};
-+
-+int ssl_hook_Fixup(request_rec *r)
-+{
-+ SSLConnRec *sslconn = myConnConfig(r->connection);
-+ SSLSrvConfigRec *sc = mySrvConfig(r->server);
-+ SSLDirConfigRec *dc = myDirConfig(r);
-+ apr_table_t *env = r->subprocess_env;
-+ char *var, *val = "";
-+ STACK_OF(X509) *peer_certs;
-+ SSL *ssl;
-+ int i;
-+
-+ /*
-+ * Check to see if SSL is on
-+ */
-+ if (!(sc->enabled && sslconn && (ssl = sslconn->ssl))) {
-+ return DECLINED;
-+ }
-+
-+ /*
-+ * Annotate the SSI/CGI environment with standard SSL information
-+ */
-+ /* the always present HTTPS (=HTTP over SSL) flag! */
-+ apr_table_setn(env, "HTTPS", "on");
-+
-+ /* standard SSL environment variables */
-+ if (dc->nOptions & SSL_OPT_STDENVVARS) {
-+ for (i = 0; ssl_hook_Fixup_vars[i]; i++) {
-+ var = (char *)ssl_hook_Fixup_vars[i];
-+ val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
-+ if (!strIsEmpty(val)) {
-+ apr_table_setn(env, var, val);
-+ }
-+ }
-+ }
-+
-+ /*
-+ * On-demand bloat up the SSI/CGI environment with certificate data
-+ */
-+ if (dc->nOptions & SSL_OPT_EXPORTCERTDATA) {
-+ val = ssl_var_lookup(r->pool, r->server, r->connection,
-+ r, "SSL_SERVER_CERT");
-+
-+ apr_table_setn(env, "SSL_SERVER_CERT", val);
-+
-+ val = ssl_var_lookup(r->pool, r->server, r->connection,
-+ r, "SSL_CLIENT_CERT");
-+
-+ apr_table_setn(env, "SSL_CLIENT_CERT", val);
-+
-+ if ((peer_certs = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl))) {
-+ for (i = 0; i < sk_X509_num(peer_certs); i++) {
-+ var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
-+ val = ssl_var_lookup(r->pool, r->server, r->connection,
-+ r, var);
-+ if (val) {
-+ apr_table_setn(env, var, val);
-+ }
-+ }
-+ }
-+ }
-+
-+ return DECLINED;
-+}
-+
-+/* _________________________________________________________________
-+**
-+** OpenSSL Callback Functions
-+** _________________________________________________________________
-+*/
-+
-+/*
-+ * Handle out temporary RSA private keys on demand
-+ *
-+ * The background of this as the TLSv1 standard explains it:
-+ *
-+ * | D.1. Temporary RSA keys
-+ * |
-+ * | US Export restrictions limit RSA keys used for encryption to 512
-+ * | bits, but do not place any limit on lengths of RSA keys used for
-+ * | signing operations. Certificates often need to be larger than 512
-+ * | bits, since 512-bit RSA keys are not secure enough for high-value
-+ * | transactions or for applications requiring long-term security. Some
-+ * | certificates are also designated signing-only, in which case they
-+ * | cannot be used for key exchange.
-+ * |
-+ * | When the public key in the certificate cannot be used for encryption,
-+ * | the server signs a temporary RSA key, which is then exchanged. In
-+ * | exportable applications, the temporary RSA key should be the maximum
-+ * | allowable length (i.e., 512 bits). Because 512-bit RSA keys are
-+ * | relatively insecure, they should be changed often. For typical
-+ * | electronic commerce applications, it is suggested that keys be
-+ * | changed daily or every 500 transactions, and more often if possible.
-+ * | Note that while it is acceptable to use the same temporary key for
-+ * | multiple transactions, it must be signed each time it is used.
-+ * |
-+ * | RSA key generation is a time-consuming process. In many cases, a
-+ * | low-priority process can be assigned the task of key generation.
-+ * | Whenever a new key is completed, the existing temporary key can be
-+ * | replaced with the new one.
-+ *
-+ * XXX: base on comment above, if thread support is enabled,
-+ * we should spawn a low-priority thread to generate new keys
-+ * on the fly.
-+ *
-+ * So we generated 512 and 1024 bit temporary keys on startup
-+ * which we now just hand out on demand....
-+ */
-+
-+RSA *ssl_callback_TmpRSA(SSL *ssl, int export, int keylen)
-+{
-+ conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
-+ SSLModConfigRec *mc = myModConfig(c->base_server);
-+ int idx;
-+
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
-+ "handing out temporary %d bit RSA key", keylen);
-+
-+ /* doesn't matter if export flag is on,
-+ * we won't be asked for keylen > 512 in that case.
-+ * if we are asked for a keylen > 1024, it is too expensive
-+ * to generate on the fly.
-+ * XXX: any reason not to generate 2048 bit keys at startup?
