httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stri...@apache.org
Subject cvs commit: httpd-dist/binaries/win32 HEADER.html README.html
Date Tue, 29 Jun 2004 01:39:46 GMT
striker     2004/06/28 18:39:46

  Modified:    .        .htaccess Announcement2.txt README.html
               binaries/win32 HEADER.html README.html
  Log:
  Update dist/ (not live) in preparation of 2.0.50.
  
  Revision  Changes    Path
  1.99      +2 -2      httpd-dist/.htaccess
  
  Index: .htaccess
  ===================================================================
  RCS file: /home/cvs/httpd-dist/.htaccess,v
  retrieving revision 1.98
  retrieving revision 1.99
  diff -u -r1.98 -r1.99
  --- .htaccess	11 May 2004 12:32:21 -0000	1.98
  +++ .htaccess	29 Jun 2004 01:39:46 -0000	1.99
  @@ -25,10 +25,10 @@
   AddDescription "1.3.31 compressed source" apache_1.3.31.tar.Z
   AddDescription "1.3.31 gzipped source" apache_1.3.31.tar.gz
   AddDescription "1.3.31 pkzipped source" apache_1.3.31.zip
  -AddDescription "2.0.48 compressed source" httpd-2.0.48.tar.Z
  -AddDescription "2.0.48 gzipped source" httpd-2.0.48.tar.gz
   AddDescription "2.0.49 compressed source" httpd-2.0.49.tar.Z
   AddDescription "2.0.49 gzipped source" httpd-2.0.49.tar.gz
  +AddDescription "2.0.50 compressed source" httpd-2.0.50.tar.Z
  +AddDescription "2.0.50 gzipped source" httpd-2.0.50.tar.gz
   AddDescription "Source code for Win32 compilers" *-win32-src.zip
   AddDescription "Flood 0.4 source" flood-0.4.tar.gz
   AddDescription "Installer Package" *.exe
  
  
  
  1.38      +144 -262  httpd-dist/Announcement2.txt
  
  Index: Announcement2.txt
  ===================================================================
  RCS file: /home/cvs/httpd-dist/Announcement2.txt,v
  retrieving revision 1.37
  retrieving revision 1.38
  diff -u -r1.37 -r1.38
  --- Announcement2.txt	19 Mar 2004 18:18:00 -0000	1.37
  +++ Announcement2.txt	29 Jun 2004 01:39:46 -0000	1.38
  @@ -1,35 +1,24 @@
   
  -                   Apache HTTP Server 2.0.49 Released
  +                   Apache HTTP Server 2.0.50 Released
   
      The Apache Software Foundation and the  The Apache HTTP Server Project are
  -   pleased to announce the release of version 2.0.49 of the Apache HTTP
  +   pleased to announce the release of version 2.0.50 of the Apache HTTP
      Server ("Apache").  This Announcement notes the significant changes
  -   in 2.0.49 as compared to 2.0.48.
  +   in 2.0.50 as compared to 2.0.49.
   
      This version of Apache is principally a bug fix release.  A summary of
      the bug fixes is given at the end of this document.  Of particular
  -   note is that 2.0.49 addresses three security vulnerabilities:
  +   note is that 2.0.50 addresses one security vulnerability:
   
  -   When using multiple listening sockets, a denial of service attack
  -   is possible on some platforms due to a race condition in the
  -   handling of short-lived connections.  This issue is known to affect
  -   some versions of AIX, Solaris, and Tru64; it is known to not affect
  -   FreeBSD or Linux.
  -   [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174]
  -
  -   Arbitrary client-supplied strings can be written to the error log
  -   which can allow exploits of certain terminal emulators.
  -   [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020]
  -
  -   A remotely triggered memory leak in mod_ssl can allow a denial
  -   of service attack due to excessive memory consumption.
  -   [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113]
  +   A remotely triggered memory leak in http header parsing can allow a
  +   denial of service attack due to excessive memory consumption.
  +   [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493]
   
      This release is compatible with modules compiled for 2.0.42 and later
      versions.  We consider this release to be the best version of Apache
      available and encourage users of all prior versions to upgrade.
   
