httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r564558 [2/2] - /httpd/httpd/branches/2.2.x/CHANGES
Date Fri, 10 Aug 2007 11:32:38 GMT

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=diff&rev=564558&r1=564557&r2=564558
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Fri Aug 10 04:32:38 2007
@@ -1446,14062 +1446,10 @@
   [Apache 2.1.0-dev includes those bug fixes and changes with the
    Apache 2.0.xx tree as documented, and except as noted, below.]
 
-Changes with Apache 2.0.56
+Changes with Apache 2.0.x and later:
 
-  *) Preserve the Content-Length header for a proxied HEAD response.
-     PR 18757.  [Greg Ames]
+  *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup
 
-  *) mod_cgi(d): Remove block on OPTIONS method so that scripts can
-     respond to OPTIONS directly rather than via server default.
-     [Roy Fielding] PR 15242
+Changes with Apache 1.3.x and later:
 
-Changes with Apache 2.0.55
-
-  *) SECURITY: CVE-2005-2088 (cve.mitre.org)
-     proxy: Correctly handle the Transfer-Encoding and Content-Length
-     headers.  Discard the request Content-Length whenever T-E: chunked
-     is used, always passing one of either C-L or T-E: chunked whenever 
-     the request includes a request body.  Resolves an entire class of
-     proxy HTTP Request Splitting/Spoofing attacks.  [William Rowe]
-
-  *) Added TraceEnable [on|off|extended] per-server directive to alter
-     the behavior of the TRACE method.  This addresses a flaw in proxy
-     conformance to RFC 2616 - previously the proxy server would accept
-     a TRACE request body although the RFC prohibited it.  The default
-     remains 'TraceEnable on'.  [William Rowe]
-
-  *) Add ap_log_cerror() for logging messages associated with particular
-     client connections.  [Jeff Trawick]
-
-  *) Correct mod_cgid's argv[0] so that the full path can be delved by the
-     invoked cgi application, to conform to the behavior of mod_cgi.
-     [Pradeep Kumar S <pradeep.smani gmail.com>]
-
-  *) mod_include: Fix possible environment variable corruption when 
-     using nested includes.  PR 12655.  [Joe Orton]
-
-  *) Support the suppress-error-charset setting, as with Apache 1.3.x.
-     PR 31274.  [Jeff Trawick]
-
-  *) EBCDIC: Handle chunked input from client or, with proxy, origin
-     server.  [Jeff Trawick]
-
-  *) Fix bad globbing comparison which could result in getting
-     a directory listing when a file was requested. PR 34512.
-     [sean <infamous41md hotmail.com>]
-
-  *) Fix core dump if mod_auth_ldap's mod_auth_ldap_auth_checker()
-     was called even if mod_auth_ldap_check_user_id() was not
-     (or if it didn't succeed) for non-authoritative cases.
-     [Jim Jagielski]
-
-  *) SECURITY: CVE-2005-2728 (cve.mitre.org)
-     Fix cases where the byterange filter would buffer responses
-     into memory.  PR 29962.  [Joe Orton]
-
-  *) mod_proxy: Fix over-eager handling of '%' for reverse proxies.
-     PR 15207.  [Jim Jagielski]
-
-  *) mod_ldap: Fix various shared memory cache handling bugs.
-     PR 34209.  [Joe Orton]
-
-  *) Fix a file descriptor leak when starting piped loggers.  PR 33748. 
-     [Joe Orton]
-
-  *) mod_ldap: Avoid segfaults when opening connections if using a version
-     of OpenLDAP older than 2.2.21.  PR 34618.  [Brad Nicholes]
-
-  *) mod_ssl: Fix build with OpenSSL 0.9.8.  PR 35757.  [William Rowe]
-
-  *) SECURITY: CVE-2005-2088 (cve.mitre.org)
-     core: If a request contains both Transfer-Encoding and Content-Length
-     headers, remove the Content-Length, mitigating some HTTP Request 
-     Splitting/Spoofing attacks.  [Paul Querna, Joe Orton]
-
-  *) proxy HTTP: If a response contains both Transfer-Encoding and a 
-     Content-Length, remove the Content-Length and don't reuse the
-     connection, mitigating some HTTP Response Splitting attacks.
-     [Jeff Trawick]
-
-  *) Prevent hangs of child processes when writing to piped loggers at
-     the time of graceful restart.  PR 26467.  [Jeff Trawick]
-
-  *) SECURITY: CVE-2005-1268 (cve.mitre.org)
-     mod_ssl: Fix off-by-one overflow whilst printing CRL information
-     at "LogLevel debug" which could be triggered if configured 
-     to use a "malicious" CRL.  PR 35081.  [Marc Stern <mstern csc.com>]
-
-  *) mod_userdir: Fix possible memory corruption issue.  PR 34588.
-     [David Leonard <dleonard vintela.com>]
-
-  *) worker mpm: don't take down the whole server for a transient
-     thread creation failure. PR 34514 [Greg Ames]
-  
-  *) mod_rewrite: use buffered I/O to improve performance with large
-     RewriteMap txt: files.  [Greg Ames]
-
-  *) proxy HTTP: Rework the handling of request bodies to handle
-     chunked input and input filters which modify content length, and
-     avoid spooling arbitrary-sized request bodies in memory.
-     PR 15859.  [Jeff Trawick]
-
-Changes with Apache 2.0.54
-
-  *) mod_cache: Add CacheIgnoreHeaders directive.  PR 30399.
-     [Rüdiger Plüm <r.pluem t-online.de>]
-
-  *) mod_ldap: Added the directive LDAPConnectionTimeout to configure
-     the ldap socket connection timeout value.  
-     [Brad Nicholes]
-
-  *) Correctly export all mod_dav public functions.
-     [Branko Čibej <brane xbc.nu>]
-
-  *) Add a build script to create a solaris package. [Graham Leggett]
-
-  *) worker MPM: Fix a problem which could cause httpd processes to
-     remain active after shutdown.  [Jeff Trawick]
-
-  *) Unix MPMs: Shut down the server more quickly when child processes are
-     slow to exit.  [Joe Orton, Jeff Trawick]
-
-  *) Remove formatting characters from ap_log_error() calls.  These
-     were escaped as fallout from CVE-2003-0020.
-     [Eric Covener <ecovener gmail.com>]
-
-  *) mod_ssl: If SSLUsername is used, set r->user earlier.  PR 31418.
-     [David Reid]
-
-  *) htdigest: Fix permissions of created files.  PR 33765.  [Joe Orton]
-
-  *) core_input_filter: Move buckets to a persistent brigade instead of
-     creating a new brigade. This stop a memory leak when proxying a 
-     Streaming Media Server. PR 33382. [Paul Querna]
-
-  *) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid 
-     hiccups from additional path information passed in non-utf-8 format.
-     [Richard Donkin <rd9 donkin.org]
-
-Changes with Apache 2.0.53
-
-  *) Fix --with-apr=/usr and/or --with-apr-util=/usr.  PR 29740.
-     [Max Bowsher <maxb ukf.net>]
-
-  *) mod_proxy: Fix ProxyRemoteMatch directive.  PR 33170.
-     [Rici Lake <rici ricilake.net>]
-
-  *) mod_proxy: Respect errors reported by pre_connection hooks.
-     [Jeff Trawick]
-
-  *) --with-module can now take more than one module to be statically
-     linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
-     If the <modtype>-subdirectory doesn't exist it will be created and
-     populated with a standard Makefile.in.  [Erik Abele]
-
-  *) Fix the RPM spec file so that an RPM build now works. An RPM
-     build now requires system installations of APR and APR-util.
-     Remove some arbitrary moving around of binaries - the RPM now
-     maps to the ASF build of httpd.
-     [Graham Leggett]
-
-  *) mod_dumpio, an I/O logging/dumping module, added to the
-     modules/expermimental subdirectory.  [Jim Jagielski]
-
-  *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
-     library handles special characters.  PR 24437.  [Jess Holle]
-
-  *) Win32 MPM: Correct typo in debugging output.  [William Rowe]
-
-  *) conf: Remove AddDefaultCharset from the default configuration because
-     setting a site-wide default does more harm than good. PR 23421.
-     [Roy Fielding]
-
-  *) Add charset to example CGI scripts.  [Roy Fielding]
-
-  *) mod_ssl: fail quickly if SSL connection is aborted rather than
-     making many doomed ap_pass_brigade calls.  PR 32699.  [Joe Orton]
-
-  *) Remove compiled-in upper limit on LimitRequestFieldSize.
-     [Bill Stoddard]
-
-  *) Start keeping track of time-taken-to-process-request again for
-     mod_status if ExtendedStatus is enabled. [Jim Jagielski]
-
-  *) mod_proxy: Handle client-aborted connections correctly.  PR 32443.
-     [Janne Hietamäki, Joe Orton]
-
-  *) Fix handling of files >2Gb on all platforms (or builds) where
-     apr_off_t is larger than apr_size_t.  PR 28898.  [Joe Orton]
-
-  *) mod_include: Fix bug which could truncate variable expansions
-     of N*64 characters by one byte.  PR 32985.  [Joe Orton]
-
-  *) Correct handling of certain bucket types in ap_save_brigade, fixing
-     possible segfaults in mod_cgi with #include virtual.  PR 31247.
-     [Joe Orton]
-
-  *) Allow for the use of --with-module=foo:bar where the ./modules/foo
-     directory is local only. Assumes, of course, that the required
-     files are in ./modules/foo, but makes it easier to statically
-     build/log "external" modules.  [Jim Jagielski]
-
-  *) Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that 
-     ldap authorization only modules have access to the util_ldap 
-     user cache without having to require ldap authentication as well.  
-     PR 31898.  [Jari Ahonen jah progress.com, Brad Nicholes]
-
-  *) mod_auth_ldap: Added the directive "Requires ldap-attribute" that
-     allows the module to only authorize a user if the attribute value
-     specified matches the value of the user object. PR 31913
-     [Ryan Morgan <rmorgan pobox.com>]
-
-  *) SECURITY: CVE-2004-0942 (cve.mitre.org)
-     Fix for memory consumption DoS in handling of MIME folded request
-     headers.  [Joe Orton]
-
-  *) SECURITY: CVE-2004-0885 (cve.mitre.org)
-     mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
-     bypassed during an SSL renegotiation.  PR 31505.  
-     [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
-
-  *) mod_ssl: Fail at startup rather than segfault at runtime if a
-     client cert is configured with an encrypted private key.
-     PR 24030.  [Joe Orton]
-
-  *) apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
-     [Joe Orton]
-
-  *) mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
-     [Jeff Trawick]
- 
-  *) mod_cache: CacheDisable will only disable the URLs it was meant to
-     disable, not all caching. PR 31128.
-     [Edward Rudd <eddie omegaware.com>, Paul Querna]
-
-  *) mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
-     cache responses.  [Justin Erenkrantz]
-
-  *) mod_rewrite: Handle per-location rules when r->filename is unset.
-     Previously this would segfault or simply not match as expected,
-     depending on the platform.  [Jeff Trawick]
-
-  *) mod_rewrite: Fix 0 bytes write into random memory position.
-     PR 31036. [André Malo]
-
-  *) mod_disk_cache: Do not store aborted content.  PR 21492.
-     [Rüdiger Plüm <r.pluem t-online.de>]
-
-  *) mod_disk_cache: Correctly store cached content type.  PR 30278.
-     [Rüdiger Plüm <r.pluem t-online.de>]
-
-  *) mod_ldap: prevent the possiblity of an infinite loop in the LDAP
-     statistics display. PR 29216. [Graham Leggett]
-
-  *) mod_ldap: fix a bogus error message to tell the user which file
-     is causing a potential problem with the LDAP shared memory cache.