-+ */
-+
-+ switch (keylen) {
-+ case 512:
-+ idx = SSL_TMP_KEY_RSA_512;
-+ break;
-+
-+ case 1024:
-+ default:
-+ idx = SSL_TMP_KEY_RSA_1024;
-+ }
-+
-+ return (RSA *)mc->pTmpKeys[idx];
-+}
-+
-+/*
-+ * Hand out the already generated DH parameters...
-+ */
-+DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
-+{
-+ conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
-+ SSLModConfigRec *mc = myModConfig(c->base_server);
-+ int idx;
-+
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
-+ "handing out temporary %d bit DH key", keylen);
-+
-+ switch (keylen) {
-+ case 512:
-+ idx = SSL_TMP_KEY_DH_512;
-+ break;
-+
-+ case 1024:
-+ default:
-+ idx = SSL_TMP_KEY_DH_1024;
-+ }
-+
-+ return (DH *)mc->pTmpKeys[idx];
-+}
-+
-+/*
-+ * This OpenSSL callback function is called when OpenSSL
-+ * does client authentication and verifies the certificate chain.
-+ */
-+int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
-+{
-+ /* Get Apache context back through OpenSSL context */
-+ SSL *ssl = (SSL *)X509_STORE_CTX_get_app_data(ctx);
-+ conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
-+ server_rec *s = conn->base_server;
-+ request_rec *r = (request_rec *)SSL_get_app_data2(ssl);
-+
-+ SSLSrvConfigRec *sc = mySrvConfig(s);
-+ SSLDirConfigRec *dc = r ? myDirConfig(r) : NULL;
-+ SSLConnRec *sslconn = myConnConfig(conn);
-+ modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
-+
-+ /* Get verify ingredients */
-+ int errnum = X509_STORE_CTX_get_error(ctx);
-+ int errdepth = X509_STORE_CTX_get_error_depth(ctx);
-+ int depth, verify;
-+
-+ /*
-+ * Log verification information
-+ */
-+ if (s->loglevel >= APLOG_DEBUG) {
-+ X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
-+ char *sname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
-+ char *iname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
-+
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+ "Certificate Verification: "
-+ "depth: %d, subject: %s, issuer: %s",
-+ errdepth,
-+ sname ? sname : "-unknown-",
-+ iname ? iname : "-unknown-");
-+
-+ if (sname) {
-+ modssl_free(sname);
-+ }
-+
-+ if (iname) {
-+ modssl_free(iname);
-+ }
-+ }
-+
-+ /*
-+ * Check for optionally acceptable non-verifiable issuer situation
-+ */
-+ if (dc && (dc->nVerifyClient != SSL_CVERIFY_UNSET)) {
-+ verify = dc->nVerifyClient;
-+ }
-+ else {
-+ verify = mctx->auth.verify_mode;
-+ }
-+
-+ if (verify == SSL_CVERIFY_NONE) {
-+ /*
-+ * SSLProxyVerify is either not configured or set to "none".
-+ * (this callback doesn't happen in the server context if SSLVerify
-+ * is not configured or set to "none")
-+ */
-+ return TRUE;
-+ }
-+
-+ if (ssl_verify_error_is_optional(errnum) &&
-+ (verify == SSL_CVERIFY_OPTIONAL_NO_CA))
-+ {
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+ "Certificate Verification: Verifiable Issuer is "
-+ "configured as optional, therefore we're accepting "
-+ "the certificate");
-+
-+ sslconn->verify_info = "GENEROUS";
-+ ok = TRUE;
-+ }
-+
-+ /*
-+ * Additionally perform CRL-based revocation checks
-+ */
-+ if (ok) {
-+ if (!(ok = ssl_callback_SSLVerify_CRL(ok, ctx, conn))) {
-+ errnum = X509_STORE_CTX_get_error(ctx);
-+ }
-+ }
-+
-+ /*
-+ * If we already know it's not ok, log the real reason
-+ */
-+ if (!ok) {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
-+ "Certificate Verification: Error (%d): %s",
-+ errnum, X509_verify_cert_error_string(errnum));
-+
-+ if (sslconn->client_cert) {
-+ X509_free(sslconn->client_cert);
-+ sslconn->client_cert = NULL;
-+ }
-+ sslconn->client_dn = NULL;
-+ sslconn->verify_error = X509_verify_cert_error_string(errnum);
-+ }
-+
-+ /*
-+ * Finally check the depth of the certificate verification
-+ */
-+ if (dc && (dc->nVerifyDepth != UNSET)) {
-+ depth = dc->nVerifyDepth;
-+ }
-+ else {
-+ depth = mctx->auth.verify_depth;
-+ }
-+
-+ if (errdepth > depth) {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
-+ "Certificate Verification: Certificate Chain too long "
-+ "(chain has %d certificates, but maximum allowed are "
-+ "only %d)",
-+ errdepth, depth);
-+
-+ errnum = X509_V_ERR_CERT_CHAIN_TOO_LONG;
-+ sslconn->verify_error = X509_verify_cert_error_string(errnum);
-+
-+ ok = FALSE;
-+ }
-+
-+ /*
-+ * And finally signal OpenSSL the (perhaps changed) state
-+ */
-+ return ok;
-+}
-+
-+int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
-+{
-+ server_rec *s = c->base_server;
-+ SSLSrvConfigRec *sc = mySrvConfig(s);
-+ SSLConnRec *sslconn = myConnConfig(c);
-+ modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
-+ X509_OBJECT obj;
-+ X509_NAME *subject, *issuer;
-+ X509 *cert;
-+ X509_CRL *crl;
-+ EVP_PKEY *pubkey;
-+ int i, n, rc;
-+
-+ /*
-+ * Unless a revocation store for CRLs was created we
-+ * cannot do any CRL-based verification, of course.