  -   Apache HTTP Server 2.0.49 is available for download from
  +   Apache HTTP Server 2.0.50 is available for download from
   
        http://httpd.apache.org/download.cgi
   
  @@ -49,290 +38,183 @@
      will be using are thread-safe.  Please contact the vendors of these
      modules to obtain this information.
   
  -                       Apache 2.0.49 Major changes
  +                       Apache 2.0.50 Major changes
   
  -   Security vulnerabilities closed since Apache 2.0.48
  +   Security vulnerabilities closed since Apache 2.0.49
   
  -    *) SECURITY: CAN-2004-0174 (cve.mitre.org)
  -       Fix starvation issue on listening sockets where a short-lived
  -       connection on a rarely-accessed listening socket will cause a
  -       child to hold the accept mutex and block out new connections until
  -       another connection arrives on that rarely-accessed listening socket.
  -       With Apache 2.x there is no performance concern about enabling the
  -       logic for platforms which don't need it, so it is enabled everywhere
  -       except for Win32.  [Jeff Trawick]
  -
  -    *) SECURITY: CAN-2004-0113 (cve.mitre.org)
  -       mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
  -       PR 27106.  [Joe Orton]
  -
  -    *) SECURITY: CAN-2003-0020 (cve.mitre.org)
  -       Escape arbitrary data before writing into the errorlog. Unescaped
  -       errorlogs are still possible using the compile time switch
  -       "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".  [Geoffrey Young, André Malo]
  -
  -   Bugs fixed and features added since Apache 2.0.47
  -
  -    *) mod_cgid: Fix storage corruption caused by use of incorrect pool.
  -       [Jeff Trawick]
  -
  -    *) Win32: find_read_listeners was not correctly handling multiple
  -       listeners on the Win32DisableAcceptEx path.  [Bill Stoddard]
  -
  -    *) Fix bug in mod_usertrack when no CookieName is set.  PR 24483.
  -       [Manni Wood <manniwood planet-save.com>]
  -
  -    *) Fix some piped log problems: bogus "piped log program '(null)'
  -       failed" messages during restart and problem with the logger
  -       respawning again after Apache is stopped.  PR 21648, PR 24805.
  -       [Jeff Trawick]
  -
  -    *) Fixed file extensions for real media files and removed rpm extension
  -       from mime.types. PR 26079.  [Allan Sandfeld <kde carewolf.com>]
  -
  -    *) Remove compile-time length limit on request strings. Length is
  -       now enforced solely with the LimitRequestLine config directive.
  -       [Paul J. Reder]
  -
  -    *) mod_ssl: Send the Close Alert message to the peer before closing
  -       the SSL session.  PR 27428.  [Madhusudan Mathihalli, Joe Orton]
  -
  -    *) mod_ssl: Fix bug in passphrase handling which could cause spurious
  -       failures in SSL functions later.  PR 21160.  [Joe Orton]
  -
  -    *) mod_log_config: Fix corruption of buffered logs with threaded
  -       MPMs.  PR 25520.  [Jeff Trawick]
  -
  -    *) Fix mod_include's expression parser to recognize strings correctly
  -       even if they start with an escaped token.  [André Malo]
  -
  -    *) Add fatal exception hook for use by diagnostic modules.  The hook
  -       is only available if the --enable-exception-hook configure parm
  -       is used and the EnableExceptionHook directive has been set to
  -       "on".  [Jeff Trawick]
  -
  -    *) Allow mod_auth_digest to work with sub-requests with different
  -       methods than the original request.  PR 25040.
  -       [Josh Dady <jpd indecisive.com>]
  -
  -    *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
  -       argumentless containers.