-     PR 31431 [Graham Leggett]
-
-  *) SECURITY: CVE-2004-1834 (cve.mitre.org)
-     mod_disk_cache: Do not store hop-by-hop headers.  [Justin Erenkrantz]
-
-  *) Fix the re-linking issue when purging elements from the LDAP cache
-     PR 24801.  [Jess Holle <jessh ptc.com>]
-      
-  *) mod_disk_cache: Fix races in saving responses.  [Justin Erenkrantz]
-
-  *) Fix Expires handling in mod_cache.  [Justin Erenkrantz]
-
-  *) Alter mod_expires to run at a different filter priority to allow
-     proper Expires storage by mod_cache.  [Justin Erenkrantz]
-
-Changes with Apache 2.0.52
-
-  *) Use HTML 2.0 <hr> for error pages. PR 30732 [André Malo]
-
-  *) Fix the global mutex crash when the global mutex is never allocated
-     due to disabled/empty caches. [Jess Holle <jessh ptc.com>]
-
-  *) Fix a segfault in the LDAP cache when it is configured switched
-     off. [Jess Holle <jessh ptc.com>]
-
-  *) SECURITY: CVE-2004-0811 (cve.mitre.org)
-     Fix merging of the Satisfy directive, which was applied to
-     the surrounding context and could allow access despite configured
-     authentication.  PR 31315.  [Rici Lake <rici ricilake.net>]
-
-  *) Fix the handling of URIs containing %2F when AllowEncodedSlashes
-     is enabled.  Previously, such urls would still be rejected.
-     [Jeff Trawick, Bill Stoddard]
-
-  *) mod_mem_cache: Fixed race condition causing segfault because of memory being
-     freed twice, or reused after being freed.
-     [J. Clar, W. Stoddard, G. Ames]
-    
-  *) Add -l option to rotatelogs to let it use local time rather than
-     UTC.  PR 24417.  [Ken Coar, Uli Zappe <uli ritual.org>]
-
-  *) mod_log_config: Fix a bug which prevented request completion time
-     from being logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
-     processing.  PR 29696.  [Alois Treindl <alois astro.ch>]
-
-Changes with Apache 2.0.51
-
-  *) SECURITY: CVE-2004-0786 (cve.mitre.org)
-     Fix an input validation issue in apr-util which could be
-     triggered by malformed IPv6 literal addresses.  [Joe Orton]
-
-  *) SECURITY: CVE-2004-0747 (cve.mitre.org)
-     Fix buffer overflow in expansion of environment variables in
-     configuration file parsing.  [André Malo]
-
-  *) SECURITY: CVE-2004-0809 (cve.mitre.org)
-     mod_dav_fs: Fix a segfault in the handling of an indirect lock
-     refresh.  PR 31183.  [Joe Orton]
-
-  *) mod_include no longer checks for recursion, because that's done
-     in the core. This allows for careful usage of recursive SSI.
-     [André Malo]
-
-  *) Fix memory leak in the cache handling of mod_rewrite. PR 27862.
-     [chunyan sheng <shengperson yahoo.com>, André Malo]
-
-  *) Include directives no longer refuse to process symlinks on
-     directories. Instead there's now a maximum nesting level
-     of included directories (128 as distributed). This is configurable
-     at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch.
-     PR 28492.  [André Malo]
-
-  *) Win32: apache -k start|restart|install|config can leave stranded
-     piped logger processes (eg, rotatelogs.exe) due to improper
-     server shutdown on these code paths.
-     [Bill Stoddard]
-
-  *) SECURITY: CVE-2004-0751 (cve.mitre.org)
-     mod_ssl: Fix a segfault in the SSL input filter which could be
-     triggered if using "speculative" mode, for instance by a 
-     proxy request to an SSL server.  PR 30134.  [Joe Orton]
-
-  *) mod_rewrite: Add %{SSL:...} and %{HTTPS} variable lookups.
-     PR 30464.  [Joe Orton, Madhusudan Mathihalli]
-
-  *) mod_ssl: Add new 'ssl_is_https' optional function.  [Joe Orton]
-
-  *) Prevent CGI script output which includes a Content-Range header
-     from being passed through the byterange filter.  [Joe Orton]
-
-  *) Satisfy directives now can be influenced by a surrounding <Limit>
-     container.  PR 14726.  [André Malo]
-
-  *) mod_rewrite now officially supports RewriteRules in <Proxy> sections.
-     PR 27985.  [André Malo]
-
-  *) mod_disk_cache: Implement binary format for on-disk header files.
-     [Brian Akins <bakins web.turner.com>, Justin Erenkrantz]
-
-  *) mod_disk_cache: Optimize network performance of disk cache subsystem by
-     allowing zero-copy (sendfile) writes and other miscellaneous fixes.
-     [Justin Erenkrantz]
-
-  *) mod_cache, mod_disk_cache, mod_mem_cache: Refactor cache modules, and
-     switch to the provider API instead of hooks.  [Justin Erenkrantz]
-
-  *) mod_autoindex: Don't truncate the directory listing if a stat()
-     call fails (for instance on a >2Gb file).  PR 17357.
-     [Joe Orton]
-
-  *) Makefile fix: httpd is linked against LIBS given to the
-     'make' invocation.  PR 7882.  [Joe Orton]
-
-  *) WinNT MPM: Fix a broken log message at termination.  PR 28063.
-     [Eider Oliveira <eider bol.com.br>]
-
-  *) Prevent Win32 pool corruption at startup [Allan Edwards]
-
-  *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
-     chosen SSL environment variable.  PR 20957. 
-     [Martin v. Loewis <martin v.loewis.de>]
-
-  *) suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
-     [Zvi Har'El <rl math.technion.ac.il>]
-
-  *) apachectl: Fix a problem finding envvars if sbindir != bindir.
-     PR 30723.  [Friedrich Haubensak <hsk imb-jena.de>]
-
-  *) mod_ssl: Build on RHEL 3.  PR 18989.  [Justin Erenkrantz]
-
-  *) SECURITY: CVE-2004-0748 (cve.mitre.org)
-     mod_ssl: Fix a potential infinite loop.  PR 29964.  [Joe Orton]
-
-  *) mod_ssl: Avoid startup failure after unclean shutdown if using shmcb.
-     PR 18989.  [Joe Orton]
-
-  *) mod_userdir: Ensure that the userdir identity is used for
-     suexec userdir access in a virtual host which has suexec configured.  
-     PR 18156.  [Joshua Slive]
-
-  *) mod_rewrite no longer confuses the RewriteMap caches if
-     different maps defined in different virtual hosts use the
-     same map name. PR 26462.  [André Malo]
-
-  *) mod_setenvif: Remove "support" for Remote_User variable which
-     never worked at all. PR 25725.  [André Malo]
-
-  *) Backport from 2.1 / Regression from 1.3: mod_headers now knows
-     again the functionality of the ErrorHeader directive. But instead
-     using this misnomer additional flags to the Header directive were
-     introduced ("always" and "onsuccess", defaulting to the latter).
-     PR 28657.  [André Malo]
-
-  *) Use the higher performing 'httpready' Accept Filter on all platforms 
-     except FreeBSD < 4.1.1. [Paul Querna]
-
-  *) mod_usertrack: Escape the cookie name before pasting into the
-     regexp.  [André Malo]
-
-  *) Extend the SetEnvIf directive to capture subexpressions of the
-     matched value.  [André Malo]
-
-  *) Recursive Include directives no longer crash. The server stops
-     including configuration files after a certain nesting level (128
-     as distributed). This is configurable at compile time using the
-     -DAP_MAX_INCLUDE_DEPTH switch. PR 28370.  [André Malo]
-
-  *) mod_dir: the trailing-slash behaviour is now configurable using the
-     DirectorySlash directive.  [André Malo]
-
-  *) Allow proxying of resources that are invoked via DirectoryIndex.
-     PR 14648, 15112, 29961.  [André Malo]
-
-  *) util_ldap: Switched the lock types on the shared memory cache 
-     from thread reader/writer locks to global mutexes in order to 
-     provide cross process cache protection. [Brad Nicholes]
-     
-  *) util_ldap: Reworked the cache locking scheme to eliminate duplicate 
-     cache entries in the credentials cache due to race conditions.
-     [Brad Nicholes]
-     
-  *) util_ldap: Enhanced the util_ldap cache-info display to show more 
-     detail about the contents and current state of the cache. 
-     [Brad Nicholes]
-     
-  *) Enable the option to support anonymous shared memory in mod_ldap.
-     This makes the cache work on Linux again. [Graham Leggett]
-
-  *) Enable special ErrorDocument value 'default' which restores the
-     canned server response for the scope of the directive.
-     [Geoffrey Young, André Malo]
-
-  *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
-     is set in r->subprocess_env allow mismatched query strings to pass.
-     PR 27758.  [Paul Querna, Geoffrey Young]
-
-  *) Accept URLs for the ServerAdmin directive. If the supplied
-     argument is not recognized as an URL, assume it's a mail address.
-     PR 28174.  [André Malo, Paul Querna]
-
-  *) initialize server arrays prior to calling ap_setup_prelinked_modules
-     so that static modules can push Defines values when registering
-     hooks just like DSO modules can ["Philippe M. Chiasson" <gozer cpan.org>]
-
-  *) Small fix to allow reverse proxying to an ftp server. Previously
-     an attempt to do this would try and connect to 0.0.0.0, regardless
-     of the server specified. PR 24922
-     [Pascal Terjan <pterjan@linuxfr.org>]
-
-  *) Add the NOTICE file to the rpm spec file in compliance with the
-     Apache v2.0 license. [Graham Leggett]
- 
-  *) RPM spec file changes: changed default dependancy to link to db4
-     instead of db3. Fixed complaints about unpackaged files.
-     [Graham Leggett]
- 
-Changes with Apache 2.0.50
-
-  *) SECURITY: CVE-2004-0493 (cve.mitre.org)
-     Close a denial of service vulnerability identified by Georgi
-     Guninski which could lead to memory exhaustion with certain
-     input data.  [Jeff Trawick]
-
-  *) mod_cgi: Handle output on stderr during script execution on Unix
-     platforms; preventing deadlock when stderr output fills pipe buffer.
-     Also fixes case where stderr from nph- scripts could be lost.
-     PR 22030, 18348.  [Joe Orton, Jeff Trawick]
-
-  *) mod_alias now emits a warning if it detects overlapping *Alias*
-     directives.  [André Malo]
-
-  *) mod_rewrite no longer turns forward proxy requests into reverse proxy
-     requests. PR 28125  [ast domdv.de, André Malo]
-
-  *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now
-     exported on Win32 and Netware as well (minor MMN bump).  PR 28523.
-     [Edward Rudd <eddie omegaware.com>, André Malo]
-
-  *) Restore the ability to disable the use of AcceptEx on Win9x systems
-     automatically (broken in 2.0.49). PR 28529.  [André Malo]
-
-  *) <VirtualHost myhost> now applies to all IP addresses for myhost
-     instead of just the first one reported by the resolver.  This
-     corrects a regression since 1.3.  [Jeff Trawick]
-
-  *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved
-     against ServerRoot PR#26602 [Brad Nicholes]
-       
-  *) SECURITY: CVE-2004-0488 (cve.mitre.org)
-     mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
-     (trusted) client certificate subject DN which exceeds 6K in length.
-     [Joe Orton]
-
-  *) mod_dav_fs: Fix MKCOL response for missing parent collections, which 
-     caused issues for the Eclipse WebDAV extension.
