httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stri...@apache.org
Subject cvs commit: httpd-dist/binaries/win32 HEADER.html README.html
Date Tue, 24 Sep 2002 22:32:49 GMT
striker     2002/09/24 15:32:49

  Modified:    .        .htaccess Announcement2.html Announcement2.txt
                        HEADER.html README.html
               binaries/win32 HEADER.html README.html
  Log:
  Prepare for announcement of 2.0.42
  
  Revision  Changes    Path
  1.80      +2 -2      httpd-dist/.htaccess
  
  Index: .htaccess
  ===================================================================
  RCS file: /home/cvs/httpd-dist/.htaccess,v
  retrieving revision 1.79
  retrieving revision 1.80
  diff -u -r1.79 -r1.80
  --- .htaccess	16 Aug 2002 03:37:05 -0000	1.79
  +++ .htaccess	24 Sep 2002 22:32:49 -0000	1.80
  @@ -25,8 +25,8 @@
   AddDescription "1.3.24 compressed source" apache_1.3.24.tar.Z
   AddDescription "1.3.24 gzipped source" apache_1.3.24.tar.gz
   AddDescription "1.3.24 pkzipped source" apache_1.3.24.zip
  -AddDescription "2.0.40 compressed source" httpd-2.0.40.tar.Z
  -AddDescription "2.0.40 gzipped source" httpd-2.0.40.tar.gz
  +AddDescription "2.0.42 compressed source" httpd-2.0.42.tar.Z
  +AddDescription "2.0.42 gzipped source" httpd-2.0.42.tar.gz
   AddDescription "Source code for Win32 compilers" *-win32-src.zip
   AddDescription "Flood 0.4 source" flood-0.4.tar.gz
   AddDescription "Installer Package" *.exe
  
  
  
  1.24      +160 -198  httpd-dist/Announcement2.html
  
  Index: Announcement2.html
  ===================================================================
  RCS file: /home/cvs/httpd-dist/Announcement2.html,v
  retrieving revision 1.23
  retrieving revision 1.24
  diff -u -r1.23 -r1.24
  --- Announcement2.html	9 Aug 2002 20:04:28 -0000	1.23
  +++ Announcement2.html	24 Sep 2002 22:32:49 -0000	1.24
  @@ -14,234 +14,196 @@
   >
   <IMG SRC="../../images/apache_sub.gif" ALT="">
   
  -<H2 ALIGN="CENTER">Apache 2.0.40 Released</H2>
  +<H2 ALIGN="CENTER">Apache 2.0.42 Released</H2>
   
  -<p>The Apache HTTP Server Project is proud to announce the fourth public
  -release of Apache 2.0.  Apache 2.0 has been running on the apache.org
  -website since December of 2000 and has proven to be very reliable.</p>
  -
  -<p>This version of Apache is principally a security and bug fix release.
  -A summary of the changes is given at the end of this document.  Of
  -particular note is that 2.0.40 fixes the serious vulnerability noted in
  -<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0661">
  -CAN-2002-0661</a> and the pair of path exposures in
  -<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0654">
  -CAN-2002-0654</a> (mitre.org).
  -We would like to thank Auriemma Luigi &lt;bugtest@sitoverde.com&gt; for
  -discovering and reporting the vulnerability and one of the path exposures
  -and Jim Race &lt;jrace@qualys.com&gt; for reporting the other path exposure.</p>
  +<p>The Apache HTTP Server Project is proud to announce the fifth public
  +release of Apache 2.0.  This is primarily a bug-fix release, including
  +updates to the experimental caching module, the removal of several
  +memory leaks, and fixes for several segfaults, one of which could have
  +been used as a denial-of-service against mod_dav.  A complete list of
  +the changes since 2.0.40 is given at the end of this document.</p>
   
  -<p>Apache 2.0 offers numerous enhancements, improvements and performance
  -boosts over the 1.3 codebase. The most visible and noteworthy addition
  +
  +<p>Apache 2.0 offers numerous enhancements, improvements, and performance
  +boosts over the 1.3 codebase.  The most visible and noteworthy addition
   is the ability to run Apache in a hybrid thread/process mode on any
  -platform that supports both threads and processes.  This has shown to
  -improve the scalability of the Apache HTTP Server significantly in
  +platform that supports both threads and processes.  This has been shown
  +to improve the scalability of the Apache HTTP Server significantly in
   our testing.  Apache 2.0 also includes support for filtered I/O.  This
   allows modules to modify the output of other modules before it is
   sent to the client.  We have also included support for IPv6 on any
   platform that supports IPv6.</p>
   
   <p>This version of Apache is known to work on many versions of Unix, BeOS,
  -OS/2, Windows, and Netware.  Because of many of the advancements in
  -Apache 2.0, the initial release of Apache is expected to perform equally
  -well on all supported platforms.</p>
  -
  -<p>There are new snapshots of the Apache httpd source available every 6
  -hours from http://cvs.apache.org/snapshots/ - please download and test
  -if you feel brave. We don't guarantee anything except that it will
  -take up disk space, but if you have the time and skills, please
  -give it a spin on your platforms.</p>
  +OS/2, Windows, and Netware.  Because of the many advances in Apache
  +2.0, it is expected to perform equally well on all supported platforms.
  +Apache 2.0 has been running on the apache.org website since December
  +of 2000 and has proven to be very reliable.</p>
   
   <p>Apache has been the most popular web server on the Internet since
  -April of 1996. The July 2002 Web Server Survey by Netcraft (see
  +April of 1996. The August 2002 Web Server Survey by Netcraft (see
   http://www.netcraft.com/survey/) found that more web servers were
  -using Apache than any other software; Apache runs on more than 57%
  +using Apache than any other software; Apache runs on more than 63%
   of the web servers on the Internet.</p>
   