-+ */
-+ if (!mctx->crl) {
-+ return ok;
-+ }
-+
-+ /*
-+ * Determine certificate ingredients in advance
-+ */
-+ cert = X509_STORE_CTX_get_current_cert(ctx);
-+ subject = X509_get_subject_name(cert);
-+ issuer = X509_get_issuer_name(cert);
-+
-+ /*
-+ * OpenSSL provides the general mechanism to deal with CRLs but does not
-+ * use them automatically when verifying certificates, so we do it
-+ * explicitly here. We will check the CRL for the currently checked
-+ * certificate, if there is such a CRL in the store.
-+ *
-+ * We come through this procedure for each certificate in the certificate
-+ * chain, starting with the root-CA's certificate. At each step we've to
-+ * both verify the signature on the CRL (to make sure it's a valid CRL)
-+ * and it's revocation list (to make sure the current certificate isn't
-+ * revoked). But because to check the signature on the CRL we need the
-+ * public key of the issuing CA certificate (which was already processed
-+ * one round before), we've a little problem. But we can both solve it and
-+ * at the same time optimize the processing by using the following
-+ * verification scheme (idea and code snippets borrowed from the GLOBUS
-+ * project):
-+ *
-+ * 1. We'll check the signature of a CRL in each step when we find a CRL
-+ * through the _subject_ name of the current certificate. This CRL
-+ * itself will be needed the first time in the next round, of course.
-+ * But we do the signature processing one round before this where the
-+ * public key of the CA is available.
-+ *
-+ * 2. We'll check the revocation list of a CRL in each step when
-+ * we find a CRL through the _issuer_ name of the current certificate.
-+ * This CRLs signature was then already verified one round before.
-+ *
-+ * This verification scheme allows a CA to revoke its own certificate as
-+ * well, of course.
-+ */
-+
-+ /*
-+ * Try to retrieve a CRL corresponding to the _subject_ of
-+ * the current certificate in order to verify it's integrity.
-+ */
-+ memset((char *)&obj, 0, sizeof(obj));
-+ rc = SSL_X509_STORE_lookup(mctx->crl,
-+ X509_LU_CRL, subject, &obj);
-+ crl = obj.data.crl;
-+
-+ if ((rc > 0) && crl) {
-+ /*
-+ * Log information about CRL
-+ * (A little bit complicated because of ASN.1 and BIOs...)
-+ */
-+ if (s->loglevel >= APLOG_DEBUG) {
-+ char buff[512]; /* should be plenty */
-+ BIO *bio = BIO_new(BIO_s_mem());
-+
-+ BIO_printf(bio, "CA CRL: Issuer: ");
-+ X509_NAME_print(bio, issuer, 0);
-+
-+ BIO_printf(bio, ", lastUpdate: ");
-+ ASN1_UTCTIME_print(bio, X509_CRL_get_lastUpdate(crl));
-+
-+ BIO_printf(bio, ", nextUpdate: ");
-+ ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));
-+
-+ n = BIO_read(bio, buff, sizeof(buff));
-+ buff[n] = '\0';
-+
-+ BIO_free(bio);
-+
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, buff);
-+ }
-+
-+ /*
-+ * Verify the signature on this CRL
-+ */
-+ pubkey = X509_get_pubkey(cert);
-+ rc = X509_CRL_verify(crl, pubkey);
-+#ifdef OPENSSL_VERSION_NUMBER
-+ /* Only refcounted in OpenSSL */
-+ if (pubkey)
-+ EVP_PKEY_free(pubkey);
-+#endif
-+ if (rc <= 0) {
-+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
-+ "Invalid signature on CRL");
-+
-+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
-+ X509_OBJECT_free_contents(&obj);
-+ return FALSE;
-+ }
-+
-+ /*
-+ * Check date of CRL to make sure it's not expired
-+ */
-+ i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
-+
-+ if (i == 0) {
-+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
-+ "Found CRL has invalid nextUpdate field");
-+
-+ X509_STORE_CTX_set_error(ctx,
-+ X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
-+ X509_OBJECT_free_contents(&obj);
-+
-+ return FALSE;
-+ }
-+
-+ if (i < 0) {
-+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
-+ "Found CRL is expired - "
-+ "revoking all certificates until you get updated CRL");
-+
-+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
-+ X509_OBJECT_free_contents(&obj);
-+
-+ return FALSE;
-+ }
-+
-+ X509_OBJECT_free_contents(&obj);
-+ }
-+
-+ /*
-+ * Try to retrieve a CRL corresponding to the _issuer_ of
-+ * the current certificate in order to check for revocation.