-     PR 29034.  [Joe Orton]
-
-  *) mod_deflate: Fix memory consumption (which was proportional to the
-     response size).  PR 29318.  [Joe Orton]
-
-  *) mod_ssl: Log the errors returned on failure to load or initialize
-     a crypto accelerator engine.  [Joe Orton]
-
-  *) Allow RequestHeader directives to be conditional. PR 27951.
-     [Vincent Deffontaines <vincent gryzor.com>, André Malo]
-
-  *) Allow LimitRequestBody to be reset to unlimited. PR 29106
-     [André Malo]
-
-  *) Fix a bunch of cases where the return code of the regex compiler
-     was not checked properly. This affects: mod_setenvif, mod_usertrack,
-     mod_proxy, mod_proxy_ftp and core. PR 28218.  [André Malo]
-
-  *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for
-     small cache sizes.  PR 27751.  [Geoff Thorpe <geoff geoffthorpe.net>]
-
-  *) Remove 2Gb log file size restriction on some 32-bit platforms.
-     PR 13511.  [Joe Orton]
-
-  *) mod_logio no longer removes the EOS bucket. PR 27928.
-     [Bojan Smojver <bojan rexursive.com>]
-
-  *) htpasswd no longer refuses to process files that contain empty
-     lines.  [André Malo]
-
-  *) Regression from 1.3: At startup, suexec now will be checked for
-     availability, the setuid bit and user root. The works only if
-     httpd is compiled with the shipped APR version (0.9.5).
-     PR 28287.  [André Malo]
-
-  *) Unix MPMs: Stop dropping connections when the file descriptor
-     is at least FD_SETSIZE.  [Jeff Trawick]
-
-  *) Fix handling of IPv6 numeric strings in mod_proxy.  [Jeff Trawick]
-
-  *) mod_isapi: send_response_header() failed to copy status string's 
-     last character.  PR 20619.  [Jesse Pelton <jsp pkc.com>]
-
-  *) Fix a segfault when requests for shared memory fails and returns
-     NULL. Fix a segfault caused by a lack of bounds checking on the
-     cache.  PR 24801.  [Graham Leggett]
-
-  *) Throw an error message if an attempt is made to use the LDAPTrustedCA
-     or LDAPTrustedCAType directives in a VirtualHost. PR 26390
-     [Brad Nicholes]
-
-  *) Fix a potential segfault if the bind password in the LDAP cache
-     is NULL.  PR 28250.  [Jari Ahonen <jah progress.com>]
-
-  *) Quotes cannot be used around require group and require dn
-     directives, update the documentation to reflect this. Also add
-     quotes around the dn and group within debug messages, to make it
-     more obvious why authentication is failing if quotes are used in
-     error.  PR 19304.  [Graham Leggett]
-
-  *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap
-     from escaping filters twice when the backslash character is used.
-     PR 24437.  [Jess Holle <jessh ptc.com>]
-
-  *) Overhaul handling of LDAP error conditions, so that the util_ldap_*
-     functions leave the connections in a sane state after errors have
-     occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134,
-     27271 [Graham Leggett]
-                                                                                
-  *) mod_ldap calls ldap_simple_bind_s() to validate the user
-     credentials.  If the bind fails, the connection is left
-     in an unbound state.  Make sure that the ldap connection
-     record is updated to show that the connection is no longer
-     bound. [Brad Nicholes]
-
-  *) Ensure that lines in the request which are too long are 
-     properly terminated before logging.
-     [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]
-
-  *) Update the bind credentials for the cached LDAP connection to 
-     reflect the last bind.  This prevents util_ldap from creating 
-     unnecessary connections rather than reusing cached connections.
-     [Brad Nicholes]
-     
-  *) mod_isapi: GetServerVariable returned improperly terminated header 
-     fields given "ALL_HTTP" or "ALL_RAW".  PR 20656.
-     [Jesse Pelton <jsp pkc.com>]
-
-  *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer
-     size.  PR 20617.  [Jesse Pelton <jsp pkc.com>]
-
-  *) mod_dav: Fix a problem that could cause crashes when manipulating 
-     locks on some platforms.  [Jeff Trawick]
-
-  *) mod_headers no longer crashes if an empty header value should
-     be added.  [André Malo]
-
-  *) Fix segfault in mod_expires, which occured under certain
-     circumstances. PR 28047.  [André Malo]
-
-  *) htpasswd: use apr_temp_dir_get() and general cleanup
-     [Guenter Knauf <eflash gmx.net>, Thom May]
-
-  *) mod_ssl: Fix memory leak in session cache handling.  PR 26562
-     [Madhusudan Mathihalli]
-
-  *) mod_ssl: Fix potential segfaults when performing SSL shutdown from
-     a pool cleanup.  PR 27945.  [Joe Orton]
-
-  *) Add forensic logging module (mod_log_forensic).
-     [Ben Laurie]
-
-  *) logresolve: Allow size of log line buffer to be overridden at
-     build time (MAXLINE).  PR 27793.  [Jeff Trawick]
-
-  *) Fix the comment delimiter in htdbm so that it correctly parses the 
-     username comment.  Also add a terminate function to allow NetWare 
-     to pause the output before the screen is destroyed.
-     [Guenter Knauf <eflash gmx.net>, Brad Nicholes] 
-  
-  *) Fix crash when Apache was started with no Listen directives.
-     [Michael Corcoran <mcorcoran warpsolutions.com>]
-
-  *) core_output_filter: Fix bug that could result in sending
-     garbage over the network when module handlers construct
-     bucket brigades containing multiple file buckets all referencing
-     the same open file descriptor. [Bojan Smojver]
-
-  *) Fix memory corruption problem with ap_custom_response() function.
-     The core per-dir config would later point to request pool data
-     that would be reused for different purposes on different requests.
-     [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe]
-
-  *) Win32: Tweak worker thread accounting routines to eliminate
-     server hang when number of Listen directives in httpd.conf
-     is greater than or equal to the setting of ThreadsPerChild.
-     [Bill Stoddard]
-
-Changes with Apache 2.0.49
-
-  *) SECURITY: CVE-2004-0174 (cve.mitre.org)
-     Fix starvation issue on listening sockets where a short-lived
-     connection on a rarely-accessed listening socket will cause a
-     child to hold the accept mutex and block out new connections until
-     another connection arrives on that rarely-accessed listening socket.
-     With Apache 2.x there is no performance concern about enabling the 
-     logic for platforms which don't need it, so it is enabled everywhere
-     except for Win32.  [Jeff Trawick]
-
-  *) mod_cgid: Fix storage corruption caused by use of incorrect pool.
-     [Jeff Trawick]
-
-  *) Win32: find_read_listeners was not correctly handling multiple
-     listeners on the Win32DisableAcceptEx path.  [Bill Stoddard]
-
-  *) Fix bug in mod_usertrack when no CookieName is set.  PR 24483.
-     [Manni Wood <manniwood planet-save.com>]
-
-  *) Fix some piped log problems: bogus "piped log program '(null)'
-     failed" messages during restart and problem with the logger
-     respawning again after Apache is stopped.  PR 21648, PR 24805.
-     [Jeff Trawick]
-
-  *) Fixed file extensions for real media files and removed rpm extension
-     from mime.types. PR 26079.  [Allan Sandfeld <kde carewolf.com>]
-
-  *) Remove compile-time length limit on request strings. Length is
-     now enforced solely with the LimitRequestLine config directive.
-     [Paul J. Reder]
-
-  *) mod_ssl: Send the Close Alert message to the peer before closing
-     the SSL session.  PR 27428.  [Madhusudan Mathihalli, Joe Orton]
-
-  *) SECURITY: CVE-2004-0113 (cve.mitre.org)
-     mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
-     PR 27106.  [Joe Orton]
-
-  *) mod_ssl: Fix bug in passphrase handling which could cause spurious
-     failures in SSL functions later.  PR 21160.  [Joe Orton]
-
-  *) mod_log_config: Fix corruption of buffered logs with threaded
-     MPMs.  PR 25520.  [Jeff Trawick]
-
-  *) Fix mod_include's expression parser to recognize strings correctly
-     even if they start with an escaped token.  [André Malo]
-
-  *) Add fatal exception hook for use by diagnostic modules.  The hook
-     is only available if the --enable-exception-hook configure parm 
-     is used and the EnableExceptionHook directive has been set to 
-     "on".  [Jeff Trawick]
-
-  *) Allow mod_auth_digest to work with sub-requests with different
-     methods than the original request.  PR 25040.
-     [Josh Dady <jpd indecisive.com>]
-
-  *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
-     argumentless containers.
-     ["Philippe M. Chiasson" <gozer cpan.org>]
-
-  *) mod_auth_ldap: Fix some segfaults in the cache logic.  PR 18756.
-     [Matthieu Estrade <apache moresecurity.org>, Brad Nicholes]
-
-  *) mod_cgid: Restart the cgid daemon if it crashes.  PR 19849
-     [Glenn Nielsen <glenn apache.org>]
-
-  *) The whole codebase was relicensed and is now available under
-     the Apache License, Version 2.0 (http://www.apache.org/licenses).
-     [Apache Software Foundation]
-
-  *) Fixed cache-removal order in mod_mem_cache.
-     [Jean-Jacques Clar, Cliff Woolley]
-
-  *) mod_setenvif: Fix the regex optimizer, which under circumstances
-     treated the supplied regex as literal string. PR 24219.
-     [André Malo]
-
-  *) ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
-     instead of mmn. [André Malo]
-
-  *) mod_rewrite: Catch an edge case, where strange subsequent RewriteRules
-     could lead to a 400 (Bad Request) response.  [André Malo]
-
-  *) Keep focus of ITERATE and ITERATE2 on the current module when
-     the module chooses to return DECLINE_CMD for the directive.
-     PR 22299.  [Geoffrey Young <geoff apache.org>]
-
-  *) Add support for IMT minor-type wildcards (e.g., text/*) to
-     ExpiresByType.  PR#7991  [Ken Coar]
-
-  *) Fix segfault in mod_mem_cache cache_insert() due to cache size
-     becoming negative.  PR: 21285, 21287
-     [Bill Stoddard, Massimo Torquati, Jean-Jacques Clar]
-
-  *) core.c: If large file support is enabled, allow any file that is
-     greater than AP_MAX_SENDFILE to be split into multiple buckets.
-     This allows Apache to send files that are greater than 2gig.
-     Otherwise we run into 32/64 bit type mismatches in the file size.
-     [Brad Nicholes]
-
-  *) proxy_http fix: mod_proxy hangs when both KeepAlive and
-     ProxyErrorOverride are enabled, and a non-200 response without a
-     body is generated by the backend server. (e.g.: a client makes a
-     request containing the "If-Modified-Since" and "If-None-Match"
-     headers, to which the backend server respond with status 304.)
-     [Graham Wiseman <gwiseman fscinternet.com>, Richard Reiner]
-
-  *) mod_dav: Reject requests which include an unescaped fragment in the
-     Request-URI.  PR 21779.  [Amit Athavale <amit_athavale lycos.com>]
-
-  *) Build array of allowed methods with proper dimensions, fixing
-     possible memory corruption.  [Jeff Trawick]
-
-  *) mod_ssl: Fix potential segfault on lookup of SSL_SESSION_ID.
-     PR 15057.  [Otmar Lendl <lendl nic.at>]
-
-  *) mod_ssl: Fix streaming output from an nph- CGI script. PR 21944
-     [Joe Orton]
-
-  *) mod_usertrack no longer inspects the Cookie2 header for
-     the cookie name. PR 11475.  [Chris Darrochi <chrisd pearsoncmg.com>]
-
-  *) mod_usertrack no longer overwrites other cookies.