  -       ["Philippe M. Chiasson" <gozer cpan.org>]
  -
  -    *) mod_auth_ldap: Fix some segfaults in the cache logic.  PR 18756.
  -       [Matthieu Estrade <apache moresecurity.org>, Brad Nicholes]
  -
  -    *) mod_cgid: Restart the cgid daemon if it crashes.  PR 19849
  -       [Glenn Nielsen <glenn apache.org>]
  -
  -    *) The whole codebase was relicensed and is now available under
  -       the Apache License, Version 2.0 (http://www.apache.org/licenses).
  -       [Apache Software Foundation]
  -
  -    *) Fixed cache-removal order in mod_mem_cache.
  -       [Jean-Jacques Clar, Cliff Woolley]
  -
  -    *) mod_setenvif: Fix the regex optimizer, which under circumstances
  -       treated the supplied regex as literal string. PR 24219.
  -       [André Malo]
  -
  -    *) ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
  -       instead of mmn. [André Malo]
  -
  -    *) mod_rewrite: Catch an edge case, where strange subsequent RewriteRules
  -       could lead to a 400 (Bad Request) response.  [André Malo]
  -
  -    *) Keep focus of ITERATE and ITERATE2 on the current module when
  -       the module chooses to return DECLINE_CMD for the directive.
  -       PR 22299.  [Geoffrey Young <geoff apache.org>]
  -
  -    *) Add support for IMT minor-type wildcards (e.g., text/*) to
  -       ExpiresByType.  PR#7991  [Ken Coar]
  -
  -    *) Fix segfault in mod_mem_cache cache_insert() due to cache size
  -       becoming negative.  PR: 21285, 21287
  -       [Bill Stoddard, Massimo Torquati, Jean-Jacques Clar]
  -
  -    *) core.c: If large file support is enabled, allow any file that is
  -       greater than AP_MAX_SENDFILE to be split into multiple buckets.
  -       This allows Apache to send files that are greater than 2gig.
  -       Otherwise we run into 32/64 bit type mismatches in the file size.
  -       [Brad Nicholes]
  -
  -    *) proxy_http fix: mod_proxy hangs when both KeepAlive and
  -       ProxyErrorOverride are enabled, and a non-200 response without a
  -       body is generated by the backend server. (e.g.: a client makes a
  -       request containing the "If-Modified-Since" and "If-None-Match"
  -       headers, to which the backend server respond with status 304.)
  -       [Graham Wiseman <gwiseman fscinternet.com>, Richard Reiner]
  -
  -    *) mod_dav: Reject requests which include an unescaped fragment in the
  -       Request-URI.  PR 21779.  [Amit Athavale <amit_athavale lycos.com>]
  -
  -    *) Build array of allowed methods with proper dimensions, fixing
  -       possible memory corruption.  [Jeff Trawick]
  -
  -    *) mod_ssl: Fix potential segfault on lookup of SSL_SESSION_ID.
  -       PR 15057.  [Otmar Lendl <lendl nic.at>]
  -
  -    *) mod_ssl: Fix streaming output from an nph- CGI script. PR 21944
  +    *) SECURITY: CAN-2004-0493 (cve.mitre.org)
  +       Close a denial of service vulnerability identified by Georgi
  +       Guninski which could lead to memory exhaustion with certain
  +       input data.  [Jeff Trawick]
  +
  +    *) SECURITY: CAN-2004-0488 (cve.mitre.org)
  +       mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
  +       (trusted) client certificate subject DN which exceeds 6K in length.
          [Joe Orton]
   
  -    *) mod_usertrack no longer inspects the Cookie2 header for
  -       the cookie name. PR 11475.  [Chris Darrochi <chrisd pearsoncmg.com>]
  -
  -    *) mod_usertrack no longer overwrites other cookies.
  -       PR 26002.  [Scott Moore <apache nopdesign.com>]
  -
  -    *) worker MPM: fix stack overlay bug that could cause the parent
  -       process to crash.  [Jeff Trawick]
  +   Bugs fixed and features added since Apache 2.0.49
   