-+ */
-+ memset((char *)&obj, 0, sizeof(obj));
-+ rc = SSL_X509_STORE_lookup(mctx->crl,
-+ X509_LU_CRL, issuer, &obj);
-+
-+ crl = obj.data.crl;
-+ if ((rc > 0) && crl) {
-+ /*
-+ * Check if the current certificate is revoked by this CRL
-+ */
-+ n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
-+
-+ for (i = 0; i < n; i++) {
-+ X509_REVOKED *revoked =
-+ sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
-+
-+ ASN1_INTEGER *sn = X509_REVOKED_get_serialNumber(revoked);
-+
-+ if (!ASN1_INTEGER_cmp(sn, X509_get_serialNumber(cert))) {
-+ if (s->loglevel >= APLOG_DEBUG) {
-+ char *cp = X509_NAME_oneline(issuer, NULL, 0);
-+ long serial = ASN1_INTEGER_get(sn);
-+
-+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
-+ "Certificate with serial %ld (0x%lX) "
-+ "revoked per CRL from issuer %s",
-+ serial, serial, cp);
-+ modssl_free(cp);
-+ }
-+
-+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
-+ X509_OBJECT_free_contents(&obj);
-+
-+ return FALSE;
-+ }
-+ }
-+
-+ X509_OBJECT_free_contents(&obj);
-+ }
-+
-+ return ok;
-+}
-+
-+#define SSLPROXY_CERT_CB_LOG_FMT \
-+ "Proxy client certificate callback: (%s) "
-+
-+static void modssl_proxy_info_log(server_rec *s,
-+ X509_INFO *info,
-+ const char *msg)
-+{
-+ SSLSrvConfigRec *sc = mySrvConfig(s);
-+ char name_buf[256];
-+ X509_NAME *name;
-+ char *dn;
-+
-+ if (s->loglevel < APLOG_DEBUG) {
-+ return;
-+ }
-+
-+ name = X509_get_subject_name(info->x509);
-+ dn = X509_NAME_oneline(name, name_buf, sizeof(name_buf));
-+
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+ SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s",
-+ sc->vhost_id, msg, dn ? dn : "-uknown-");
-+}
-+
-+/*
-+ * caller will decrement the cert and key reference
-+ * so we need to increment here to prevent them from
-+ * being freed.
-+ */
-+#define modssl_set_cert_info(info, cert, pkey) \
-+ *cert = info->x509; \
-+ X509_reference_inc(*cert); \
-+ *pkey = info->x_pkey->dec_pkey; \
-+ EVP_PKEY_reference_inc(*pkey)
-+
-+int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey)
-+{
-+ conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
-+ server_rec *s = c->base_server;
-+ SSLSrvConfigRec *sc = mySrvConfig(s);
-+ X509_NAME *ca_name, *issuer;
-+ X509_INFO *info;
-+ STACK_OF(X509_NAME) *ca_list;
-+ STACK_OF(X509_INFO) *certs = sc->proxy->pkp->certs;
-+ int i, j;
-+
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+ SSLPROXY_CERT_CB_LOG_FMT "entered",
-+ sc->vhost_id);
-+
-+ if (!certs || (sk_X509_INFO_num(certs) <= 0)) {
-+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
-+ SSLPROXY_CERT_CB_LOG_FMT
-+ "downstream server wanted client certificate "
-+ "but none are configured", sc->vhost_id);
-+ return FALSE;
-+ }
-+
-+ ca_list = SSL_get_client_CA_list(ssl);
-+
-+ if (!ca_list || (sk_X509_NAME_num(ca_list) <= 0)) {
-+ /*
-+ * downstream server didn't send us a list of acceptable CA certs,
-+ * so we send the first client cert in the list.
-+ */
-+ info = sk_X509_INFO_value(certs, 0);
-+
-+ modssl_proxy_info_log(s, info, "no acceptable CA list");
-+
-+ modssl_set_cert_info(info, x509, pkey);
-+
-+ return TRUE;
-+ }
-+
-+ for (i = 0; i < sk_X509_NAME_num(ca_list); i++) {
-+ ca_name = sk_X509_NAME_value(ca_list, i);
-+
-+ for (j = 0; j < sk_X509_INFO_num(certs); j++) {
-+ info = sk_X509_INFO_value(certs, j);
-+ issuer = X509_get_issuer_name(info->x509);
-+
-+ if (X509_NAME_cmp(issuer, ca_name) == 0) {
-+ modssl_proxy_info_log(s, info, "found acceptable cert");
-+
-+ modssl_set_cert_info(info, x509, pkey);
-+
-+ return TRUE;
-+ }
-+ }
-+ }
-+
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+ SSLPROXY_CERT_CB_LOG_FMT
-+ "no client certificate found!?", sc->vhost_id);
-+
-+ return FALSE;
-+}
-+
-+static void ssl_session_log(server_rec *s,
-+ const char *request,
-+ unsigned char *id,
-+ unsigned int idlen,
-+ const char *status,
-+ const char *result,
-+ long timeout)
-+{
-+ char buf[SSL_SESSION_ID_STRING_LEN];
-+ char timeout_str[56] = {'\0'};
-+
-+ if (s->loglevel < APLOG_DEBUG) {
-+ return;
-+ }
-+
-+ if (timeout) {
-+ apr_snprintf(timeout_str, sizeof(timeout_str),
-+ "timeout=%lds ", (timeout - time(NULL)));
-+ }
-+
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+ "Inter-Process Session Cache: "
-+ "request=%s status=%s id=%s %s(session %s)",
-+ request, status,
-+ SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)),
-+ timeout_str, result);
-+}
-+
-+/*
-+ * This callback function is executed by OpenSSL whenever a new SSL_SESSION is
-+ * added to the internal OpenSSL session cache. We use this hook to spread the
-+ * SSL_SESSION also to the inter-process disk-cache to make share it with our
-+ * other Apache pre-forked server processes.