-     PR 26002.  [Scott Moore <apache nopdesign.com>]
-
-  *) worker MPM: fix stack overlay bug that could cause the parent
-     process to crash.  [Jeff Trawick]
-
-  *) Win32: Add Win32DisableAcceptEx directive. This Windows
-     NT/2000/CP directive is useful to work around bugs in some 
-     third party layered service providers like virus scanners, 
-     VPN and firewall products, that do not properly handle 
-     WinSock 2 APIs.  Use this directive if your server is issuing
-     AcceptEx failed messages.
-     [Allan Edwards, Bill Rowe, Bill Stoddard, Jeff Trawick]
-
-  *) Make REMOTE_PORT variable available in mod_rewrite.
-     PR 25772.  [André Malo]
-
-  *) Fix a long delay with CGI requests and keepalive connections on
-     AIX.  [Jeff Trawick]
-
-  *) mod_autoindex: Add 'XHTML' option in order to allow switching between
-     HTML 3.2 and XHTML 1.0 output. PR 23747.  [André Malo]
-
-  *) Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
-     [André Malo]
-
-  *) mod_ssl: Advertise SSL library version as determined at run-time rather
-     than at compile-time.  PR 23956.  [Eric Seidel <seidel apple.com>]
-
-  *) mod_ssl: Fix segfault on a non-SSL request if the 'c' log
-     format code is used.  PR 22741.  [Gary E. Miller <gem rellim.com>]
-
-  *) Fix build with parallel make.  PR 24643.  [Joe Orton]
-
-  *) mod_rewrite: In external rewrite maps lookup keys containing
-     a newline now cause a lookup failure. PR 14453.
-     [Cedric Gavage <cedric.gavage unixtech.be>, André Malo]
-
-  *) Backport major overhaul of mod_include's filter parser from 2.1.
-     The new parser code is expected to be more robust and should
-     catch all of the edge cases that were not handled by the previous one.
-     The 2.1 external API changes were hidden by a wrapper which is
-     expected to keep the API backwards compatible.  [André Malo]
-
-  *) Add a hook (insert_error_filter) to allow filters to re-insert
-     themselves during processing of error responses. Enable mod_expires
-     to use the new hook to include Expires headers in valid error
-     responses. This addresses an RFC violation. It fixes PRs 19794,
-     24884, and 25123. [Paul J. Reder]
-
-  *) Add Polish translation of error messages.  PR 25101.
-     [Tomasz Kepczynski <tomek jot23.org>]
-
-  *) Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. (Not yet
-     supported for BeOS or OS/2 MPMs.)  [Jeff Trawick, Brad Nicholes,
-     Bill Stoddard]
-
-  *) Add mod_status hook to allow modules to add to the mod_status
-     report.  [Joe Orton]
-
-  *) Fix htdbm to generate comment fields in DBM files correctly.
-     [Justin Erenkrantz]
-
-  *) mod_dav: Use bucket brigades when reading PUT data. This avoids
-     problems if the data stream is modified by an input filter. PR 22104.
-     [Tim Robbins <tim robbins.dropbear.id.au>, André Malo]
-
-  *) Fix RewriteBase directive to not add double slashes.  [André Malo]
-
-  *) Improve 'configure --help' output for some modules.  [Astrid Keßler]
-
-  *) Correct UseCanonicalName Off to properly check incoming port number.
-     [Jim Jagielski]
-
-  *) Fix slow graceful restarts with prefork MPM.  [Joe Orton]
-
-  *) Fix a problem with namespace mappings being dropped in mod_dav_fs;
-     if any property values were set which defined namespaces these
-     came out mangled in the PROPFIND response.  PR 11637.
-     [Amit Athavale <amit_athavale persistent.co.in>]
-
-  *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
-     the destination resource gives a 401.  PR 15571.  [Joe Orton]
-
-  *) SECURITY: CVE-2003-0020 (cve.mitre.org)
-     Escape arbitrary data before writing into the errorlog. Unescaped
-     errorlogs are still possible using the compile time switch
-     "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".  [Geoffrey Young, André Malo]
-
-  *) mod_autoindex / core: Don't fail to show filenames containing
-     special characters like '%'. PR 13598.  [André Malo]
- 
-  *) mod_status: Report total CPU time accurately when using a threaded
-     MPM.  PR 23795.  [Jeff Trawick]
-
-  *) Fix memory leak in handling of request bodies during reverse
-     proxy operations.  PR 24991. [Larry Toppi <larry.toppi citrix.com>]
-
-  *) Win32 MPM: Implement MaxMemFree to enable setting an upper
-     limit on the amount of storage used by the bucket brigades
-     in each server thread. [Bill Stoddard]
-
-  *) Modified the cache code to be header-location agnostic. Also
-     fixed a number of other cache code bugs related to PR 15852.
-     Includes a patch submitted by Sushma Rai <rsushma novell.com>.
-     This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
-     closing the PR since that is what they are using. [Paul J. Reder]
-
-  *) complain via error_log when mod_include's INCLUDES filter is
-     enabled, but the relevant Options flag allowing the filter to run
-     for the specific resource wasn't set, so that the filter won't
-     silently get skipped. next remove itself, so the warning will be
-     logged only once [Stas Bekman, Jeff Trawick, Bill Rowe]
-
-  *) mod_info: HTML escape configuration information so it displays 
-     correctly. PR 24232. [Thom May]
-     
-  *) Restore the ability to add a description for directories that
-     don't contain an index file.  (Broken in 2.0.48) [André Malo]
-
-  *) Fix a problem with the display of empty variables ("SetEnv foo") in
-     mod_include.  PR 24734  [Markus Julen <mj zermatt.net>]
-
-  *) mod_log_config: Log the minutes component of the timezone correctly.
-     PR 23642.  [Hong-Gunn Chew <hgbug gunnet.org>]
-
-  *) mod_proxy: Fix cases where an invalid status-line could be sent 
-     to the client.  PR 23998.  [Joe Orton]
-
-  *) mod_ssl: Fix segfaults at startup if other modules which use OpenSSL
-     are also loaded.  [Joe Orton]
-
-  *) mod_ssl: Use human-readable OpenSSL error strings in logs; use
-     thread-safe interface for retrieving error strings.  [Joe Orton]
-
-  *) mod_expires: Initialize ExpiresDefault to NULL instead of "" to
-     avoid reporting an Internal Server error if it is used without
-     having been set in the httpd.conf file. PR: 23748, 24459
-     [André Malo, Liam Quinn  <liam htmlhelp.com>]
-
-  *) mod_autoindex: Don't omit the <tr> start tag if the SuppressIcon
-     option is set. PR 21668.  [Jesse Tie-Ten-Quee <highos highos.com>]
-
-  *) mod_include no longer allows an ETag header on 304 responses.
-     PR 19355. [Geoffrey Young <geoff apache.org>, André Malo]
-
-  *) EBCDIC: Convert header fields to ASCII before sending (broken
-     since 2.0.44). [Martin Kraemer]
-
-  *) Fix the inability to log errors like exec failure in
-     mod_ext_filter/mod_cgi script children.  This was broken after 
-     such children stopped inheriting the error log handle.  
-     [Jeff Trawick]
-
-  *) Fix mod_info to use the real config file name, not the default
-     config file name.  [Aryeh Katz <aryeh secured-services.com>]
-
-  *) Set the scoreboard state to indicate logging prior to running 
-     logging hooks so that server-status will show 'L' for hung loggers
-     instead of 'W'.  [Jeff Trawick]
-
-Changes with Apache 2.0.48
-
-  *) SECURITY: CVE-2003-0789 (cve.mitre.org)
-     mod_cgid: Resolve some mishandling of the AF_UNIX socket used to
-     communicate with the cgid daemon and the CGI script.
-     [Jeff Trawick]
-
-  *) SECURITY: CVE-2003-0542 (cve.mitre.org)
-     Fix buffer overflows in mod_alias and mod_rewrite which occurred
-     if one configured a regular expression with more than 9 captures.
-     [André Malo]
-
-  *) mod_include: fix segfault which occured if the filename was not
-     set, for example, when processing some error conditions.
-     PR 23836.  [Brian Akins <bakins web.turner.com>, André Malo]
-
-  *) fix the config parser to support <Foo>..</Foo> containers (no
-     arguments in the opening tag) supported by httpd 1.3. Without
-     this change mod_perl 2.0's <Perl> sections are broken.
-     ["Philippe M. Chiasson" <gozer cpan.org>]
-
-  *) mod_cgid: fix a hash table corruption problem which could
-     result in the wrong script being cleaned up at the end of a
-     request.  [Jeff Trawick]
-
-  *) Update httpd-*.conf to be clearer in describing the connection
-     between AddType and AddEncoding for defining the meaning of
-     compressed file extensions. [Roy Fielding]
-
-  *) mod_rewrite: Don't die silently when failing to open RewriteLogs.
-     PR 23416.  [André Malo]
-
-  *) mod_rewrite: Fix mod_rewrite's support of the [P] option to send
-     rewritten request using "proxy:". The code was adding multiple "proxy:"
-     fields in the rewritten URI. PR: 13946.
-     [Eider Oliveira <eider bol.com.br>]
-
-  *) cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and
-     expires as directed in RFC 2616. [Thomas Castelle <tcastelle generali.fr>]
-
-  *) Ensure that ssl-std.conf is generated at configure time, and switch
-     to using the expanded config variables to work the same as
-     httpd-std.conf PR: 19611
-     [Thom May]
-
-  *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
-     [Hartmut Keil <Hartmut.Keil adnovum.ch>]
-
-  *) mod_autoindex: If a directory contains a file listed in the
-     DirectoryIndex directive, the folder icon is no longer replaced
-     by the icon of that file. PR 9587.
-     [David Shane Holden <dpejesh yahoo.com>]
-
-  *) Fixed mod_usertrack to not get false positive matches on the
-     user-tracking cookie's name.  PR 16661.
-     [Manni Wood <manniwood planet-save.com>]
-
-  *) mod_cache: Fix the cache code so that responses can be cached
-     if they have an Expires header but no Etag or Last-Modified
-     headers. PR 23130.
-     [<bjorn exoweb.net>]
-
-  *) mod_log_config: Fix %b log format to write really "-" when 0 bytes
-     were sent (e.g. with 304 or 204 response codes).  [Astrid Keßler]
-
-  *) Modify ap_get_client_block() to note if it has seen EOS.
-     [Justin Erenkrantz]
-
-  *) Fix a bug, where mod_deflate sometimes unconditionally compressed the
-     content if the Accept-Encoding header contained only other tokens than
-     "gzip" (such as "deflate"). PR 21523.  [Joe Orton, André Malo]
-
-  *) Avoid an infinite recursion, which occured if the name of an included
-     config file or directory contained a wildcard character. PR 22194.
-     [André Malo]
-
-  *) mod_ssl: Fix a problem setting variables that represent the
-     client certificate chain.  PR 21371  [Jeff Trawick]
-
-  *) Unix: Handle permissions settings for flock-based mutexes in 
-     unixd_set_global|proc_mutex_perms().  Allow the functions to be
-     called for any type of mutex.  PR 20312  [Jeff Trawick]
-
-  *) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]
-
-  *) Fix a misleading message from the some of the threaded MPMs when 
-     MaxClients has to be lowered due to the setting of ServerLimit.  
-     [Jeff Trawick]
-
-  *) Lower the severity of the "listener thread didn't exit" message
-     to debug, as it is of interest only to developers.  PR 9011
-     [Jeff Trawick]
-
-  *) MPMs: The bucket brigades subsystem now honors the MaxMemFree setting.