  -    *) Win32: Add Win32DisableAcceptEx directive. This Windows
  -       NT/2000/XP directive is useful to work around bugs in some
  -       third party layered service providers like virus scanners,
  -       VPN and firewall products, that do not properly handle
  -       WinSock 2 APIs.  Use this directive if your server is issuing
  -       AcceptEx failed messages.
  -       [Allan Edwards, Bill Rowe, Bill Stoddard, Jeff Trawick]
  +    *) mod_cgi: Handle output on stderr during script execution on Unix
  +       platforms; preventing deadlock when stderr output fills pipe buffer.
  +       Also fixes case where stderr from nph- scripts could be lost.
  +       PR 22030, 18348.  [Joe Orton, Jeff Trawick]
   
  -    *) Make REMOTE_PORT variable available in mod_rewrite.
  -       PR 25772.  [André Malo]
  +    *) mod_alias now emits a warning if it detects overlapping *Alias*
  +       directives.  [André Malo]
   
  -    *) Fix a long delay with CGI requests and keepalive connections on
  -       AIX.  [Jeff Trawick]
  +    *) mod_rewrite no longer turns forward proxy requests into reverse proxy
  +       requests. PR 28125  [ast domdv.de, André Malo]
   
  -    *) mod_autoindex: Add 'XHTML' option in order to allow switching between
  -       HTML 3.2 and XHTML 1.0 output. PR 23747.  [André Malo]
  -
  -    *) Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
  -       [André Malo]
  +    *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now
  +       exported on Win32 and Netware as well (minor MMN bump).  PR 28523.
  +       [Edward Rudd <eddie omegaware.com>, André Malo]
   
  -    *) mod_ssl: Advertise SSL library version as determined at run-time rather
  -       than at compile-time.  PR 23956.  [Eric Seidel <seidel apple.com>]
  +    *) Restore the ability to disable the use of AcceptEx on Win9x systems
  +       automatically (broken in 2.0.49). PR 28529.  [André Malo]
   
  -    *) mod_ssl: Fix segfault on a non-SSL request if the 'c' log
  -       format code is used.  PR 22741.  [Gary E. Miller <gem rellim.com>]
  +    *) <VirtualHost myhost> now applies to all IP addresses for myhost
  +       instead of just the first one reported by the resolver.  This
  +       corrects a regression since 1.3.  [Jeff Trawick]
   
  -    *) Fix build with parallel make.  PR 24643.  [Joe Orton]
  +    *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved
  +       against ServerRoot PR#26602 [Brad Nicholes]
   
  -    *) mod_rewrite: In external rewrite maps lookup keys containing
  -       a newline now cause a lookup failure. PR 14453.
  -       [Cedric Gavage <cedric.gavage unixtech.be>, André Malo]
  +    *) mod_dav_fs: Fix MKCOL response for missing parent collections, which
  +       caused issues for the Eclipse WebDAV extension.
  +       PR 29034.  [Joe Orton]
   
  -    *) Backport major overhaul of mod_include's filter parser from 2.1.
  -       The new parser code is expected to be more robust and should
  -       catch all of the edge cases that were not handled by the previous one.
  -       The 2.1 external API changes were hidden by a wrapper which is
  -       expected to keep the API backwards compatible.  [André Malo]
  +    *) mod_deflate: Fix memory consumption (which was proportional to the
  +       response size).  PR 29318.  [Joe Orton]
   
  -    *) Add a hook (insert_error_filter) to allow filters to re-insert
  -       themselves during processing of error responses. Enable mod_expires
  -       to use the new hook to include Expires headers in valid error
  -       responses. This addresses an RFC violation. It fixes PRs 19794,
  -       24884, and 25123. [Paul J. Reder]
  +    *) mod_ssl: Log the errors returned on failure to load or initialize
  +       a crypto accelerator engine.  [Joe Orton]
   