-+ */
-+int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session)
-+{
-+ /* Get Apache context back through OpenSSL context */
-+ conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
-+ server_rec *s = conn->base_server;
-+ SSLSrvConfigRec *sc = mySrvConfig(s);
-+ long timeout = sc->session_cache_timeout;
-+ BOOL rc;
-+ unsigned char *id;
-+ unsigned int idlen;
-+
-+ /*
-+ * Set the timeout also for the internal OpenSSL cache, because this way
-+ * our inter-process cache is consulted only when it's really necessary.
-+ */
-+ SSL_set_timeout(session, timeout);
-+
-+ /*
-+ * Store the SSL_SESSION in the inter-process cache with the
-+ * same expire time, so it expires automatically there, too.
-+ */
-+ id = SSL_SESSION_get_session_id(session);
-+ idlen = SSL_SESSION_get_session_id_length(session);
-+
-+ timeout += modssl_session_get_time(session);
-+
-+ rc = ssl_scache_store(s, id, idlen, timeout, session);
-+
-+ ssl_session_log(s, "SET", id, idlen,
-+ rc == TRUE ? "OK" : "BAD",
-+ "caching", timeout);
-+
-+ /*
-+ * return 0 which means to OpenSSL that the session is still
-+ * valid and was not freed by us with SSL_SESSION_free().
-+ */
-+ return 0;
-+}
-+
-+/*
-+ * This callback function is executed by OpenSSL whenever a
-+ * SSL_SESSION is looked up in the internal OpenSSL cache and it
-+ * was not found. We use this to lookup the SSL_SESSION in the
-+ * inter-process disk-cache where it was perhaps stored by one
-+ * of our other Apache pre-forked server processes.
-+ */
-+SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl,
-+ unsigned char *id,
-+ int idlen, int *do_copy)
-+{
-+ /* Get Apache context back through OpenSSL context */
-+ conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
-+ server_rec *s = conn->base_server;
-+ SSL_SESSION *session;
-+
-+ /*
-+ * Try to retrieve the SSL_SESSION from the inter-process cache
-+ */
-+ session = ssl_scache_retrieve(s, id, idlen);
-+
-+ ssl_session_log(s, "GET", id, idlen,
-+ session ? "FOUND" : "MISSED",
-+ session ? "reuse" : "renewal", 0);
-+
-+ /*
-+ * Return NULL or the retrieved SSL_SESSION. But indicate (by
-+ * setting do_copy to 0) that the reference count on the
-+ * SSL_SESSION should not be incremented by the SSL library,
-+ * because we will no longer hold a reference to it ourself.
-+ */
-+ *do_copy = 0;
-+
-+ return session;
-+}
-+
-+/*
-+ * This callback function is executed by OpenSSL whenever a
-+ * SSL_SESSION is removed from the the internal OpenSSL cache.
-+ * We use this to remove the SSL_SESSION in the inter-process
-+ * disk-cache, too.
-+ */
-+void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx,
-+ SSL_SESSION *session)
-+{
-+ server_rec *s;
-+ SSLSrvConfigRec *sc;
-+ unsigned char *id;
-+ unsigned int idlen;
-+
-+ /*
-+ * Get Apache context back through OpenSSL context
-+ */
-+ if (!(s = (server_rec *)SSL_CTX_get_app_data(ctx))) {
-+ return; /* on server shutdown Apache is already gone */
-+ }
-+
-+ sc = mySrvConfig(s);
-+
-+ /*
-+ * Remove the SSL_SESSION from the inter-process cache
-+ */
-+ id = SSL_SESSION_get_session_id(session);
-+ idlen = SSL_SESSION_get_session_id_length(session);
-+
-+ ssl_scache_remove(s, id, idlen);
-+
-+ ssl_session_log(s, "REM", id, idlen,
-+ "OK", "dead", 0);
-+
-+ return;
-+}
-+
-+/*
-+ * This callback function is executed while OpenSSL processes the
-+ * SSL handshake and does SSL record layer stuff. We use it to
-+ * trace OpenSSL's processing in out SSL logfile.