  +
  +<p>We consider this release to be the best version of Apache available
  +and encourage users of all prior versions to upgrade.  When doing so,
  +please keep in mind the following:</p>
  +
  +<p>This release is not binary-compatible with previous releases, so all
  +modules need to be recompiled in order to work with this version.  For
  +example, a module compiled to work with 2.0.40 will not work with 2.0.42.</p>
  +
  +<p>If you intend to use Apache with one of the threaded MPMs, you must
  +ensure that the modules (and the libraries they depend on) that you
  +will be using are thread-safe.  Please contact the vendors of
  +these modules to obtain this information.</p>
  +
  +
   <p>For more information and to download the release tarballs, please
  -visit http://httpd.apache.org/</p>
  +visit <a href="http://httpd.apache.org/">http://httpd.apache.org/</a></p>
   
   
  -<h3>Changes since 2.0.39</h3>
  +<h3>Changes since 2.0.40</h3>
   
   <pre>
  +Changes with Apache 2.0.42
  +
  +  *) mod_dav: Check for versioning hooks before using them.
  +     [Greg Stein]
   
  -  *) SECURITY: [CAN-2002-0661] Close a very significant security hole that
  -     applies only to the Win32, OS2 and Netware platforms.  Unix was not
  -     affected, Cygwin may be affected.  Certain URIs will bypass security
  -     and allow users to invoke or access any file depending on the system
  -     configuration.  Without upgrading, a single .conf change will close
  -     the vulnerability.  Add the following directive in the global server
  -     httpd.conf context before any other Alias or Redirect directives:
  -         RedirectMatch 400 "\\\.\."
  -     Reported by Auriemma Luigi &lt;bugtest@sitoverde.com&gt;.
  -     [Brad Nicholes]
  -
  -  *) SECURITY:  Close a path-revealing exposure in multiview type
  -     map negotiation (such as the default error documents) where the
  -     module would report the full path of the typemapped .var file when
  -     multiple documents or no documents could be served based on the mime
  -     negotiation.  Reported by Auriemma Luigi &lt;bugtest@sitoverde.com&gt;.
  -     [CAN-2002-0654]  [William Rowe]
  -
  -  *) SECURITY:  Close a path-revealing exposure in cgi/cgid when we
  -     fail to invoke a script.  The modules would report "couldn't create
  -     child process /path-to-script/script.pl" revealing the full path
  -     of the script.  Reported by Jim Race &lt;jrace@qualys.com&gt;.
  -     [CAN-2002-0654]  [Bill Stoddard]
  -
  -  *) Set aside the apr-iconv and apr_xlate() features for the Win32
  -     build of 2.0.40 so development can be completed.  A patch, from
  -     &lt;http://www.apache.org/dist/httpd/patches/apply_to_2.0.40/&gt;
  -     will be available for those that wish to work with apr-iconv.
  -     [William Rowe]
  -
  -  *) Fix proxy so that it is possible to access ftp: URLs via a proxy
  -     chain. [Peter Van Biesen &lt;peter.vanbiesen@vlafo.be&gt;]
  -
  -  *) mod-deflate now checks to make sure that 'gzip-only-text/html' is
  -     set to 1, so we can exclude things from the general case with
  -     browsermatch. [Ian Holsman, Andre Schild &lt;A.Schild@aarboard.ch&gt;]
  -
  -  *) Accept multiple leading /'s for requests within the DocumentRoot.
  -     PR 10946  [William Rowe, David Shane Holden &lt;dpejesh@yahoo.com&gt;]
  -
  -  *) Solved the reports of .pdf byterange failures on Win32 alone.
  -     APR's sendfile for the win32 platform collapses header and trailer
  -     buffers into a single buffer.  However, we destroyed the pointers
  -     to the header buffer if a trailer buffer was present.  PR 10781
  -     [William Rowe]
  -
  -  *) mod_ext_filter: Add the ability to enable or disable a filter via
  -     an environment variable.  Add the ability to register a filter of
  -     type other than AP_FTYPE_RESOURCE.  [Jeff Trawick]
  -
  -  *) Restore the ability to specify host names on Listen directives.
  -     PR 11030.  [Jeff Trawick, David Shane Holden &lt;dpejesh@yahoo.com&gt;]
  -
  -  *) When deciding on the default address family for listening sockets,
  -     make sure we can actually bind to an AF_INET6 socket before
  -     deciding that we should default to AF_INET6.  This fixes a startup
  -     problem on certain levels of OpenUNIX.  PR 10235.  [Jeff Trawick]
  -
  -  *) Replace usage of atol() to parse strings when we might want a
  -     larger-than-long value with apr_atoll(), which returns long long.
  -     This allows HTTPD to deal with larger files correctly.
  -     [Shantonu Sen &lt;ssen@apple.com&gt;]
  -
  -  *) mod_ext_filter: Ignore any content-type parameters when checking if
  -     the response should be filtered.  Previously, "intype=text/html"
  -     wouldn't match something like "text/html;charset=8859_1".
  -     [Jeff Trawick]
  -
  -  *) mod_ext_filter: Set up environment variables for external programs.
  -     [Craig Sebenik &lt;craig@netapp.com&gt;]
  -
  -  *) Modified the HTTP_IN filter to immediately append the EOS (end of
  -     stream) bucket for C-L POST bodies, saving a roundtrip and allowing
  -     the caller to determine that no content remains without prefetching
  -     additional POST body.  [William Rowe]
  -
  -  *) Get proxy ftp to work over IPv6.  [Shoichi Sakane &lt;sakane@kame.net&gt;]
  -
  -  *) Look for OpenSSL libraries in /usr/lib64.  [Peter Poeml &lt;poeml@suse.de&gt;]
  -
  -  *) Update SuSE layout.  [Peter Poeml &lt;poeml@suse.de&gt;]
  -
  -  *) Changes to the internationalized error documents:
  -     Comment them out in the default config file to make the default
  -     install as simple as possible; Correct the english 500 error to
  -     be more understandable; Add a Swedish translation.
  -     [Thomas Sjogren &lt;thomas@northernsecurity.net&gt;,
  -      Erik Abele &lt;erik@codefaktor.de&gt;, Rich Bowen, Joshua Slive]
  -
  -  *) Increase the limit on file descriptors per process in apachectl.
  -     [Brian Pane]
  -
  -  *) Fix a dependency error when building ApacheMonitor, so that Win32
  -     and MSVC now trust that the project is current (when it is).
  -     [James Cox &lt;imajes@php.net&gt;]
  -
  -  *) mod_ext_filter: don't segfault if content-type is not set.  PR 10617.
  -     [Arthur P. Smith &lt;apsmith@aps.org&gt;, Jeff Trawick]
  -
  -  *) APR-Util Renames pending have been completed [Thom May]
  -
  -  *) Performance improvements for the code that reads request
  -     headers (ap_rgetline_core() and related functions)  [Brian Pane]
  -
  -  *) Add a new directive: MaxMemFree.  MaxMemFree makes it possible
  -     to configure the maximum amount of memory the allocators will
  -     hold on to for reuse.  Anything over the MaxMemFree threshold
  -     will be free()d.  This directive is useful when uncommon large
  -     peaks occur in memory usage.  It should _not_ be used to mask
  -     defective modules' memory use.  [Sander Striker]
  -
  -  *) Fixed the Content-Length filter so that HTTP/1.0 requests to CGI
  -     scripts would not result in a truncated response.
  -     [Ryan Bloom, Justin Erenkrantz, Cliff Woolley]
  -
  -  *) Add a filter_init parameter to the filter registration functions
  -     so that a filter can execute arbitrary code before the handlers
  -     are invoked.  This resolves a problem where mod_include requests
  -     would incorrectly return a 304.  [Justin Erenkrantz]
  -
  -  *) Fix a long-standing bug in 2.0, CGI scripts were being called
  -     with relative paths instead of absolute paths.  Apache 1.3 used
  -     absolute paths for everything except for SuExec, this brings back
  -     that standard.  [Ryan Bloom]
  +Changes with Apache 2.0.41
   