-     [Cliff Woolley, Jean-Jacques Clar]
-
-  *) Install config.nice into the build/ directory to make
-     minor version upgrades easier. [Joshua Slive]
-
-  *) Fix mod_deflate so that it does not call deflate() without checking
-     first whether it has something to deflate. (Currently this causes
-     deflate to generate a fatal error according to the zlib spec.)
-     PR 22259. [Stas Bekman]
-
-  *) mod_ssl: Fix FakeBasicAuth for subrequest.  Log an error when an
-     identity spoof is encountered.
-     [Sander Striker]
-
-  *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
-     containing the .htaccess file is requested without a trailing slash.
-     PR 20195.  [André Malo]
-
-  *) ab: Overlong credentials given via command line no longer clobber
-     the buffer.  [André Malo]
-
-  *) mod_deflate: Don't attempt to hold all of the response until we're
-     done.  [Justin Erenkrantz]
-
-  *) Assure that we block properly when reading input bodies with SSL.
-     PR 19242.  [David Deaves <David.Deaves dd.id.au>, William Rowe]
-
-  *) Update mime.types to include latest IANA and W3C types.  [Roy Fielding]
-
-  *) mod_ext_filter: Set additional environment variables for use by
-     the external filter.  PR 20944.  [Andrew Ho, Jeff Trawick]
-
-  *) Fix buildconf errors when libtool version changes.  [Jeff Trawick]
-
-  *) Remember an authenticated user during internal redirects if the
-     redirection target is not access protected and pass it
-     to scripts using the REDIRECT_REMOTE_USER environment variable.
-     PR 10678, 11602.  [André Malo]
-
-  *) mod_include: Fix a trio of bugs that would cause various unusual
-     sequences of parsed bytes to omit portions of the output stream.
-     PR 21095. [Ron Park <ronald.park cnet.com>, André Malo, Cliff Woolley]
-
-  *) Update the header token parsing code to allow LWS between the
-     token word and the ':' seperator.  [PR 16520]
-     [Kris Verbeeck <kris.verbeeck advalvas.be>, Nicel KM <mnicel yahoo.com>]
-
-  *) Eliminate creation of a temporary table in ap_get_mime_headers_core()
-     [Joe Schaefer <joe+gmane sunstarsys.com>]
-
-  *) Added FreeBSD directory layout. PR 21100.
-     [Sander Holthaus <info orangexl.com>, André Malo]
-
-  *) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP
-     response. PR 21085. [Glenn Nielsen <glenn apache.org>, André Malo]
-
-  *) mod_rewrite: Perform child initialization on the rewrite log lock.
-     This fixes a log corruption issue when flock-based serialization
-     is used (e.g., FreeBSD).  [Jeff Trawick]
-
-  *) Don't respect the Server header field as set by modules and CGIs.
-     As with 1.3, for proxy requests any such field is from the origin
-     server; otherwise it will have our server info as controlled by
-     the ServerTokens directive.  [Jeff Trawick]
-
-Changes with Apache 2.0.47
-
-  *) SECURITY: CVE-2003-0192 (cve.mitre.org)
-     Fixed a bug whereby certain sequences of per-directory
-     renegotiations and the SSLCipherSuite directive being used to
-     upgrade from a weak ciphersuite to a strong one could result in
-     the weak ciphersuite being used in place of the strong one.  
-     [Ben Laurie]
-
-  *) SECURITY: CVE-2003-0253 (cve.mitre.org)
-     Fixed a bug in prefork MPM causing temporary denial of service
-     when accept() on a rarely accessed port returns certain errors.
-     Reported by Saheed Akhtar <S.Akhtar talis.com>.  [Jeff Trawick]
-
-  *) SECURITY: CVE-2003-0254 (cve.mitre.org)
-     Fixed a bug in ftp proxy causing denial of service when target
-     host is IPv6 but proxy server can't create IPv6 socket.  Fixed by
-     the reporter.  [Yoshioka Tsuneo <tsuneo.yoshioka f-secure.com>]
-
-  *) SECURITY [VU#379828] Prevent the server from crashing when entering
-     infinite loops. The new LimitInternalRecursion directive configures
-     limits of subsequent internal redirects and nested subrequests, after
-     which the request will be aborted.  PR 19753 (and probably others).
-     [William Rowe, Jeff Trawick, André Malo]
-
-  *) core_output_filter: don't split the brigade after a FLUSH bucket if
-     it's the last bucket.  This prevents creating unneccessary empty
-     brigades which may not be destroyed until the end of a keepalive
-     connection.
-     [Juan Rivera <Juan.Rivera citrix.com>]
-
-  *) Add support for "streamy" PROPFIND responses.
-     [Ben Collins-Sussman <sussman collab.net>]
-
-  *) mod_cgid: Eliminate a double-close of a socket.  This resolves
-     various operational problems in a threaded MPM, since on the
-     second attempt to close the socket, the same descriptor was
-     often already in use by another thread for another purpose.
-     [Jeff Trawick]
-
-  *) mod_negotiation: Introduce "prefer-language" environment variable,
-     which allows to influence the negotiation process on request basis
-     to prefer a certain language.  [André Malo]
-
-  *) Make mod_expires' ExpiresByType work properly, including for
-     dynamically-generated documents.  [Ken Coar, Bill Stoddard]
-
-Changes with Apache 2.0.46
-
-  *) SECURITY: CVE-2003-0245 (cve.mitre.org)
-     Fixed a bug causing apr_pvsprintf() to crash by sending an overly
-     long string.  This can be triggered remotely through mod_dav,
-     mod_ssl, and other mechanisms.
-     Reported by David Endler <DEndler iDefense.com>.  [Joe Orton]
-
-  *) SECURITY: CVE-2003-0189 (cve.mitre.org)
-     Fixed a denial-of-service vulnerability affecting basic
-     authentication on Unix platforms related to thread-safety in
-     apr_password_validate().
-     Reported by John Hughes <john.hughes entegrity.com>.
-
-  *) Fix for mod_dav.  Call the 'can_be_activity' callback, if provided,
-     when a MKACTIVITY request comes in.
-     [Ben Collins-Sussman <sussman collab.net>]
-
-  *) Perform run-time query in apxs for apr and apr-util's includes.
-     [Justin Erenkrantz]
-
-  *) run libtool from the apr install directory (in case that is different
-     from the apache install directory) [Jeff Trawick]
-
-  *) configure.in: Play nice with libtool-1.5. [Wilfredo Sanchez]
-
-  *) If mod_mime_magic does not know the content-type, do not attempt to
-     guess.  PR 16908.  [Andrew Gapon <agapon telcordia.com>]
-
-  *) ssl session caching(shmht) : Fix a SEGV problem with SHMHT session
-     caching. PR 17864.
-     [Andreas Leimbacher <andreasl67 yahoo.de>, Madhusudan Mathihalli]
-
-  *) Add a delete flag to htpasswd.
-     [Thom May]
-
-  *) Fix mod_rewrite's handling of absolute URIs. The escaping routines
-     now work scheme dependent and the query string will only be
-     appended if supported by the particular scheme.  [André Malo]
-
-  *) Add another check for already compressed content in mod_deflate.
-     PR 19913. [Tsuyoshi SASAMOTO <nazonazo super.win.ne.jp>]
-
-  *) Fixes for VPATH builds; copying special.mk and any future .mk files 
-     from the source tree as well as the build tree (now creates a usable
-     configuration for apxs), and eliminated redundant -I'nclude paths.
-     [William Rowe]
-
-  *) Code fixes, constness corrections and ssl_toolkit_compat.h updates
-     for SSLC and OpenSSL toolkit compatibility.  Still work remains to
-     be done to cripple features based on the limitations of RSA's binary 
-     distribution of their SSL-C toolkit.
-     [William Rowe, Madhusudan Mathihalli, Jeff Trawick]
-
-  *) Linux 2.4+: If Apache is started as root and you code 
-     CoreDumpDirectory, coredumps are enabled via the prctl() syscall.
-     [Greg Ames]
-
-  *) ap_get_mime_headers_core: allocate space for the trailing null
-     when folding is in effect.
-     PR 18170 [Peter Mayne <PeterMayne SPAM_SUX.ap.spherion.com>]
-
-  *) Fix --enable-mods-shared=most and other variants.  [Aaron Bannert]
-
-  *) mod_log_config: Add the ability to log the id of the thread 
-     processing the request via new %P formats.  [Jeff Trawick]
-
-  *) Use appropriate language codes for Czech (cs) and Traditional Chinese
-     (zh-tw) in default config files. PR 9427.  [André Malo]
-
-  *) mod_auth_ldap: Use generic whitespace character class when parsing
-     "require" directives, instead of literal spaces only. PR 17135.
-     [André Malo]
-
-  *) Hook mod_rewrite's type checker before mod_mime's one. That way the
-     RewriteRule [T=...] Flag should work as expected now. PR 19626.
-     [André Malo]
-
-  *) htpasswd: Check the processed file on validity. If a line is not empty
-     and not a comment, it must contain at least one colon. Otherwise exit
-     with error code 7. [Kris Verbeeck <Kris.Verbeeck ubizen.com>, Thom May]
-
-  *) Fix a problem that caused httpd to be linked with incorrect flags
-     on some platforms when mod_so was enabled by default, breaking 
-     DSOs on AIX.  PR 19012  [Jeff Trawick]
-
-  *) By default, use the same CC and CPP with which APR was built.
-     The user can override with CC and CPP environment variables.
-     [Jeff Trawick]
-
-  *) Fix ap_construct_url() so that it surrounds IPv6 literal address
-     strings with [].  This fixes certain types of redirection.
-     PR 19207.  [Jeff Trawick]
-
-  *) forward port of buffer overflow fixes for htdigest. [Thom May]
-
-  *) Added AllowEncodedSlashes directive to permit control of whether
-     the server will accept encoded slashes ('%2f') in the URI path.
-     Default condition is off (the historical behaviour).  This permits
-     environments in which the path-info needs to contain encoded
-     slashes.  PR 543, 2389, 3581, 3589, 5687, 7066, 7865, 14639.  [Ken Coar]
-
-  *) When using Redirect in directory context, append requested query
-     string if there's no one supplied by configuration. PR 10961.
-     [André Malo]
-
-  *) Unescape the supplied wildcard pattern in mod_autoindex. Otherwise
-     the pattern will not always match as desired. PR 12596.
-     [André Malo]
-
-  *) mod_autoindex now emits and accepts modern query string parameter
-     delimiters (;). Thus column headers no longer contain unescaped
-     ampersands. PR 10880  [André Malo]
-
-  *) Enable ap_sock_disable_nagle for Windows. This along with the 
-     addition of APR_TCP_NODELAY_INHERITED to apr.hw will cause Nagle 
-     to be disabled for Windows. [Allan Edwards]
-
-  *) Correct a mis-correlation between mpm_common.c and mpm_common.h;
-     This patch reverts us to pre-2.0.46 behavior, using the 
-     ap_sock_disable_nagle noop macro, because ap_sock_disable_nagle 
-     was never compiled on Win32. [Allan Edwards, William Rowe]
-
-  *) Fix a build problem with passing unsupported --enable-layout
-     args to apr and apr-util.  This broke binbuild.sh as well as
-     user-specified layout parameters.  PR 18649 [Justin Erenkrantz,
-     Jeff Trawick]
-
-  *) If a Date response header was already set in the headers array,
-     this value was ignored in favour of the current time. This meant
-     that Date headers on proxied requests where rewritten when they
-     should not have been. PR: 14376 [Graham Leggett]
-
-  *) Add code to buildconf that produces an httpd.spec file from
-     httpd.spec.in, using build/get-version.sh from APR.
-     [Graham Leggett]
-
-  *) Fixed a segfault when multiple ProxyBlock directives were used.