  -    *) Add Polish translation of error messages.  PR 25101.
  -       [Tomasz Kepczynski <tomek jot23.org>]
  +    *) Allow RequestHeader directives to be conditional. PR 27951.
  +       [Vincent Deffontaines <vincent gryzor.com>, André Malo]
   
  -    *) Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. (Not yet
  -       supported for BeOS or OS/2 MPMs.)  [Jeff Trawick, Brad Nicholes,
  -       Bill Stoddard]
  -
  -    *) Add mod_status hook to allow modules to add to the mod_status
  -       report.  [Joe Orton]
  +    *) Allow LimitRequestBody to be reset to unlimited. PR 29106
  +       [André Malo]
   
  -    *) Fix htdbm to generate comment fields in DBM files correctly.
  -       [Justin Erenkrantz]
  +    *) Fix a bunch of cases where the return code of the regex compiler
  +       was not checked properly. This affects: mod_setenvif, mod_usertrack,
  +       mod_proxy, mod_proxy_ftp and core. PR 28218.  [André Malo]
   
  -    *) mod_dav: Use bucket brigades when reading PUT data. This avoids
  -       problems if the data stream is modified by an input filter. PR 22104.
  -       [Tim Robbins <tim robbins.dropbear.id.au>, André Malo]
  +    *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for
  +       small cache sizes.  PR 27751.  [Geoff Thorpe <geoff geoffthorpe.net>]
   
  -    *) Fix RewriteBase directive to not add double slashes.  [André Malo]
  +    *) Remove 2Gb log file size restriction on some 32-bit platforms.
  +       PR 13511.  [Joe Orton]
   
  -    *) Improve 'configure --help' output for some modules.  [Astrid Keßler]
  +    *) mod_logio no longer removes the EOS bucket. PR 27928.
  +       [Bojan Smojver <bojan rexursive.com>]
   
  -    *) Correct UseCanonicalName Off to properly check incoming port number.
  -       [Jim Jagielski]
  +    *) htpasswd no longer refuses to process files that contain empty
  +       lines.  [André Malo]
   
  -    *) Fix slow graceful restarts with prefork MPM.  [Joe Orton]
  +    *) Regression from 1.3: At startup, suexec now will be checked for
  +       availability, the setuid bit and user root. The works only if
  +       httpd is compiled with the shipped APR version (0.9.5).
  +       PR 28287.  [André Malo]
   
  -    *) Fix a problem with namespace mappings being dropped in mod_dav_fs;
  -       if any property values were set which defined namespaces these
  -       came out mangled in the PROPFIND response.  PR 11637.
  -       [Amit Athavale <amit_athavale persistent.co.in>]
  +    *) Unix MPMs: Stop dropping connections when the file descriptor
  +       is at least FD_SETSIZE.  [Jeff Trawick]
   
  -    *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
  -       the destination resource gives a 401.  PR 15571.  [Joe Orton]
  +    *) Fix handling of IPv6 numeric strings in mod_proxy.  [Jeff Trawick]
   
  -    *) mod_autoindex / core: Don't fail to show filenames containing
  -       special characters like '%'. PR 13598.  [André Malo]
  +    *) mod_isapi: send_response_header() failed to copy status string's
  +       last character.  PR 20619.  [Jesse Pelton <jsp pkc.com>]
   
  -    *) mod_status: Report total CPU time accurately when using a threaded
  -       MPM.  PR 23795.  [Jeff Trawick]
  +    *) Fix a segfault when requests for shared memory fails and returns
  +       NULL. Fix a segfault caused by a lack of bounds checking on the
  +       cache.  PR 24801.  [Graham Leggett]
   