-+ */
-+void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE ssl, int where, int rc)
-+{
-+ conn_rec *c;
-+ server_rec *s;
-+ SSLSrvConfigRec *sc;
-+
-+ /*
-+ * find corresponding server
-+ */
-+ if (!(c = (conn_rec *)SSL_get_app_data((SSL *)ssl))) {
-+ return;
-+ }
-+
-+ s = c->base_server;
-+ if (!(sc = mySrvConfig(s))) {
-+ return;
-+ }
-+
-+ /*
-+ * create the various trace messages
-+ */
-+ if (s->loglevel >= APLOG_DEBUG) {
-+ if (where & SSL_CB_HANDSHAKE_START) {
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+ "%s: Handshake: start", SSL_LIBRARY_NAME);
-+ }
-+ else if (where & SSL_CB_HANDSHAKE_DONE) {
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+ "%s: Handshake: done", SSL_LIBRARY_NAME);
-+ }
-+ else if (where & SSL_CB_LOOP) {
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+ "%s: Loop: %s",
-+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-+ }
-+ else if (where & SSL_CB_READ) {
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+ "%s: Read: %s",
-+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-+ }
-+ else if (where & SSL_CB_WRITE) {
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+ "%s: Write: %s",
-+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-+ }
-+ else if (where & SSL_CB_ALERT) {
-+ char *str = (where & SSL_CB_READ) ? "read" : "write";
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+ "%s: Alert: %s:%s:%s\n",
-+ SSL_LIBRARY_NAME, str,
-+ SSL_alert_type_string_long(rc),
-+ SSL_alert_desc_string_long(rc));
-+ }
-+ else if (where & SSL_CB_EXIT) {
-+ if (rc == 0) {
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+ "%s: Exit: failed in %s",
-+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-+ }
-+ else if (rc < 0) {
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+ "%s: Exit: error in %s",
-+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-+ }
-+ }
-+ }
-+
-+ /*
-+ * Because SSL renegotations can happen at any time (not only after
-+ * SSL_accept()), the best way to log the current connection details is
-+ * right after a finished handshake.
-+ */
-+ if (where & SSL_CB_HANDSHAKE_DONE) {
-+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
-+ "Connection: Client IP: %s, Protocol: %s, "
-+ "Cipher: %s (%s/%s bits)",
-+ ssl_var_lookup(NULL, s, c, NULL, "REMOTE_ADDR"),
-+ ssl_var_lookup(NULL, s, c, NULL, "SSL_PROTOCOL"),
-+ ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"),
-+ ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"),
-+ ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE"));
-+ }
-+}
-+
diff --git a/net-www/apache/files/patches/2.0.49-r2/01_ssl_verify_client.patch b/net-www/apache/files/patches/2.0.49-r2/01_ssl_verify_client.patch
deleted file mode 100644
index cbab37aaa3cc..000000000000
--- a/net-www/apache/files/patches/2.0.49-r2/01_ssl_verify_client.patch
+++ /dev/null
@@ -1,244 +0,0 @@
-*** modules/ssl/mod_ssl.h.patched Thu Dec 18 13:11:48 2003
---- modules/ssl/mod_ssl.h Thu Dec 18 13:13:19 2003
-***************
-*** 709,714 ****
---- 709,715 ----
- void ssl_io_filter_init(conn_rec *, SSL *);
- void ssl_io_filter_register(apr_pool_t *);
- long ssl_io_data_cb(BIO *, int, MODSSL_BIO_CB_ARG_TYPE *, int, long, long);
-+ long ssl_io_suck(request_rec *);
-
- /* PRNG */
- int ssl_rand_seed(server_rec *, apr_pool_t *, ssl_rsctx_t, char *);
-*** modules/ssl/ssl_engine_kernel.c.patched Thu Dec 18 13:11:39 2003
---- modules/ssl/ssl_engine_kernel.c Thu Dec 18 13:15:04 2003
-***************
-*** 583,596 ****
- *
- * !! BUT ALL THIS IS STILL NOT RE-IMPLEMENTED FOR APACHE 2.0 !!
- */
-! if (renegotiate && !renegotiate_quick && (r->method_number == M_POST)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "SSL Re-negotiation in conjunction "
- "with POST method not supported!\n"
- "hint: try SSLOptions +OptRenegotiate");
-!
- return HTTP_METHOD_NOT_ALLOWED;
- }
-
- /*
- * now do the renegotiation if anything was actually reconfigured
---- 583,602 ----
- *
- * !! BUT ALL THIS IS STILL NOT RE-IMPLEMENTED FOR APACHE 2.0 !!
- */
-! if (renegotiate && !renegotiate_quick && (r->method_number == M_POST)) {
-! #ifdef SSL_CONSERVATIVE
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "SSL Re-negotiation in conjunction "
- "with POST method not supported!\n"
- "hint: try SSLOptions +OptRenegotiate");
-!