  -  *) Fix infinite loop due to two HTTP_IN filters being present for
  -     internally redirected requests.  PR 10146.  [Justin Erenkrantz]
  +  *) The protocol version (eg: HTTP/1.1) in the request line parsing
  +     is now case insensitive. [Jim Jagielski]
   
  -  *) Switch conn_rec-&gt;keepalive to an enumeration rather than a bitfield.
  +  *) Allow AddOutputFilterByType to add multiple filters per directive.
        [Justin Erenkrantz]
   
  -  *) Fix mod_ext_filter to look in the main server for filter definitions
  -     when running in a vhost if the filter definition is not found in
  -     the vhost.  PR 10147  [Jeff Trawick]
  -
  -  *) Support WinNT CGI invocation through ScriptInterpreterSource
  -     'registry' for script interpreter paths and names with non-ascii
  -     characters in the executable filepath.  [William Rowe]
  -
  -  *) Support the -w flag on to keep the Win32 console open on error.
  -     [William Rowe]
  -
  -  *) Normalize the hostname value in the request_rec to all-lowercase
  -     [Perry Harrington &lt;pedward@webcom.com&gt;]
  -
  -  *) Fix WinNT cgi 500 errors when QUERY_ARGS or other strings include
  -     extended characters (non US-ASCII) in non-utf8 format.  This brings
  -     Win32 back into CGI/1.1 compliance, and leaves charset decoding up
  -     to the cgi application itself.  [William Rowe]
  -
  -  *) Major overhaul of mod_dav, mod_dav_fs and the experimental/cache
  -     modules to bring them up to the current apr/apr-util APIs.
  -     [William Rowe]
  +  *) Remove warnings with Sun's Forte compiler.  [Justin Erenkrantz]
  +
  +  *) Fixed mod_disk_cache's generation of 304s
  +     [Kris Verbeeck <Kris.Verbeeck@ubizen.com>]
  +
  +  *) Add support for using fnmatch patterns in the final path
  +     segment of an Include statement (eg.. include /foo/bar/*.conf).
  +     and remove the noise on stderr during config dir processing.
  +     [Joe Orton <jorton@redhat.com>]
  +
  +  *) mod_cache: cache_storage.c. Add the hostname and any request
  +     args to the key generated for caching. This provides a unique
  +     key for each virtual host and for each request with unique
  +     args. [Paul J. Reder, args code provided by Kris Verbeeck]
  +
  +  *) mod_cache: Do not cache responses to GET requests with query
  +     URLs if the origin server does not explicitly provide an
  +     Expires header on the response (RFC 2616 Section 13.9)
  +     [Kris Verbeeck krisv@be.ubizen.com]
  +
  +  *) Fix memory leak in core_output_filter.  [Justin Erenkrantz]
  +
  +  *) Update OpenSSL detection to work on Darwin.
  +     [Sander Temme <sctemme@covalent.net>]
  +
  +  *) Update the xslt and css to give the documentation a more
  +     modern style.
  +     [André Malo <nd@perlig.de>, Gernot Winkler <greh@o3media.de>]
  +
  +  *) Fix some bucket memory leaks in the chunking code
  +     [Joe Schaefer <joe+apache@sunstarsys.com>]
  +
  +  *) Add ModMimeUsePathInfo directive.  [Justin Erenkrantz]
  +
  +  *) mod_cache: added support for caching streamed responses (proxy,
  +     CGI, etc) with optional CacheMaxStreamingBuffer setting [Brian Pane]
  +
  +  *) Add image/x-icon to httpd.conf PR 10993.
  +     [Ian Holsman, Peter Bieringer <pb@bieringer.de>]
  +
  +  *) Fix FileETags none operation.  PR 12207.
  +     [Justin Erenkrantz, Andrew Ho <andrew@tellme.com>]
  +
  +  *) Restored the experimental leader/followers MPM to working
  +     condition and converted its thread synchronization from
  +     mutexes to atomic CAS.  [Brian Pane]
   