  -    *) Fix memory leak in handling of request bodies during reverse
  -       proxy operations.  PR 24991. [Larry Toppi <larry.toppi citrix.com>]
  +    *) Throw an error message if an attempt is made to use the LDAPTrustedCA
  +       or LDAPTrustedCAType directives in a VirtualHost. PR 26390
  +       [Brad Nicholes]
   
  -    *) Win32 MPM: Implement MaxMemFree to enable setting an upper
  -       limit on the amount of storage used by the bucket brigades
  -       in each server thread. [Bill Stoddard]
  +    *) Fix a potential segfault if the bind password in the LDAP cache
  +       is NULL.  PR 28250.  [Jari Ahonen <jah progress.com>]
   
  -    *) Modified the cache code to be header-location agnostic. Also
  -       fixed a number of other cache code bugs related to PR 15852.
  -       Includes a patch submitted by Sushma Rai <rsushma novell.com>.
  -       This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
  -       closing the PR since that is what they are using. [Paul J. Reder]
  +    *) Quotes cannot be used around require group and require dn
  +       directives, update the documentation to reflect this. Also add
  +       quotes around the dn and group within debug messages, to make it
  +       more obvious why authentication is failing if quotes are used in
  +       error.  PR 19304.  [Graham Leggett]
  +
  +    *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap
  +       from escaping filters twice when the backslash character is used.
  +       PR 24437.  [Jess Holle <jessh ptc.com>]
  +
  +    *) Overhaul handling of LDAP error conditions, so that the util_ldap_*
  +       functions leave the connections in a sane state after errors have
  +       occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134,
  +       27271 [Graham Leggett]
  +
  +    *) mod_ldap calls ldap_simple_bind_s() to validate the user
  +       credentials.  If the bind fails, the connection is left
  +       in an unbound state.  Make sure that the ldap connection
  +       record is updated to show that the connection is no longer
  +       bound. [Brad Nicholes]
  +
  +    *) Ensure that lines in the request which are too long are
  +       properly terminated before logging.
  +       [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]
  +
  +    *) Update the bind credentials for the cached LDAP connection to
  +       reflect the last bind.  This prevents util_ldap from creating
  +       unnecessary connections rather than reusing cached connections.
  +       [Brad Nicholes]
   
  -    *) complain via error_log when mod_include's INCLUDES filter is
  -       enabled, but the relevant Options flag allowing the filter to run
  -       for the specific resource wasn't set, so that the filter won't
  -       silently get skipped. next remove itself, so the warning will be
  -       logged only once [Stas Bekman, Jeff Trawick, Bill Rowe]
  +    *) mod_isapi: GetServerVariable returned improperly terminated header
  +       fields given "ALL_HTTP" or "ALL_RAW".  PR 20656.
  +       [Jesse Pelton <jsp pkc.com>]
   
  -    *) mod_info: HTML escape configuration information so it displays
  -       correctly. PR 24232. [Thom May]
  +    *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer
  +       size.  PR 20617.  [Jesse Pelton <jsp pkc.com>]
   
  -    *) Restore the ability to add a description for directories that
  -       don't contain an index file.  (Broken in 2.0.48) [André Malo]
  +    *) mod_dav: Fix a problem that could cause crashes when manipulating
  +       locks on some platforms.  [Jeff Trawick]
   
  -    *) Fix a problem with the display of empty variables ("SetEnv foo") in
  -       mod_include.  PR 24734  [Markus Julen <mj zermatt.net>]
  +    *) mod_headers no longer crashes if an empty header value should
  +       be added.  [André Malo]
   
  -    *) mod_log_config: Log the minutes component of the timezone correctly.
  -       PR 23642.  [Hong-Gunn Chew <hgbug gunnet.org>]
  +    *) Fix segfault in mod_expires, which occured under certain
  +       circumstances. PR 28047.  [André Malo]
   