-     PR: 19023 [Sami Tikka <sami.tikka f-secure.com>]
-
-  *) SECURITY: CVE-2003-0134 (cve.mitre.org)
-     OS2: Fix a Denial of Service vulnerability identified and
-     reported by Robert Howard <rihoward rawbw.com> that where device
-     names faulted the running OS2 worker process.  The fix is
-     actually in APR 0.9.4.  [Brian Havard]
-
-  *) SECURITY: CVE-2003-0083 (cve.mitre.org)
-     Forward port: Escape special characters (especially control
-     characters) in mod_log_config to make a clear distinction between
-     client-supplied strings (with special characters) and server-side
-     strings. This was already introduced in version 1.3.25.
-     [André Malo]
-
-  *) mod_deflate: Check also err_headers_out for an already set
-     Content-Encoding: gzip header. This prevents gzip compressed content
-     from a CGI script from being compressed once more. PR 17797.
-     [André Malo]
-
-Changes with Apache 2.0.45
-
-  *) Fix possible segfaults under obscure error conditions within the
-     cgid daemon.  [Jeff Trawick, William Rowe]
-
-  *) SECURITY: CVE-2003-0132 (cve.mitre.org)
-     Close a Denial of Service vulnerability identified by David
-     Endler <DEndler iDefense.com> on all platforms.  An unlimited
-     stream of newlines were acceptable between requests where each
-     <lf> would allocate an 80 byte buffer, leading very quickly to
-     memory exahustion.  [Brian Pane]
-
-  *) Added an rpm build script.
-     [Graham Leggett, Joe Orton <jorton redhat.com>]
-
-  *) Simpler, faster code path for request header scanning  [Brian Pane]
-
-  *) SECURITY:  Eliminated leaks of several file descriptors to child
-     processes, such as CGI scripts.  This fix depends on the APR library 
-     release 0.9.2 or later (0.9.3 was distributed with the httpd 
-     source tarball for Apache 2.0.45.)  PR 17206
-     [Christian Kratzer <ck cksoft.de>, Bjoern A. Zeeb <bz zabbadoz.net>]
-
-  *) Fix path handling of mod_rewrite, especially on non-unix systems.
-     There was some confusion between local paths and URL paths.
-     PR 12902.  [André Malo]
-
-  *) Prevent endless loops of internal redirects in mod_rewrite by
-     aborting after exceeding a limit of internal redirects. The
-     limit defaults to 10 and can be changed using the RewriteOptions
-     directive. PR 17462.  [André Malo]
-
-  *) Win32: Avoid busy wait (consuming all the CPU idle cycles) when
-     all worker threads are busy. 
-     [Igor Nazarenko <igor_nazarenko hotmail.com>]
-
-  *) Keep the subrequest filter in place when a subrequest is 
-     redirected.  PR 15423.  [Jeff Trawick]
-
-  *) you can now specify the compression level for mod_deflate. 
-     [Ian Holsman, Stephen Pierzchala <stephen pierzchala.com>, 
-     Michael Schroepl <Michael.Schroepl telekurs.de>]
-
-  *) mod_deflate: Extend the DeflateFilterNote directive to
-     allow accurate logging of the filter's in- and outstream.
-     [André Malo]
-
-  *) Allow SSLMutex to select/use the full range of APR locking
-     mechanisms available to it. Also, fix the bug that SSLMutex uses
-     APR_LOCK_DEFAULT no matter what.  PR 8122  [Jim Jagielski,
-     Martin Kutschker <martin.t.kutschker blackbox.net>]
-
-  *) Restore the ability of htdigest.exe to create files that contain
-     more than one user. PR 12910.  [André Malo]
-
-  *) Improve binary compatibility of the core between debug (aka
-     maintainer-mode) and a non-debug compile.
-     [Sander Striker]
-
-  *) mod_usertrack: don't set the cookie in subrequests. This works
-     around the problem that cookies were set twice during fast internal
-     redirects. PR 13211.  [André Malo]
-
-  *) mod_autoindex no longer forgets output format and enabled version
-     sort in linked column headers.  [André Malo]
-
-  *) Use .sv instead of .se as extension for Swedish documents in the
-     default configuration. PR 12877.  [André Malo]
-
-  *) Updated mod_ldap and mod_auth_ldap to support the Novell LDAP SDK SSL
-     and standardized the LDAP SSL support across the various LDAP SDKs.  
-     Isolated the SSL functionality to mod_ldap rather than speading it 
-     across mod_auth_ldap and mod_ldap.  Also added LDAPTrustedCA
-     and LDAPTrustedCAType directives to mod_ldap to allow for a more 
-     common method of specifying the SSL certificate.
-     [Dave Ward, Brad Nicholes]
-
-  *) Fixed mod_ssl's SSLCertificateChain initialization to no longer 
-     skip the first cert of the chain by default.  This misbehavior 
-     was introduced in 2.0.34.  PR 14560  [Madhusudan Mathihalli]
-
-  *) mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot
-     be started on Unix because of such problems as bad permissions,
-     bad shebang line, etc.  [Jeff Trawick]
-
-  *) Fix 64-bit problem in mod_ssl input logic.  
-     [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
-
-  *) Fix potential memory leaks in mod_deflate on malformed data.  PR 16046.
-     [Justin Erenkrantz]
-
-  *) Rewrite ap_xml_parse_input to use bucket brigades.  PR 16134.
-     [Justin Erenkrantz]
-
-  *) Fix segfault which occurred when a section in an included
-     configuration file was not closed. PR 17093.  [André Malo]
-
-  *) Enhance the behavior of mod_isapi's WriteClient() callback to
-     provide better emulation for isapi modules that presume that the
-     first WriteClient() call may send status and headers.  An example
-     of WriteClient() abuse is the foxisapi module, which relies on
-     that assumpion and now works.  [William Rowe, Milan Kosina]
-
-  *) Check the return value of ap_run_pre_connection(). So if the
-     pre_connection phase fails (without setting c->aborted)
-     ap_run_process_connection is not executed. [Stas Bekman]
-
-  *) Fixed a problem with mod_ldap which caused it to fault when caching
-     was disabled.  Needed to make sure that the code did not
-     attempt to use the cache if it didn't exist. Also fixed some memory
-     leaks which were due to not releasing LDAP resources on error
-     conditions.  [Brad Nicholes]
-     
-  *) Hook mod_proxy's fixup before mod_rewrite's fixup, so that by
-     mod_rewrite proxied URLs will not be escaped accidentally by
-     mod_proxy's fixup. PR 16368  [André Malo]
-
-  *) While processing filters on internal redirects, remember seen EOS
-     buckets also in the request structure of the redirect issuer(s). This
-     prevents filters (such as mod_deflate) from adding garbage to the
-     response. PR 14451.  [André Malo]
-
-  *) suexec: Be more pedantic when cleaning environment. Clean it
-     immediately after startup. PR 2790, 10449.
-     [Jeff Stewart <jws purdue.edu>, André Malo]
-
-  *) Fix apxs to insert LoadModule directives only outside of sections.
-     PR 8712, 9012.  [André Malo]
-
-  *) Fix suexec compile error under SUNOS4, where strerror() doesn't
-     exist. PR 5913, 9977.
-     [Jonathan W Miner <Jonathan.W.Miner lmco.com>]
-
-  *) Fix If header parsing when a non-mod_dav lock token is passed to it.
-     PR 16452.  [Justin Erenkrantz]
-
-  *) mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
-     not specified. Now it assumes "/" as already documented. PR 16937.
-     [André Malo]
-
-  *) Try to log an error if a piped log program fails.  Try to
-     restart a piped log program in more failure situations.  Fix an
-     existing problem with error handling in piped_log_spawn().  Use
-     new APR apr_proc_create() features to prevent Apache from starting
-     on Unix* in most cases where a piped log program can be started,
-     and add log messages for the other situations.  *Other platforms
-     already failed Apache initialization if a piped log program
-     couldn't be started.  PR 15761  [Jeff Trawick]
-
-  *) Fix mod_cern_meta to not create empty metafiles when the
-     metafile searched for does not exist.  PR 12353
-     [Owen Rees <owen_rees hp.com>]
-
-  *) Introduce debugging symbols for Win32 release builds, both .pdb 
-     and .dbg files (older debuggers and Dr. Watson-type utilities 
-     on WinNT or Win9x don't support the newer .pdb flavor.)
-     [Allen Edwards, William Rowe]
- 
-  *) Fix bug where 'Satisfy Any' without an AuthType lost all MIME
-     information (and more). Related to PR 9076.  [André Malo]
-
-  *) mod_file_cache: fix segfault serving mmaped cached files.
-     [Bill Stoddard]
-
-  *) mod_file_cache: fixed a segfault when multiple MMapFile directives
-     were used.  PR 16313.  [Cliff Woolley]
-
-  *) Fix a nasty segfault in mmap_bucket_setaside() caused by passing
-     an incompatible pointer type to mmap_bucket_destroy(void*).
-     [Gerard Eviston <geviston bigpond.net.au>]
-
-  *) Enable the -n name parameter on NetWare to allow the
-     administrator to rename the Apache console screen
-     [Brad Nicholes]
-     
-  *) Fixed piped access logs on Win32 by disabling OTHER_CHILD
-     support by default in APR.  More development is required
-     to deploy OTHER_CHILD on Win32.  [William Rowe]
-
-  *) Use saner default config values for suexec. PR 15713.
-     [Thom May <thom planetarytramp.net>]
-
-  *) mod_rewrite: Allow "RewriteEngine Off" even if no "Options FollowSymlinks"
-     (or SymlinksIfOwnermatch) is set. PR 12395.  [André Malo]
-
-  *) apxs: Include any special APR ld flags when linking the DSO.
-     This resolves problems on AIX when building a DSO with apxs+gcc.
-     [Jeff Trawick]
-
-  *) Added character set support to mod_auth_LDAP to allow it to 
-     convert extended characters used in the user ID to UTF-8 
-     before authenticating against the LDAP directory. The new
-     directive AuthLDAPCharsetConfig is used to specify the config
-     file that contains the character set conversion table.
-     [Brad Nicholes]
-
-  *) Don't remove the Content-Length from responses in mod_proxy
-     PR: 8677 [Brian Pane]
-
-  *) Ensure LDAP version is set to v3 on every bind. PR 14235.
-     [Sergey A. Lipnevich <sergeyli pisem.net>]
-
-  *) Fix mod_ldap to open an existing shared memory file should one
-     already exist. PR 12757. [Scooter Morris <scooter gene.com>,
-     Graham Leggett]
-
-  *) Fix the ulimit command used by apachectl on Tru64.  PR 13609.
-     [Joseph Senulis <Joseph.Senulis dnr.state.wi.us>, Jeff Trawick]
-
-  *) Change the ulimit command used by apachectl on AIX so that it
-     works in all locales.  [Jeff Trawick]
-
-  *) mod_ext_filter: Fix a problem building argument lists which 
-     occasionally caused exec to fail.  PR 15491.  [Jeff Trawick]
-
-Changes with Apache 2.0.44
-
-  *) mod_autoindex: Bring forward the IndexOptions IgnoreCase option
-     from Apache 1.3.  PR 14276
-     [David Shane Holden <dpejesh yahoo.com>, William Rowe]
-
-  *) mod_mime: Workaround to prevent a segfault if r->filename=NULL
-     [Brian Pane]
- 
-  *) Reorder the definitions for mod_ldap and mod_auth_ldap within
-     config.m4 to make sure the parent mod_ldap is defined first.
-     This ensures that mod_ldap comes before mod_auth_ldap in the
-     httpd.conf file, which is necessary for mod_auth_ldap to load.