- return HTTP_METHOD_NOT_ALLOWED;
-+ #else
-+ if( ssl_io_suck(r) != OK) {
-+ return HTTP_METHOD_NOT_ALLOWED;
-+ }
- }
-+ #endif /* SSL_CONSERVATIVE */
-
- /*
- * now do the renegotiation if anything was actually reconfigured
-*** modules/ssl/ssl_engine_io.c.patched Thu Dec 18 13:12:02 2003
---- modules/ssl/ssl_engine_io.c Thu Dec 18 13:21:31 2003
-***************
-*** 897,902 ****
---- 897,987 ----
- }
-
- static const char ssl_io_filter[] = "SSL/TLS Filter";
-+ static const char ssl_buff_filter[] = "SSL/TLS Buffering Filter";
-+ /*
-+ * reads the buffered data during a POST request with renegotiation
-+ * will be registere at runtime.
-+ * NOTE: we try to buffer the complete body. Use the attribute 'LimitRequestBody'
-+ * preventing DOS attacks.
-+ */
-+ long ssl_io_suck(request_rec *r)
-+ {
-+ apr_bucket *bucket;
-+ apr_bucket_brigade *bb = apr_brigade_create(r->pool,r->connection->bucket_alloc);
-+
-+ int readed = 0;
-+ int len = 0;
-+ int toRead= 0;
-+ char *buffer = NULL;
-+ char *pos = NULL;
-+
-+ if(ap_setup_client_block(r,REQUEST_CHUNKED_DECHUNK) !=OK) {
-+ return HTTP_METHOD_NOT_ALLOWED;
-+ }
-+
-+ if(!ap_should_client_block(r)) {
-+ return OK;
-+ }
-+
-+ do {
-+ buffer = apr_pcalloc(r->pool,HUGE_STRING_LEN);
-+ toRead = HUGE_STRING_LEN;
-+
-+ /* check malloc */
-+ if(buffer == NULL) {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-+ "SSL Re-negotiation in conjunction "
-+ "with POST (buffering body failed)!\n");
-+ apr_brigade_destroy(bb);
-+ return HTTP_METHOD_NOT_ALLOWED;
-+ }
-+
-+ /* fill the bucket */
-+ pos = buffer;
-+ len = 0;
-+ do {
-+ readed = ap_get_client_block(r,pos,toRead);
-+
-+ if(readed <=0) {
-+ break;
-+ }
-+
-+ toRead -= readed;
-+
-+ /* sanity */
-+ if(toRead<0) {
-+ return HTTP_METHOD_NOT_ALLOWED;
-+ }
-+
-+ pos += readed;
-+ len += readed;
-+ }
-+ while(toRead>0);
-+
-+ /* check last read result */
-+ if(readed<0) {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-+ "SSL Re-negotiation in conjunction "
-+ "with POST (reading body failed)!\n");
-+ apr_brigade_destroy(bb);
-+ return HTTP_METHOD_NOT_ALLOWED;
-+ }
-+
-+ /* check if we have readed everything */
-+ if(len == 0) {
-+ break;
-+ }
-+ bucket = apr_bucket_pool_create(buffer,len,r->pool,r->connection->bucket_alloc);
-+
-+ APR_BRIGADE_INSERT_TAIL(bb, bucket);
-+ }
-+ while(1);
-+
-+ //add the ssl_buff_filter_input
-+ ap_add_input_filter(ssl_buff_filter, bb, r, r->connection);
-+
-+ return OK;
-+ }
-
- /*
- * Close the SSL part of the socket connection
-***************
-*** 1361,1366 ****
---- 1446,1529 ----
- return status;
- }
-
-+ static apr_status_t ssl_buff_filter_input(ap_filter_t *f,
-+ apr_bucket_brigade *bb,
-+ ap_input_mode_t mode,
-+ apr_read_type_e block,
-+ apr_off_t readbytes)
-+ {
-+ apr_bucket_brigade *aa = f->ctx;
-+ apr_status_t rv;
-+
-+ if(aa && !APR_BRIGADE_EMPTY(aa)) {
-+
-+ if(mode == AP_MODE_READBYTES) {
-+ apr_bucket *b;
-+ apr_off_t missing = readbytes;
-+ apr_size_t len;
-+ const char *tmp;
-+
-+ while (!APR_BRIGADE_EMPTY(aa)) {
-+ b = APR_BRIGADE_FIRST(aa);
-+
-+ rv = apr_bucket_read(b, &tmp, &len, APR_BLOCK_READ);
-+ if (rv != APR_SUCCESS) {
-+ return rv;
-+ }
-+
-+ /* consume whole bucket */
-+ if(missing >= len) {
-+ APR_BUCKET_REMOVE(b);
-+ APR_BRIGADE_INSERT_TAIL(bb,b);
-+ }
-+ /* comsume only a part */
-+ else{
-+ rv = apr_bucket_split(b, missing);
-+ if (rv != APR_SUCCESS) {
-+ return rv;
-+ }
-+
-+ APR_BUCKET_REMOVE(b);
-+ APR_BRIGADE_INSERT_TAIL(bb, b);
-+ break;
-+ }
-+
-+ missing -= len;
-+
-+ if (missing = 0) {
-+ break;
-+ }
-+