  -    *) mod_proxy: Fix cases where an invalid status-line could be sent
  -       to the client.  PR 23998.  [Joe Orton]
  +    *) htpasswd: use apr_temp_dir_get() and general cleanup
  +       [Guenter Knauf <eflash gmx.net>, Thom May]
   
  -    *) mod_ssl: Fix segfaults at startup if other modules which use OpenSSL
  -       are also loaded.  [Joe Orton]
  +    *) mod_ssl: Fix memory leak in session cache handling.  PR 26562
  +       [Madhusudan Mathihalli]
   
  -    *) mod_ssl: Use human-readable OpenSSL error strings in logs; use
  -       thread-safe interface for retrieving error strings.  [Joe Orton]
  +    *) mod_ssl: Fix potential segfaults when performing SSL shutdown from
  +       a pool cleanup.  PR 27945.  [Joe Orton]
   
  -    *) mod_expires: Initialize ExpiresDefault to NULL instead of "" to
  -       avoid reporting an Internal Server error if it is used without
  -       having been set in the httpd.conf file. PR: 23748, 24459
  -       [Andre Malo, Liam Quinn  <liam htmlhelp.com>]
  +    *) Add forensic logging module (mod_log_forensic).
  +       [Ben Laurie]
   
  -    *) mod_autoindex: Don't omit the <tr> start tag if the SuppressIcon
  -       option is set. PR 21668.  [Jesse Tie-Ten-Quee <highos highos.com>]
  +    *) logresolve: Allow size of log line buffer to be overridden at
  +       build time (MAXLINE).  PR 27793.  [Jeff Trawick]
   
  -    *) mod_include no longer allows an ETag header on 304 responses.
  -       PR 19355. [Geoffrey Young <geoff apache.org>, André Malo]
  +    *) Fix the comment delimiter in htdbm so that it correctly parses the
  +       username comment.  Also add a terminate function to allow NetWare
  +       to pause the output before the screen is destroyed.
  +       [Guenter Knauf <eflash gmx.net>, Brad Nicholes]
   
  -    *) EBCDIC: Convert header fields to ASCII before sending (broken
  -       since 2.0.44). [Martin Kraemer]
  +    *) Fix crash when Apache was started with no Listen directives.
  +       [Michael Corcoran <mcorcoran warpsolutions.com>]
   
  -    *) Fix the inability to log errors like exec failure in
  -       mod_ext_filter/mod_cgi script children.  This was broken after
  -       such children stopped inheriting the error log handle.
  -       [Jeff Trawick]
  +    *) core_output_filter: Fix bug that could result in sending
  +       garbage over the network when module handlers construct
  +       bucket brigades containing multiple file buckets all referencing
  +       the same open file descriptor. [Bojan Smojver]
   
  -    *) Fix mod_info to use the real config file name, not the default
  -       config file name.  [Aryeh Katz <aryeh secured-services.com>]
  +    *) Fix memory corruption problem with ap_custom_response() function.
  +       The core per-dir config would later point to request pool data
  +       that would be reused for different purposes on different requests.
  +       [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe]
   
  -    *) Set the scoreboard state to indicate logging prior to running
  -       logging hooks so that server-status will show 'L' for hung loggers
  -       instead of 'W'.  [Jeff Trawick]
  +    *) Win32: Tweak worker thread accounting routines to eliminate
  +       server hang when number of Listen directives in httpd.conf
  +       is greater than or equal to the setting of ThreadsPerChild.
  +       [Bill Stoddard]
  
  
  
  1.47      +3 -3      httpd-dist/README.html
  
  Index: README.html
  ===================================================================
  RCS file: /home/cvs/httpd-dist/README.html,v
  retrieving revision 1.46
  retrieving revision 1.47
  diff -u -r1.46 -r1.47
  --- README.html	19 Mar 2004 18:18:00 -0000	1.46
  +++ README.html	29 Jun 2004 01:39:46 -0000	1.47
  @@ -45,13 +45,13 @@
   