-     PR 14256  [Graham Leggett]
-
-  *) Fix the building of cgi command lines when the query string
-     contains '='.  PR 13914  [Ville Skyttä <ville.skytta iki.fi>,
-     Jeff Trawick]
-
-  *) Rename CacheMaxStreamingBuffer to MCacheMaxStreamingBuffer. Move
-     implementation of MCacheMaxStreamingBuffer from mod_cache to
-     mod_mem_cache. MCacheMaxStreamingBuffer now defaults to the
-     lesser of 100,000 bytes or MCacheMaxCacheObjectSize. This should 
-     eliminate the need for explicitly coding MCacheMaxStreamingBuffer
-     in most configurations. [Bill Stoddard]
-
-  *) mod_cache: Fix PR 15113, a core dump in cache_in_filter when
-     a redirect occurs. The code was passing a format string and
-     integer to apr_pstrcat. Changed to apr_psprintf.
-     [Paul J. Reder]
-
-  *) Replace APU_HAS_LDAPSSL_CLIENT_INIT with APU_HAS_LDAP_NETSCAPE_SSL
-     as set by apr-util in util_ldap.c. This should allow mod_ldap
-     to work with the Netscape/Mozilla LDAP library. [Øyvin Sømme
-     <somme oslo.westerngeco.slb.com>, Graham Leggett]
-
-  *) Fix critical bug in new --enable-v4-mapped configure option
-     implementation which broke IPv4 listening sockets on some
-     systems.  [hiroyuki hanai <hanai imgsrc.co.jp>]
-
-  *) mod_setenvif: Fix BrowserMatchNoCase support for non-regex
-     patterns [André Malo <nd perlig.de>]
-
-  *) Add version string to provider API.  [Justin Erenkrantz]
- 
-  *) build: './configure && make' now works without an in-tree
-     apr and apr-util. [Wilfredo Sanchez]
-
-  *) mod_negotiation: Set the appropriate mime response headers
-     (Content-Type, charset, Content-Language and Content-Encoding)
-     for negotated type-map "Body:" responses (such as the error
-     pages.)  [André Malo <nd perlig.de>]
-
-  *) mod_log_config: Allow '%%' escaping in CustomLog format
-     strings to insert a literal, single '%'.
-     [André Malo <nd perlig.de>]
-
-  *) mod_autoindex: AddDescription directives for directories
-     now work as in Apache 1.3, where no trailing '/' is
-     specified on the directory name.  Previously, the trailing
-     '/' *had* to be specified, which was incompatible with
-     Apache 1.3.  PR 7990  [Jeff Trawick]
-
-  *) Fix for PR 14556. The expiry calculations in mod_cache were
-     trying to perform "now + ((date - lastmod) * factor)" where
-     date == lastmod resulting in "now + 0". The code now follows
-     the else path (using the default expiration) if date is
-     equal to lastmod. [Sergey <rx armstrike.com>, Paul J. Reder]
-
-  *) Use AP_DECLARE in the debug versions of ap_strXXX in case the
-     default calling convention is not the same as the one used by
-     AP_DECLARE.  [Juan Rivera <Juan.Rivera citrix.com>]
-
-  *) mod_cache: Don't cache response header fields designated
-     as hop-by-hop headers in HTTP/1.1 (RFC 2616 Section 13.5.1).
-     [Estrade Matthieu <estrade-m ifrance.com>, Brian Pane]
-
-  *) mod_cgid: Handle environment variables containing newlines.
-     PR 14550  [Piotr Czejkowski <apache czarny.eu.org>, Jeff
-     Trawick]
-
-  *) Move mod_ext_filter out of experimental and into filters.
-     [Jeff Trawick]
-
-  *) Fixed a memory leak in mod_deflate with dynamic content.
-     PR 14321  [Ken Franken <kfranken decisionmark.com>]
-
-  *) Add --[enable|disable]-v4-mapped configure option to control
-     whether or not Apache expects to handle IPv4 connections
-     on IPv6 listening sockets.  Either setting will work on 
-     systems with the IPV6_V6ONLY socket option.  --enable-v4-mapped
-     must be used on systems that always allow IPv4 connections on
-     IPv6 listening sockets.  PR 14037 (Bugzilla), PR 7492 (Gnats)
-     [Jeff Trawick]
-
-  *) This fixes a problem where the underlying cache code
-     indicated that there was one more element on the cache
-     than there actually was. This happened since element 0
-     exists but is not used. This code allocates the correct
-     number of useable elements and reports the number of
-     actually used elements. The previous code only allowed
-     MCacheMaxObjectCount-1 objects to be stored in the
-     cache. [Paul J. Reder]
-
-  *) mod_setenvif: Add SERVER_ADDR special keyword to allow
-     envariable setting according to the server IP address
-     which received the request.  [Ken Coar]
-
-  *) mod_cgid: Terminate CGI scripts when the client connection 
-     drops.  PR 8388  [Jeff Trawick]
-
-  *) Rearrange OpenSSL engine initialization to support RAND 
-     redirection on crypto accelerator. 
-     [Frederic DONNAT <frederic.donnat zencod.com>]
-
-  *) Always emit Vary header if mod_deflate is involved in the
-     request.  [André Malo <nd perlig.de>]
-
-  *) mod_isapi: Stop unsetting the 'empty' query string result with
-     a NULL argument in ecb->lpszQueryString, eliminating segfaults
-     for some ISAPI modules.  PR 14399
-     [Detlev Vendt <detlev.vendt brillit.de>]
-
-  *) mod_isapi: Fix an issue where the HSE_REQ_DONE_WITH_SESSION
-     notification is received before the HttpExtensionProc() returns 
-     HSE_STATUS_PENDING.  This only affected isapi .dll's configured 
-     with the ISAPIFakeAsync on directive.  PR 11918
-     [John DeSetto <jdesetto radiantsystems.com>, William Rowe]
-
-  *) mod_isapi: Fix the issue where all results from mod_isapi would
-     run through the core die handler resulting in invalid responses
-     or access log entries.  PR 10216 [William Rowe]
-
-  *) Improves the user friendliness of the CacheRoot processing
-     over my last pass. This version avoids the pool allocations
-     but doesn't avoid all of the runtime checks. It no longer
-     terminates during post-config processing. An error is logged
-     once per worker, indicating that the CacheRoot needs to be set.
-     [Paul J. Reder]
-
-  *) Fix a bug where we keep files open until the end of a 
-     keepalive connection, which can result in:
-     (24)Too many open files: file permissions deny server access
-     especially on threaded servers.  [Greg Ames, Jeff Trawick]
-
-  *) Fix a bug in which mod_proxy sent an invalid Content-Length
-     when a proxied URL was invoked as a server-side include within
-     a page generated in response to a form POST.  [Brian Pane]
-
-  *) Added code to process min and max file size directives and to
-     init the expirychk flag in mod_disk_cache. Added a clarifying
-     comment to cache_util.   [Paul J. Reder]
-
-  *) The value emitted by ServerSignature now mimics the Server HTTP
-     header as controlled by ServerTokens.  [Francis Daly <deva daoine.org>]
-
-  *) Gracefully handly retry situations in the SSL input filter,
-     by following the SSL libraries' retry semantics.
-     [William Rowe]
-
-  *) Terminate CGI scripts when the client connection drops.  This
-     fix only applies to some normal paths in mod_cgi.  mod_cgid
-     is still busted.  PR 8388  [Jeff Trawick]
-
-  *) Fix a bug where 416 "Range not satisfiable" was being
-     returned for content that should have been redirected.
-     [Greg Ames]
-
-  *) Fix memory leak in mod_ssl from internal SSL library allocations
-     within SSL_get_peer_certificate and X509_get_pubkey.
-     [Zvi Har'El <rl math.technion.ac.il>
-      Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
-
-  *) mod_ssl uses free() inappropriately in several places, to free
-     memory which has been previously allocated inside OpenSSL.
-     Such memory should be freed with OPENSSL_free(), not with free().
-     [Nadav Har'El <nyh math.technion.ac.il>,
-      Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
-
-  *) Emit a message to the error log when we return 404 because
-     the URI contained '%2f'.  (This was previously nastily silent
-     and difficult to debug.)  [Ken Coar]
-
-  *) Fix streaming output from an nph- CGI script.  CGI:IRC now
-     works.  PR 8482  [Jeff Trawick]
-
-  *) More accurate logging of bytes sent in mod_logio when
-     the client terminates the connection before the response
-     is completely sent  [Bojan Smojver <bojan rexursive.com>]
-
-  *) Fix some problems in the perchild MPM.  
-     [Jonas Eriksson <jonas webkonsulterna.com>]
-
-  *) Change the CacheRoot processing to check for a required
-     value at config time. This saves a lot of wasted processing
-     if the mod_disk_cache module is loaded but no CacheRoot
-     was provided. This fix also adds code to log an error
-     and avoid useless pallocs and procesing when the computed
-     cache file name cannot be opened. This also updates the
-     docs accordingly.  [Paul J. Reder]
-
-  *) Introduce the EnableSendfile directive, allowing users of NFS 
-     shares to disable sendfile mechanics when they either fail
-     outright or provide intermitantly corrupted data.  PR 
-     [William Rowe]
-
-  *) Resolve the error "An operation was attempted on something 
-     that is not a socket.  : winnt_accept: AcceptEx failed. 
-     Attempting to recover." for users of various firewall and
-     anti-virus software on Windows.  PR 8325  [William Rowe]
-
-  *) Add the ProxyBadHeader directive, which gives the admin some
-     control on how mod_proxy should handle bogus HTTP headers from
-     proxied servers. This allows 2.0 to "emulate" 1.3's behavior if
-     desired. [Jim Jagielski]
-
-  *) Change the LDAP modules to export their symbols correctly
-     during a Windows build. Add dsp files for Windows. Update
-     README.ldap file for Windows build instructions.
-     [Andre Schild <A.Schild aarboard.ch>]
-
-  *) Performance improvements for the code that generates HTTP
-     response headers  [Brian Pane]
-
-  *) Add -S as a synonym for -t -DDUMP_VHOSTS.
-     [Thom May <thom planetarytramp.net>]
-
-  *) Fix a bug with dbm rewrite maps which caused the wrong value to
-     be used when the key was not found in the dbm.  PR 13204
-     [Jeff Trawick]
-
-  *) Fix a problem with streaming script output and mod_cgid.
-     [Jeff Trawick]
-
-  *) Add ap_register_provider/ap_lookup_provider API.
-     [John K. Sterling <john sterls.com>, Justin Erenkrantz]
-
-Changes with Apache 2.0.43
-
-  *) SECURITY: CVE-2002-0840 (cve.mitre.org)
-     HTML-escape the address produced by ap_server_signature() against
-     this cross-site scripting vulnerability exposed by the directive
-     'UseCanonicalName Off'.  Also HTML-escape the SERVER_NAME
-     environment variable for CGI and SSI requests.  It's safe to
-     escape as only the '<', '>', and '&' characters are affected,
-     which won't appear in a valid hostname.  Reported by Matthew
-     Murphy <mattmurphy kc.rr.com>.  [Brian Pane]
-
-  *) Fix a core dump in mod_cache when it attemtped to store uncopyable
-     buckets. This happened, for instance, when a file to be cached
-     contained SSI tags to execute a CGI script (passed as a pipe
-     bucket). [Paul J. Reder]
-
-  *) Ensure that output already available is flushed to the network
-     when the content-length filter realizes that no new output will
-     be available for a while.  This helps some streaming CGIs as
-     well as some other dynamically-generated content.  [Jeff Trawick]
-
-  *) Fix a mutex problem in mod_ssl session cache support which
-     could lead to an infinite loop.  PR 12705  
-     [Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]
-
-  *) SECURITY: CVE-2002-1156 (cve.mitre.org)
-     Fix the exposure of CGI source when a POST request is sent to 
-     a location where both DAV and CGI are enabled. [Ryan Bloom]
-
-  *) Allow the UserDir directive to accept a list of directories.