  -  *) Fix segfault in mod_mem_cache most frequently observed when
  -     serving the same file to multiple clients on an MP machine.
  +  *) Fix Logic on non-html file removal in mod_deflate
  +     [Kris Verbeeck <Kris.Verbeeck@ubizen.com>]
  +
  +  *) Fix "ab -g"'s truncated year: the last digit was cut off.
  +     [Leon Brocard <acme@astray.com>]
  +
  +  *) mod_rewrite can now sets cookies in err_headers, uses the correct
  +     expiry date, and can now set the path as well
  +     PR 12132,12181,12172.
  +     [Ian Holsman / Rob Cromwell <apachechangelog@robcromwell.com>]
  +
  +  *) The content-length filter no longer tries to buffer up
  +     the entire output of a long-running request before sending
  +     anything to the client.  [Brian Pane]
  +
  +  *) Win32: Lower the default stack size from 1MB to 256K. This will
  +     allow around 8000 threads to be started per child process.
  +     'EDITBIN /STACK:size apache.exe' can be used to change this
  +     value directly in the apache.exe executable.
        [Bill Stoddard]
   
  -  *) mod_rewrite can now set cookies  (RewriteRule (.*) - [CO=name:$1:.domain])
  -     [Brian Degenhardt &lt;bmd@mp3.com&gt;, Ian Holsman]
  +  *) Win32: Implement ThreadLimit directive in the Windows MPM.
  +     [Bill Stoddard]
   
  -  *) Fix perchild to work with apachectl by adding -k support to perchild.
  -     PR 10074  [Jeff Trawick]
  +  *) Remove CacheOn config directive since it is set but never checked.
  +     No sense wasting cycles on unused code. Besides, the only truly
  +     bug free code is deleted code. :)   [Paul J. Reder]
   
  -  *) Fix a silly htpasswd.c logic error that incorrectly reported that
  -     both -c and -n had been used.  PR 9989  [Cliff Woolley]
  +  *) BufferLogs are now run-time enabled, and the log_config now has 2 new
  +     callbacks to allow a 3rd party module to actually do the writing of the
  +     log file [Ian Holsman]
   
  -  *) Fixed a mod_include error case in which no HTTP response was sent
  -     to the client if an shtml document contained an unterminated SSI
  -     directive [Brian Pane]
  +  *) Correct ISAPIReadAheadBuffer to default to 49152, per mod_isapi docs.
  +     [André Malo, Astrid Keßler <kess@kess-net.de>]
   
  -  *) Improve ap_get_client_block implementation by using APR-util brigade
  -     helper functions and relying on current filter assumptions.
  -     [Justin Erenkrantz]
  +  *) Fix Segfault in mod_cache. [Kris Verbeeck <Kris.Verbeeck@ubizen.com>]
   
  -</pre>
  +  *) Fix a null pointer dereference in the merge_env_dir_configs
  +     function of the mod_env module. PR 11791
  +     [Paul J. Reder]
  +
  +  *) New option to ServerTokens 'maj[or]'. Only show the major version
  +     Also Surfaced this directive in the standard config (default FULL)
  +     [Ian Holsman]
  +
  +  *) Change mod_rewrite to use apr-util's dbm support for dbm rewrite
  +     maps.  The dbm type (e.g., ndbm, gdbm) can be specified on the
  +     RewriteMap directive.  PR 10644  [Jeff Trawick]
   
  -</BODY>
  -</HTML>
  +  *) Fixed mod_rewrite's RewriteMap prg: support so that request/response
  +     pairs will no longer get out of sync with each other.  PR 9534
  +     [Cliff Woolley]
  +
  +  *) Fixes required to get quoted and escaped command args working in
  +     mod_ext_filter. PR 11793 [Paul J. Reder]
  +
  +  *) mod-proxy: handle proxied responses with no status lines
  +     [JD Silvester <jsilves@uwo.ca>, Brett Huttley <brett@huttley.net>]
  +
  +  *) Fix bug where environment or command line arguments containing 
  +     non-ASCII-7 characters would cause the Win32 child process creation
  +     to fail.  PR 11854  [William Rowe]
  +
  +  *) Bug #11213.. make module loading error messages more informative 
  +     [Ian Darwin <Ian779@darwinsys.com>]
  +
  +  *) thread safety & proxy-ftp [Alexey Panchenko alexey@liwest.ru, Ian Holsman]
  +
  +  *) mod_disk_cache works much better. This module should still
  +     be considered experimental. [Eric Prud'hommeaux]
  +
  +  *) Performance improvement for keepalive requests: when setting
  +     aside a small file for potential concatenation with the next
  +     response on the connection, set aside the file descriptor rather
  +     than copying the file into the heap.  [Brian Pane]
  +
  +</pre>
  +</body>
  +</html>
  
  
  
  1.20      +158 -192  httpd-dist/Announcement2.txt
  
  Index: Announcement2.txt
  ===================================================================
  RCS file: /home/cvs/httpd-dist/Announcement2.txt,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -r1.19 -r1.20
  --- Announcement2.txt	9 Aug 2002 19:17:53 -0000	1.19
  +++ Announcement2.txt	24 Sep 2002 22:32:49 -0000	1.20
  @@ -1,224 +1,190 @@
  +         Apache 2.0.42 Released
  +--------------------------------------------
   
  -Apache 2.0.40 Released
  ----------------------------------------------
  +The Apache HTTP Server Project is proud to announce the fifth public
  +release of Apache 2.0.  This is primarily a bug-fix release, including
  +updates to the experimental caching module, the removal of several
  +memory leaks, and fixes for several segfaults, one of which could have
  +been used as a denial-of-service against mod_dav.  A complete list of
  +the changes since 2.0.40 is given at the end of this document.
   
  -The Apache HTTP Server Project is proud to announce the fourth public
  -release of Apache 2.0.  Apache 2.0 has been running on the apache.org
  -website since December of 2000 and has proven to be very reliable.
  -
  -This version of Apache is principally a security and bug fix release.
  -A summary of the changes is given at the end of this document.  Of
  -particular note is that 2.0.40 fixes the serious vulnerability noted in
  -CAN-2002-0661 and the pair of path exposures in CAN-2002-0654 (mitre.org).
  -We would like to thank Auriemma Luigi <bugtest@sitoverde.com> for
  -discovering and reporting the vulnerability and one of the path exposures
  -and Jim Race <jrace@qualys.com> for reporting the other path exposure.
   