-+ if(missing<0) {
-+ return AP_FILTER_ERROR;
-+ }
-+ }
-+ return APR_SUCCESS;
-+ }
-+ else if (mode == AP_MODE_READBYTES) {
-+ apr_bucket_brigade *nb = apr_brigade_create(f->r->pool,f->c->bucket_alloc);
-+
-+ /* split */
-+ rv = apr_brigade_split_line(nb,aa,block,readbytes);
-+ if( rv != APR_SUCCESS) {
-+ return rv;
-+ }
-+
-+ /* concatinate */
-+ APR_BRIGADE_CONCAT(bb,aa);
-+
-+ /* remember the rest */
-+ f->ctx = nb;
-+
-+ return APR_SUCCESS;
-+ }
-+
-+ }
-+
-+
-+ return ap_pass_brigade(f->next, bb);
-+ }
-+
- static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c,
- SSL *ssl)
- {
-***************
-*** 1417,1422 ****
---- 1580,1586 ----
- {
- ap_register_input_filter (ssl_io_filter, ssl_io_filter_input, NULL, AP_FTYPE_CONNECTION + 5);
- ap_register_output_filter (ssl_io_filter, ssl_io_filter_output, NULL, AP_FTYPE_CONNECTION + 5);
-+ ap_register_input_filter (ssl_buff_filter, ssl_buff_filter_input, NULL, AP_FTYPE_PROTOCOL - 1);
- return;
- }
-
diff --git a/net-www/apache/files/patches/2.0.49-r2/03_redhat_xfsz.patch b/net-www/apache/files/patches/2.0.49-r2/03_redhat_xfsz.patch
deleted file mode 100644
index c6ee0f773b03..000000000000
--- a/net-www/apache/files/patches/2.0.49-r2/03_redhat_xfsz.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-
-Set SIGXFSZ to be ignored, so a write() beyond 2gb will fail with
-E2BIG rather than killing the process
-
---- ./server/mpm/prefork/prefork.c.xfsz Wed Jul 17 22:39:55 2002
-+++ ./server/mpm/prefork/prefork.c Mon Aug 26 15:40:24 2002
-@@ -461,7 +461,7 @@
- ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXCPU)");
- #endif
- #ifdef SIGXFSZ
-- sa.sa_handler = SIG_DFL;
-+ sa.sa_handler = SIG_IGN;
- if (sigaction(SIGXFSZ, &sa, NULL) < 0)
- ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXFSZ)");
- #endif
diff --git a/net-www/apache/files/patches/2.0.49-r2/04_ssl_makefile.patch b/net-www/apache/files/patches/2.0.49-r2/04_ssl_makefile.patch
deleted file mode 100644
index 3975a3677aa9..000000000000
--- a/net-www/apache/files/patches/2.0.49-r2/04_ssl_makefile.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- modules/ssl/Makefile.in.orig 2004-05-26 10:50:53.152391390 +0100
-+++ modules/ssl/Makefile.in 2004-05-26 10:51:31.164735393 +0100
-@@ -57,10 +57,6 @@
- # (we really don't expect end users to use these targets!)
- #
-
--ssl_expr_scan.c: $(top_srcdir)/modules/ssl/ssl_expr_scan.l ssl_expr_parse.h
-- flex -Pssl_expr_yy -s -B $(top_srcdir)/modules/ssl/ssl_expr_scan.l
-- sed -e '/$$Header:/d' <lex.ssl_expr_yy.c >ssl_expr_scan.c && rm -f lex.ssl_expr_yy.c
--
- ssl_expr_parse.c ssl_expr_parse.h: $(top_srcdir)/modules/ssl/ssl_expr_parse.y
- yacc -d $(top_srcdir)/modules/ssl/ssl_expr_parse.y
- sed -e 's;yy;ssl_expr_yy;g' \
diff --git a/net-www/apache/files/patches/2.0.49-r2/Readme.PATCHES b/net-www/apache/files/patches/2.0.49-r2/Readme.PATCHES
deleted file mode 100644
index f0b89b6c5697..000000000000
--- a/net-www/apache/files/patches/2.0.49-r2/Readme.PATCHES
+++ /dev/null
@@ -1,16 +0,0 @@
-00_gentoo_base.patch - Our base patch.
-
-01_gentoo_cvs_sync.patch - Features extracted from apache cvs. Ability for 2 GB
- log files.
-
-01_gentoo_cgi.patch - CGI DoS bug.
-
-01_gentoo_ipv6.patch - Fix for weird ipv6 error message.
-
-01_apache_ldap_fixes.patch - Upstream apache patches.
-
-01_ssl_verity_client.patch - Fix for SSLVerifyClient - PR 12355
-
-03_redhat_xfs.patch - Set SIGXFSZ to be ignored, so a write() beyond 2gb will fa il with E2BIG rather than killing the process
-
-04_ssl_makefile.patch - Fix for broken lex file in mod_ssl