-     This matches what Apache 1.3 does.  Also add documentation for
-     this feature. [Jay Ball <jay veggiespam.com>]
-
-  *) New Module: mod_logio. adds the ability to log bytes sent and
-     received. [Bojan Smojver <bojan rexursive.com>]
-
-  *) SuExec needs to use the same default directory as the rest of
-     server, namely /usr/local/apache2.  
-     [SangBeom han <sbhan os.korea.ac.kr>]
-
-  *) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN.
-     [Thomas Bennett <thomas.bennett eds.com>, Graham Leggett]
-
-  *) Make sure the contents of the WWW-Authenticate header is
-     passed on a 4xx error by proxy. Previously all headers
-     were dropped, resulting in the browser being unable to
-     authenticate. [Dr Richard Reiner <rreiner fscinternet.com>,
-     Richard Danielli <rdanielli fscinternet.com>, Graham Wiseman
-     <gwiseman fscinternet.com>, David Henderson
-     <dhenderson fscinternet.com>]
-
-  *) Make mod_cache's CacheMaxStreamingBuffer directive work
-     properly for virtual hosts that override server-wide mod_cache
-     setttings.  [Matthieu Estrade <estrade-m ifrance.com>]
-
-  *) Add -p option to apxs to allow programs to be compiled with apxs.
-     [Justin Erenkrantz]
-
-Changes with Apache 2.0.42
-
-  *) SECURITY: CVE-2002-1593 (cve.mitre.org) [CERT VU#406121]
-     mod_dav: Check for versioning hooks before using them.
-     [Greg Stein]
-
-Changes with Apache 2.0.41
-
-  *) The protocol version (eg: HTTP/1.1) in the request line parsing
-     is now case insensitive. [Jim Jagielski]
-
-  *) Allow AddOutputFilterByType to add multiple filters per directive.
-     [Justin Erenkrantz]
-
-  *) Remove warnings with Sun's Forte compiler.  [Justin Erenkrantz]
-
-  *) Fixed mod_disk_cache's generation of 304s
-     [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
-
-  *) Add support for using fnmatch patterns in the final path
-     segment of an Include statement (eg.. include /foo/bar/*.conf).
-     and remove the noise on stderr during config dir processing.
-     [Joe Orton <jorton redhat.com>]
-
-  *) mod_cache: cache_storage.c. Add the hostname and any request
-     args to the key generated for caching. This provides a unique
-     key for each virtual host and for each request with unique
-     args. [Paul J. Reder, args code provided by Kris Verbeeck]
-
-  *) mod_cache: Do not cache responses to GET requests with query
-     URLs if the origin server does not explicitly provide an
-     Expires header on the response (RFC 2616 Section 13.9)
-     [Kris Verbeeck <krisv be.ubizen.com>]
-
-  *) Fix memory leak in core_output_filter.  [Justin Erenkrantz]
-
-  *) Update OpenSSL detection to work on Darwin.
-     [Sander Temme <sctemme covalent.net>]
-
-  *) Update the xslt and css to give the documentation a more
-     modern style.
-     [André Malo <nd perlig.de>, Gernot Winkler <greh o3media.de>]
-
-  *) Fix some bucket memory leaks in the chunking code
-     [Joe Schaefer <joe+apache sunstarsys.com>]
-
-  *) Add ModMimeUsePathInfo directive.  [Justin Erenkrantz]
-
-  *) mod_cache: added support for caching streamed responses (proxy,
-     CGI, etc) with optional CacheMaxStreamingBuffer setting [Brian Pane]
-
-  *) Add image/x-icon to httpd.conf PR 10993.
-     [Ian Holsman, Peter Bieringer <pb bieringer.de>]
-
-  *) Fix FileETags none operation.  PR 12207.
-     [Justin Erenkrantz, Andrew Ho <andrew tellme.com>]
-
-  *) Restored the experimental leader/followers MPM to working
-     condition and converted its thread synchronization from
-     mutexes to atomic CAS.  [Brian Pane]
-
-  *) Fix Logic on non-html file removal in mod_deflate
-     [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
-
-  *) Fix "ab -g"'s truncated year: the last digit was cut off.
-     [Leon Brocard <acme astray.com>]
-
-  *) mod_rewrite can now sets cookies in err_headers, uses the correct
-     expiry date, and can now set the path as well
-     PR 12132,12181,12172.
-     [Ian Holsman / Rob Cromwell <apachechangelog robcromwell.com>]
-
-  *) The content-length filter no longer tries to buffer up
-     the entire output of a long-running request before sending
-     anything to the client.  [Brian Pane]
-
-  *) Win32: Lower the default stack size from 1MB to 256K. This will
-     allow around 8000 threads to be started per child process. 
-     'EDITBIN /STACK:size apache.exe' can be used to change this 
-     value directly in the apache.exe executable.
-     [Bill Stoddard]
-
-  *) Win32: Implement ThreadLimit directive in the Windows MPM.
-     [Bill Stoddard]
-
-  *) Remove CacheOn config directive since it is set but never checked.
-     No sense wasting cycles on unused code. Besides, the only truly
-     bug free code is deleted code. :)   [Paul J. Reder]
-
-  *) BufferLogs are now run-time enabled, and the log_config now has 2 new
-     callbacks to allow a 3rd party module to actually do the writing of the
-     log file [Ian Holsman]
-
-  *) Correct ISAPIReadAheadBuffer to default to 49152, per mod_isapi docs.
-     [André Malo, Astrid Keßler <kess kess-net.de>]
-
-  *) Fix Segfault in mod_cache. [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
-
-  *) Fix a null pointer dereference in the merge_env_dir_configs
-     function of the mod_env module. PR 11791
-     [Paul J. Reder]
-
-  *) New option to ServerTokens 'maj[or]'. Only show the major version
-     Also Surfaced this directive in the standard config (default FULL)
-     [Ian Holsman]
-
-  *) Change mod_rewrite to use apr-util's dbm support for dbm rewrite
-     maps.  The dbm type (e.g., ndbm, gdbm) can be specified on the
-     RewriteMap directive.  PR 10644  [Jeff Trawick]
-
-  *) Fixed mod_rewrite's RewriteMap prg: support so that request/response
-     pairs will no longer get out of sync with each other.  PR 9534
-     [Cliff Woolley]
-
-  *) Fixes required to get quoted and escaped command args working in
-     mod_ext_filter. PR 11793 [Paul J. Reder]
-
-  *) mod-proxy: handle proxied responses with no status lines
-     [JD Silvester <jsilves uwo.ca>, Brett Huttley <brett huttley.net>]
-
-  *) Fix bug where environment or command line arguments containing 
-     non-ASCII-7 characters would cause the Win32 child process creation
-     to fail.  PR 11854  [William Rowe]
-
-  *) Bug #11213.. make module loading error messages more informative 
-     [Ian Darwin <Ian779 darwinsys.com>]
-
-  *) thread safety & proxy-ftp [Alexey Panchenko <alexey liwest.ru>, Ian Holsman]
-
-  *) mod_disk_cache works much better. This module should still
-     be considered experimental. [Eric Prud'hommeaux]
-
-  *) Performance improvement for keepalive requests: when setting
-     aside a small file for potential concatenation with the next
-     response on the connection, set aside the file descriptor rather
-     than copying the file into the heap.  [Brian Pane]
-
-  *) Modified version check on openssl so that it finds the executable
-     first and then performs a check of the version, only warning the
-     user if they chose, or we selected, an old version of OpenSSL.
-     This change also allows the code to work for non-openssl libraries
-     selected via the --with-ssl=dir option, which can override the
-     automated library check in any case.  [Roy Fielding]
-
-Changes with Apache 2.0.40
-
-  *) SECURITY: CVE-2002-0661 (cve.mitre.org) 
-     Close a very significant security hole that 
-     applies only to the Win32, OS2 and Netware platforms.  Unix was not 
-     affected, Cygwin may be affected.  Certain URIs will bypass security
-     and allow users to invoke or access any file depending on the system 
-     configuration.  Without upgrading, a single .conf change will close 
-     the vulnerability.  Add the following directive in the global server
-     httpd.conf context before any other Alias or Redirect directives;
-         RedirectMatch 400 "\\\.\."
-     Reported by Auriemma Luigi <bugtest sitoverde.com>.
-     [Brad Nicholes]
-
-  *) SECURITY: CVE-2002-0654 (cve.mitre.org)
-     Close a path-revealing exposure in multiview type
-     map negotiation (such as the default error documents) where the
-     module would report the full path of the typemapped .var file when
-     multiple documents or no documents could be served based on the mime
-     negotiation.  Reported by Auriemma Luigi <bugtest sitoverde.com>.
-     [William Rowe]
-
-  *) SECURITY: CVE-2002-0654 (cve.mitre.org)
-     Close a path-revealing exposure in cgi/cgid when we 
-     fail to invoke a script.  The modules would report "couldn't create 
-     child process /path-to-script/script.pl" revealing the full path
-     of the script.  Reported by Jim Race <jrace qualys.com>.
-     [Bill Stoddard]
-
-  *) Set aside the apr-iconv and apr_xlate() features for the Win32
-     build of 2.0.40 so development can be completed.  A patch, from
-     <http://www.apache.org/dist/httpd/patches/apply_to_2.0.40/>
-     will be available for those that wish to work with apr-iconv.
-     [William Rowe]
-
-  *) Fix proxy so that it is possible to access ftp: URLs via a proxy
-     chain. [Peter Van Biesen <peter.vanbiesen vlafo.be>]
-
-  *) mod-deflate now checks to make sure that 'gzip-only-text/html' is
-     set to 1, so we can exclude things from the general case with
-     browsermatch. [Ian Holsman, Andre Schild <A.Schild aarboard.ch>]
-  
-  *) Accept multiple leading /'s for requests within the DocumentRoot.
-     PR 10946  [William Rowe, David Shane Holden <dpejesh yahoo.com>]
-
-  *) Solved the reports of .pdf byterange failures on Win32 alone.
-     APR's sendfile for the win32 platform collapses header and trailer
-     buffers into a single buffer.  However, we destroyed the pointers
-     to the header buffer if a trailer buffer was present.  PR 10781
-     [William Rowe]
-
-  *) mod_ext_filter: Add the ability to enable or disable a filter via
-     an environment variable.  Add the ability to register a filter of
-     type other than AP_FTYPE_RESOURCE.  [Jeff Trawick]
-
-  *) Restore the ability to specify host names on Listen directives.
-     PR 11030.  [Jeff Trawick, David Shane Holden <dpejesh yahoo.com>]
-
-  *) When deciding on the default address family for listening sockets, 
-     make sure we can actually bind to an AF_INET6 socket before
-     deciding that we should default to AF_INET6.  This fixes a startup
-     problem on certain levels of OpenUNIX.  PR 10235.  [Jeff Trawick]
-
-  *) Replace usage of atol() to parse strings when we might want a
-     larger-than-long value with apr_atoll(), which returns long long.
-     This allows HTTPD to deal with larger files correctly.
-     [Shantonu Sen <ssen apple.com>]
-
-  *) mod_ext_filter: Ignore any content-type parameters when checking if
-     the response should be filtered.  Previously, "intype=text/html"
-     wouldn't match something like "text/html;charset=8859_1".
-     [Jeff Trawick]
-

[... 12040 lines stripped ...]


Mime
View raw message