  -Apache 2.0 offers numerous enhancements, improvements and performance
  -boosts over the 1.3 codebase. The most visible and noteworthy addition
  +Apache 2.0 offers numerous enhancements, improvements, and performance
  +boosts over the 1.3 codebase.  The most visible and noteworthy addition
   is the ability to run Apache in a hybrid thread/process mode on any
  -platform that supports both threads and processes.  This has shown to
  -improve the scalability of the Apache HTTP Server significantly in
  +platform that supports both threads and processes.  This has been shown
  +to improve the scalability of the Apache HTTP Server significantly in
   our testing.  Apache 2.0 also includes support for filtered I/O.  This
   allows modules to modify the output of other modules before it is
   sent to the client.  We have also included support for IPv6 on any
   platform that supports IPv6.
   
   This version of Apache is known to work on many versions of Unix, BeOS,
  -OS/2, Windows, and Netware.  Because of many of the advancements in
  -Apache 2.0, the initial release of Apache is expected to perform equally
  -well on all supported platforms.
  -
  -There are new snapshots of the Apache httpd source available every 6
  -hours from http://cvs.apache.org/snapshots/ - please download and test
  -if you feel brave. We don't guarantee anything except that it will
  -take up disk space, but if you have the time and skills, please
  -give it a spin on your platforms.
  +OS/2, Windows, and Netware.  Because of the many advances in Apache
  +2.0, it is expected to perform equally well on all supported platforms.
  +Apache 2.0 has been running on the apache.org website since December
  +of 2000 and has proven to be very reliable.
   
   Apache has been the most popular web server on the Internet since
  -April of 1996. The July 2002 Web Server Survey by Netcraft (see
  +April of 1996. The August 2002 Web Server Survey by Netcraft (see
   http://www.netcraft.com/survey/) found that more web servers were
  -using Apache than any other software; Apache runs on more than 57%
  +using Apache than any other software; Apache runs on more than 63%
   of the web servers on the Internet.
   
  +
  +We consider this release to be the best version of Apache available
  +and encourage users of all prior versions to upgrade.  When doing so,
  +please keep in mind the following:
  +
  +This release is not binary-compatible with previous releases, so all
  +modules need to be recompiled in order to work with this version.  For
  +example, a module compiled to work with 2.0.40 will not work with 2.0.42.
  +
  +If you intend to use Apache with one of the threaded MPMs, you must
  +ensure that the modules (and the libraries they depend on) that you
  +will be using are thread-safe.  Please contact the vendors of
  +these modules to obtain this information.
  +
  +
   For more information and to download the release tarballs, please
   visit http://httpd.apache.org/
   
   
  -Changes since 2.0.39
  +Changes since 2.0.40
   ---------------------------------------------
   