   <pre>
   % pgpk -a KEYS
  -% pgpv httpd-2.0.49.tar.gz.asc
  +% pgpv httpd-2.0.50.tar.gz.asc
   <i>or</i>,
   % pgp -ka KEYS
  -% pgp httpd-2.0.49.tar.gz.asc
  +% pgp httpd-2.0.50.tar.gz.asc
   <i>or</i>,
   % gpg --import KEYS
  -% gpg --verify httpd-2.0.49.tar.gz.asc
  +% gpg --verify httpd-2.0.50.tar.gz.asc
   </pre>
   
   <p>We offer MD5 hashes as an alternative to validate the integrity
  
  
  
  1.37      +1 -1      httpd-dist/binaries/win32/HEADER.html
  
  Index: HEADER.html
  ===================================================================
  RCS file: /home/cvs/httpd-dist/binaries/win32/HEADER.html,v
  retrieving revision 1.36
  retrieving revision 1.37
  diff -u -r1.36 -r1.37
  --- HEADER.html	11 May 2004 18:26:22 -0000	1.36
  +++ HEADER.html	29 Jun 2004 01:39:46 -0000	1.37
  @@ -6,7 +6,7 @@
   <li><a href="#winsock">Windows 95 Apache Users Read This First</a></li>
   <li><a href="#xpbug">Windows XP Apache Users Read This First</a><br/></li>
   <li><a href="#zonealarm">ZoneAlarm (or other firewall) Users Read This First</a></li>
  -<li><a href="#stable" style="color:purple;">The current stable release is Apache
2.0.49</a><br/></li>
  +<li><a href="#stable" style="color:purple;">The current stable release is Apache
2.0.50</a><br/></li>
   <li><a href="#old" style="color:green;">The old stable release is Apache 1.3.31</a></li>
   <li><a href="#archive">Older releases</a></li>
   <li><a href="#msi">MSI Binary Distribution Packages</a></li>
  
  
  
  1.49      +4 -4      httpd-dist/binaries/win32/README.html
  
  Index: README.html
  ===================================================================
  RCS file: /home/cvs/httpd-dist/binaries/win32/README.html,v
  retrieving revision 1.48
  retrieving revision 1.49
  diff -u -r1.48 -r1.49
  --- README.html	13 Jun 2004 19:19:04 -0000	1.48
  +++ README.html	29 Jun 2004 01:39:46 -0000	1.49
  @@ -89,12 +89,12 @@
   and <a
   href="http://httpd.apache.org/docs-2.0/mod/mpm_winnt.html#win32disableacceptex">Win32DisableAcceptEx</a>.</p>
   
  -<h2><a name="stable">The current stable release is Apache 2.0.49</a></h2>
  +<h2><a name="stable">The current stable release is Apache 2.0.50</a></h2>
   
   <p>Apache 2.0 is released for General Availability.</p>
   
   <p>The Apache HTTP Server Project is proud to present the release of version
  -   2.0.49 of the Apache HTTP Server ("Apache").  Apache 2.0 has been running
  +   2.0.50 of the Apache HTTP Server ("Apache").  Apache 2.0 has been running
      on the Apache.org website since December of 2000 and has proven to be very
      reliable.</p>
   
  @@ -115,8 +115,8 @@
   
   <p>Because the distribution tree has changed, we haven't yet identified an 
      effective way to incorporate the source tree into the binary distribution.
  -   You will find the source package in <a href="../../httpd-2.0.49-win32-src.zip"
  -   >/dist/httpd/httpd-2.0.49-win32-src.zip</a>.  That -win32-src.zip file contains

  +   You will find the source package in <a href="../../httpd-2.0.50-win32-src.zip"
  +   >/dist/httpd/httpd-2.0.50-win32-src.zip</a>.  That -win32-src.zip file contains

      <strong>only</strong> source and build files, and contains <strong>no</strong>
      binaries.</p>
   
  
  
  

Mime
View raw message