  -  *) SECURITY: [CAN-2002-0661] Close a very significant security hole that
  -     applies only to the Win32, OS2 and Netware platforms.  Unix was not
  -     affected, Cygwin may be affected.  Certain URIs will bypass security
  -     and allow users to invoke or access any file depending on the system
  -     configuration.  Without upgrading, a single .conf change will close
  -     the vulnerability.  Add the following directive in the global server
  -     httpd.conf context before any other Alias or Redirect directives:
  -         RedirectMatch 400 "\\\.\."
  -     Reported by Auriemma Luigi <bugtest@sitoverde.com>.
  -     [Brad Nicholes]
  -
  -  *) SECURITY:  Close a path-revealing exposure in multiview type
  -     map negotiation (such as the default error documents) where the
  -     module would report the full path of the typemapped .var file when
  -     multiple documents or no documents could be served based on the mime
  -     negotiation.  Reported by Auriemma Luigi <bugtest@sitoverde.com>.
  -     [CAN-2002-0654]  [William Rowe]
  -
  -  *) SECURITY:  Close a path-revealing exposure in cgi/cgid when we
  -     fail to invoke a script.  The modules would report "couldn't create
  -     child process /path-to-script/script.pl" revealing the full path
  -     of the script.  Reported by Jim Race <jrace@qualys.com>.
  -     [CAN-2002-0654]  [Bill Stoddard]
  -
  -  *) Set aside the apr-iconv and apr_xlate() features for the Win32
  -     build of 2.0.40 so development can be completed.  A patch, from
  -     <http://www.apache.org/dist/httpd/patches/apply_to_2.0.40/>
  -     will be available for those that wish to work with apr-iconv.
  -     [William Rowe]
  -
  -  *) Fix proxy so that it is possible to access ftp: URLs via a proxy
  -     chain. [Peter Van Biesen <peter.vanbiesen@vlafo.be>]
  -
  -  *) mod-deflate now checks to make sure that 'gzip-only-text/html' is
  -     set to 1, so we can exclude things from the general case with
  -     browsermatch. [Ian Holsman, Andre Schild <A.Schild@aarboard.ch>]
  -
  -  *) Accept multiple leading /'s for requests within the DocumentRoot.
  -     PR 10946  [William Rowe, David Shane Holden <dpejesh@yahoo.com>]
  -
  -  *) Solved the reports of .pdf byterange failures on Win32 alone.
  -     APR's sendfile for the win32 platform collapses header and trailer
  -     buffers into a single buffer.  However, we destroyed the pointers
  -     to the header buffer if a trailer buffer was present.  PR 10781
  -     [William Rowe]
  -
  -  *) mod_ext_filter: Add the ability to enable or disable a filter via
  -     an environment variable.  Add the ability to register a filter of
  -     type other than AP_FTYPE_RESOURCE.  [Jeff Trawick]
  -
  -  *) Restore the ability to specify host names on Listen directives.
  -     PR 11030.  [Jeff Trawick, David Shane Holden <dpejesh@yahoo.com>]
  -
  -  *) When deciding on the default address family for listening sockets,
  -     make sure we can actually bind to an AF_INET6 socket before
  -     deciding that we should default to AF_INET6.  This fixes a startup
  -     problem on certain levels of OpenUNIX.  PR 10235.  [Jeff Trawick]
  -
  -  *) Replace usage of atol() to parse strings when we might want a
  -     larger-than-long value with apr_atoll(), which returns long long.
  -     This allows HTTPD to deal with larger files correctly.
  -     [Shantonu Sen <ssen@apple.com>]
  -
  -  *) mod_ext_filter: Ignore any content-type parameters when checking if
  -     the response should be filtered.  Previously, "intype=text/html"
  -     wouldn't match something like "text/html;charset=8859_1".
  -     [Jeff Trawick]
  -
  -  *) mod_ext_filter: Set up environment variables for external programs.
  -     [Craig Sebenik <craig@netapp.com>]
  -
  -  *) Modified the HTTP_IN filter to immediately append the EOS (end of
  -     stream) bucket for C-L POST bodies, saving a roundtrip and allowing
  -     the caller to determine that no content remains without prefetching
  -     additional POST body.  [William Rowe]
  -
  -  *) Get proxy ftp to work over IPv6.  [Shoichi Sakane <sakane@kame.net>]
  -
  -  *) Look for OpenSSL libraries in /usr/lib64.  [Peter Poeml <poeml@suse.de>]
  -
  -  *) Update SuSE layout.  [Peter Poeml <poeml@suse.de>]
  -
  -  *) Changes to the internationalized error documents:
  -     Comment them out in the default config file to make the default
  -     install as simple as possible; Correct the english 500 error to
  -     be more understandable; Add a Swedish translation.
  -     [Thomas Sjogren <thomas@northernsecurity.net>,
  -      Erik Abele <erik@codefaktor.de>, Rich Bowen, Joshua Slive]
  -
  -  *) Increase the limit on file descriptors per process in apachectl.
  -     [Brian Pane]
  -
  -  *) Fix a dependency error when building ApacheMonitor, so that Win32
  -     and MSVC now trust that the project is current (when it is).
  -     [James Cox <imajes@php.net>]
  -
  -  *) mod_ext_filter: don't segfault if content-type is not set.  PR 10617.
  -     [Arthur P. Smith <apsmith@aps.org>, Jeff Trawick]
  -
  -  *) APR-Util Renames pending have been completed [Thom May]
  -
  -  *) Performance improvements for the code that reads request
  -     headers (ap_rgetline_core() and related functions)  [Brian Pane]
  -
  -  *) Add a new directive: MaxMemFree.  MaxMemFree makes it possible
  -     to configure the maximum amount of memory the allocators will
  -     hold on to for reuse.  Anything over the MaxMemFree threshold
  -     will be free()d.  This directive is useful when uncommon large
  -     peaks occur in memory usage.  It should _not_ be used to mask
  -     defective modules' memory use.  [Sander Striker]
  -
  -  *) Fixed the Content-Length filter so that HTTP/1.0 requests to CGI
  -     scripts would not result in a truncated response.
  -     [Ryan Bloom, Justin Erenkrantz, Cliff Woolley]
  -
  -  *) Add a filter_init parameter to the filter registration functions
  -     so that a filter can execute arbitrary code before the handlers
  -     are invoked.  This resolves a problem where mod_include requests
  -     would incorrectly return a 304.  [Justin Erenkrantz]
  -
  -  *) Fix a long-standing bug in 2.0, CGI scripts were being called
  -     with relative paths instead of absolute paths.  Apache 1.3 used
  -     absolute paths for everything except for SuExec, this brings back
  -     that standard.  [Ryan Bloom]
  +Changes with Apache 2.0.42
  +
  +  *) mod_dav: Check for versioning hooks before using them.
  +     [Greg Stein]
   
  -  *) Fix infinite loop due to two HTTP_IN filters being present for
  -     internally redirected requests.  PR 10146.  [Justin Erenkrantz]
  +Changes with Apache 2.0.41
   
  -  *) Switch conn_rec->keepalive to an enumeration rather than a bitfield.
  +  *) The protocol version (eg: HTTP/1.1) in the request line parsing
  +     is now case insensitive. [Jim Jagielski]
  +
  +  *) Allow AddOutputFilterByType to add multiple filters per directive.
        [Justin Erenkrantz]
   
  -  *) Fix mod_ext_filter to look in the main server for filter definitions
  -     when running in a vhost if the filter definition is not found in
  -     the vhost.  PR 10147  [Jeff Trawick]
  -
  -  *) Support WinNT CGI invocation through ScriptInterpreterSource
  -     'registry' for script interpreter paths and names with non-ascii
  -     characters in the executable filepath.  [William Rowe]
  -
  -  *) Support the -w flag on to keep the Win32 console open on error.
  -     [William Rowe]
  -
  -  *) Normalize the hostname value in the request_rec to all-lowercase
  -     [Perry Harrington <pedward@webcom.com>]
  -
  -  *) Fix WinNT cgi 500 errors when QUERY_ARGS or other strings include
  -     extended characters (non US-ASCII) in non-utf8 format.  This brings
  -     Win32 back into CGI/1.1 compliance, and leaves charset decoding up
  -     to the cgi application itself.  [William Rowe]
  -
  -  *) Major overhaul of mod_dav, mod_dav_fs and the experimental/cache
  -     modules to bring them up to the current apr/apr-util APIs.
  -     [William Rowe]
  +  *) Remove warnings with Sun's Forte compiler.  [Justin Erenkrantz]
  +
  +  *) Fixed mod_disk_cache's generation of 304s
  +     [Kris Verbeeck <Kris.Verbeeck@ubizen.com>]
  +
  +  *) Add support for using fnmatch patterns in the final path
  +     segment of an Include statement (eg.. include /foo/bar/*.conf).
  +     and remove the noise on stderr during config dir processing.
  +     [Joe Orton <jorton@redhat.com>]
  +
  +  *) mod_cache: cache_storage.c. Add the hostname and any request
  +     args to the key generated for caching. This provides a unique
  +     key for each virtual host and for each request with unique
  +     args. [Paul J. Reder, args code provided by Kris Verbeeck]
  +
  +  *) mod_cache: Do not cache responses to GET requests with query
  +     URLs if the origin server does not explicitly provide an
  +     Expires header on the response (RFC 2616 Section 13.9)
  +     [Kris Verbeeck krisv@be.ubizen.com]
  +
  +  *) Fix memory leak in core_output_filter.  [Justin Erenkrantz]
  +
  +  *) Update OpenSSL detection to work on Darwin.
  +     [Sander Temme <sctemme@covalent.net>]
  +
  +  *) Update the xslt and css to give the documentation a more
  +     modern style.
  +     [André Malo <nd@perlig.de>, Gernot Winkler <greh@o3media.de>]
  +
  +  *) Fix some bucket memory leaks in the chunking code
  +     [Joe Schaefer <joe+apache@sunstarsys.com>]
  +
  +  *) Add ModMimeUsePathInfo directive.  [Justin Erenkrantz]
  +
  +  *) mod_cache: added support for caching streamed responses (proxy,
  +     CGI, etc) with optional CacheMaxStreamingBuffer setting [Brian Pane]
  +
  +  *) Add image/x-icon to httpd.conf PR 10993.
  +     [Ian Holsman, Peter Bieringer <pb@bieringer.de>]
  +
  +  *) Fix FileETags none operation.  PR 12207.
  +     [Justin Erenkrantz, Andrew Ho <andrew@tellme.com>]
   
  -  *) Fix segfault in mod_mem_cache most frequently observed when
  -     serving the same file to multiple clients on an MP machine.
  +  *) Restored the experimental leader/followers MPM to working
  +     condition and converted its thread synchronization from
  +     mutexes to atomic CAS.  [Brian Pane]
  +
  +  *) Fix Logic on non-html file removal in mod_deflate
  +     [Kris Verbeeck <Kris.Verbeeck@ubizen.com>]
  +
  +  *) Fix "ab -g"'s truncated year: the last digit was cut off.
  +     [Leon Brocard <acme@astray.com>]
  +
  +  *) mod_rewrite can now sets cookies in err_headers, uses the correct
  +     expiry date, and can now set the path as well
  +     PR 12132,12181,12172.
  +     [Ian Holsman / Rob Cromwell <apachechangelog@robcromwell.com>]
  +
  +  *) The content-length filter no longer tries to buffer up
  +     the entire output of a long-running request before sending
  +     anything to the client.  [Brian Pane]
  +
  +  *) Win32: Lower the default stack size from 1MB to 256K. This will
  +     allow around 8000 threads to be started per child process.
  +     'EDITBIN /STACK:size apache.exe' can be used to change this
  +     value directly in the apache.exe executable.
        [Bill Stoddard]
   
  -  *) mod_rewrite can now set cookies  (RewriteRule (.*) - [CO=name:$1:.domain])
  -     [Brian Degenhardt <bmd@mp3.com>, Ian Holsman]
  +  *) Win32: Implement ThreadLimit directive in the Windows MPM.
  +     [Bill Stoddard]
   
  -  *) Fix perchild to work with apachectl by adding -k support to perchild.
  -     PR 10074  [Jeff Trawick]
  +  *) Remove CacheOn config directive since it is set but never checked.
  +     No sense wasting cycles on unused code. Besides, the only truly
  +     bug free code is deleted code. :)   [Paul J. Reder]
   
  -  *) Fix a silly htpasswd.c logic error that incorrectly reported that
  -     both -c and -n had been used.  PR 9989  [Cliff Woolley]
  +  *) BufferLogs are now run-time enabled, and the log_config now has 2 new
  +     callbacks to allow a 3rd party module to actually do the writing of the
  +     log file [Ian Holsman]
   
  -  *) Fixed a mod_include error case in which no HTTP response was sent
  -     to the client if an shtml document contained an unterminated SSI
  -     directive [Brian Pane]
  +  *) Correct ISAPIReadAheadBuffer to default to 49152, per mod_isapi docs.
  +     [André Malo, Astrid Keßler <kess@kess-net.de>]
   
  -  *) Improve ap_get_client_block implementation by using APR-util brigade
  -     helper functions and relying on current filter assumptions.
  -     [Justin Erenkrantz]
  +  *) Fix Segfault in mod_cache. [Kris Verbeeck <Kris.Verbeeck@ubizen.com>]
  +
  +  *) Fix a null pointer dereference in the merge_env_dir_configs
  +     function of the mod_env module. PR 11791
  +     [Paul J. Reder]
  +
  +  *) New option to ServerTokens 'maj[or]'. Only show the major version
  +     Also Surfaced this directive in the standard config (default FULL)
  +     [Ian Holsman]
  +
  +  *) Change mod_rewrite to use apr-util's dbm support for dbm rewrite
  +     maps.  The dbm type (e.g., ndbm, gdbm) can be specified on the
  +     RewriteMap directive.  PR 10644  [Jeff Trawick]
  +
  +  *) Fixed mod_rewrite's RewriteMap prg: support so that request/response
  +     pairs will no longer get out of sync with each other.  PR 9534
  +     [Cliff Woolley]
  +
  +  *) Fixes required to get quoted and escaped command args working in
  +     mod_ext_filter. PR 11793 [Paul J. Reder]
  +
  +  *) mod-proxy: handle proxied responses with no status lines
  +     [JD Silvester <jsilves@uwo.ca>, Brett Huttley <brett@huttley.net>]
  +
  +  *) Fix bug where environment or command line arguments containing
  +     non-ASCII-7 characters would cause the Win32 child process creation
  +     to fail.  PR 11854  [William Rowe]
  +
  +  *) Bug #11213.. make module loading error messages more informative
  +     [Ian Darwin <Ian779@darwinsys.com>]
  +
  +  *) thread safety & proxy-ftp [Alexey Panchenko alexey@liwest.ru, Ian Holsman]
  +
  +  *) mod_disk_cache works much better. This module should still
  +     be considered experimental. [Eric Prud'hommeaux]
  +
  +  *) Performance improvement for keepalive requests: when setting
  +     aside a small file for potential concatenation with the next
  +     response on the connection, set aside the file descriptor rather
  +     than copying the file into the heap.  [Brian Pane]
  
  
  
  1.28      +1 -1      httpd-dist/HEADER.html
  
  Index: HEADER.html
  ===================================================================
  RCS file: /home/cvs/httpd-dist/HEADER.html,v
  retrieving revision 1.27
  retrieving revision 1.28
  diff -u -r1.27 -r1.28
  --- HEADER.html	9 Aug 2002 19:17:53 -0000	1.27
  +++ HEADER.html	24 Sep 2002 22:32:49 -0000	1.28
  @@ -12,7 +12,7 @@
   <ul>
   <li><a href="#mirrors">Download from your nearest mirror site!</a></li>
   <li><a href="#binaries">Binary Releases</a></li>
  -<li><a href="#apache20">Apache 2.0.40 is the best available version.</a></li>
  +<li><a href="#apache20">Apache 2.0.42 is the best available version.</a></li>
   <li><a href="#apache13">Apache 1.3.26 is also available.</a></li>
   <li><a href="#sig">PGP Signatures</a></li>
   <li><a href="#patches">Official Patches</a></li>
  
  
  
  1.26      +3 -8      httpd-dist/README.html
  
  Index: README.html
  ===================================================================
  RCS file: /home/cvs/httpd-dist/README.html,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- README.html	15 Aug 2002 18:27:02 -0000	1.25
  +++ README.html	24 Sep 2002 22:32:49 -0000	1.26
  @@ -12,23 +12,18 @@
      Every binary distribution contains an install script. See README 
      for details.</p>
   
  -<h2><a name="apache20"><a href="Announcement2.html">Apache 2.0.40</a>

  +<h2><a name="apache20"><a href="Announcement2.html">Apache 2.0.42</a>
       is the best available version.</a></h2>
   
  -<p>This release fixes a security problem as described in our recent
  -   <a href="http://httpd.apache.org/info/security_bulletin_20020809a.txt">
  -   security bulletin</a>, and all users of Apache 2.0 are urged to
  -   upgrade as soon as possible.</p>
  -
   <p>Apache 2.0 add-in modules are not compatible with Apache 1.3 modules.
      If you are running third party add-in modules, you will need to obtain
      new modules written for Apache 2.0 from that third party before you
      attempt to upgrade from Apache 1.3.</p>
   
   <p>For details see the <A HREF="Announcement2.html">Official Announcement</A>.
  -   Check <a href="patches/apply_to_2.0.40/">here</a> to see if any patches

  +   Check <a href="patches/apply_to_2.0.42/">here</a> to see if any patches

      or other special instructions are necessary for building or running 
  -   Apache 2.0.40 on your platform.</p>
  +   Apache 2.0.42 on your platform.</p>
   
   <p>Note; the -win32-src.zip versions of Apache are nearly identical to the
      .tar.gz versions.  <strong>However</strong>, they offer the source files
  
  
  
  1.27      +1 -1      httpd-dist/binaries/win32/HEADER.html
  
  Index: HEADER.html
  ===================================================================
  RCS file: /home/cvs/httpd-dist/binaries/win32/HEADER.html,v
  retrieving revision 1.26
  retrieving revision 1.27
  diff -u -r1.26 -r1.27
  --- HEADER.html	24 Sep 2002 16:24:56 -0000	1.26
  +++ HEADER.html	24 Sep 2002 22:32:49 -0000	1.27
  @@ -6,7 +6,7 @@
   <li><a href="#winsock">Windows 95 Apache Users Read This First</a></li>
   <li><a href="#xpbug">Windows XP Apache Users Read This First</a><br/></li>
   <li><a href="#zonealarm">ZoneAlarm (or other firewall) Users Read This First</a></li>
  -<li><a href="#stable" style="color:purple;">The current stable release is Apache
2.0.40</a><br/></li>
  +<li><a href="#stable" style="color:purple;">The current stable release is Apache
2.0.42</a><br/></li>
   <li><a href="#old" style="color:green;">The old stable release is Apache 1.3.26</a></li>
   <li><a href="#msi">MSI Binary Distribution Packages</a></li>
   <li><a href="TROUBLESHOOTING.html">Troubleshooting MSI Installation Problems</a></li>
  
  
  
  1.30      +4 -4      httpd-dist/binaries/win32/README.html
  
  Index: README.html
  ===================================================================
  RCS file: /home/cvs/httpd-dist/binaries/win32/README.html,v
  retrieving revision 1.29
  retrieving revision 1.30
  diff -u -r1.29 -r1.30
  --- README.html	24 Sep 2002 16:24:56 -0000	1.29
  +++ README.html	24 Sep 2002 22:32:49 -0000	1.30
  @@ -82,11 +82,11 @@
      responsibility to determine the compatibility between any firewall product
      and the Apache HTTP Server.</p>
   
  -<h2><a name="stable">The current stable release is Apache 2.0.40</a></h2>
  +<h2><a name="stable">The current stable release is Apache 2.0.42</a></h2>
   
   <p>Apache 2.0 is released for General Availability.</p>
   
  -<p>The Apache Group is proud to announce the release the fourth GA release
  +<p>The Apache Group is proud to present the fifth public release
      of Apache 2.0.  Apache 2.0 has been running on the Apache.org website 
      since December of 2000 and has proven to be very reliable.</p>
   
  @@ -103,8 +103,8 @@
   
   <p>Because the distribution tree has changed, we haven't yet identified an 
      effective way to incorporate the source tree into the binary product tree.
  -   You will find the source package in <a href="../../httpd-2.0.40-win32-src.zip"
  -   >/dist/httpd/httpd-2.0.40-win32-src.zip</a>.  That -src.zip file contains only
  +   You will find the source package in <a href="../../httpd-2.0.42-win32-src.zip"
  +   >/dist/httpd/httpd-2.0.42-win32-src.zip</a>.  That -src.zip file contains only
      source and build files, and no binaries.</p>
   
   <h2><a name="old">The old stable release is Apache 1.3.26</a></h2>
  
  
  

Mime
View raw message