httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Fwd: Re: [ANNOUNCE] Apache 2.0.39 Released
Date Thu, 20 Jun 2002 16:58:30 GMT
A response to our announce from the front.  I don't recognize the problem,
perhaps someone else will.

   Kevin, you may want to follow up with a bug report to
http://nagoya.apache.org/bugzilla/
as we've closed down email bug reporting through bugs.apache.org.
Your report is a little sparse on details, please add some specifics before
filing a bug report.

Bill

>Date: Wed, 19 Jun 2002 15:24:16 -0600
>From: "Kevin Dahl" <KDAHL@sidney.ars.usda.gov>
>To: <bugs@apache.org>, <wrowe@apache.org>
>Subject: Re: [ANNOUNCE] Apache 2.0.39 Released
>
>FYI......
>
>Installing v2.0.39 broke my perl scripts ability to
>run.........(ActivePerl v5.6.1.632).....uninstalling 2.0.39 and
>installing 2.0.36 allowed them to work again.........thought you might
>want to know.........
>
>I saw this once before with v 1.3.12 I believe..........installing
>1.3.14 broke the functionality and reinstalling 1.3.12 allowed them to
>work again........all installations after 1.3.14 worked
>fine............
>
>
>K-Dee
>
>* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>** * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>**  Kevin Dahl
>**  Computer Specialist
>**  USDA / ARS / Northern Plains Ag Research Lab
>**  http://www.sidney.ars.usda.gov/
>** * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>
> >>> <wrowe@apache.org> 6/18/2002 5:53:49 PM >>>
>The Apache HTTP Server Project is proud to announce the third public
>release of Apache 2.0.  Apache 2.0 has been running on the Apache.org
>website since December of 2000 and has proven to be very reliable.
>
>This version of Apache is principally a security and bug fix
>release.  A summary of the bug fixes is given at the end of this
>document.
>Of particular note is that 2.0.39 addresses and fixes the issues noted
>in CAN-2002-0392 (mitre.org) [CERT VU#944335] regarding a
>vulnerability
>in the handling of chunked transfer encoding.  We would like to thank
>Mark Litchfield of ngssoftware.com for discovering and reporting the
>vulnerability.
>
>Apache 2.0 offers numerous enhancements, improvements and performance
>boosts over the 1.3 codebase. The most visible and noteworthy addition
>is the ability to run Apache in a hybrid thread/process mode on any
>platform that supports both threads and processes.  This has shown to
>improve the scalability of the Apache HTTP Server significantly in
>our testing.  Apache 2.0 also includes support for filtered I/O.  This
>allows modules to modify the output of other modules before it is
>sent to the client.  We have also included support for IPv6 on any
>platform that supports IPv6.
>
>This version of Apache is known to work on many versions of Unix,
>BeOS,
>OS/2, Windows, and Netware.  Because of many of the advancements in
>Apache 2.0, the initial release of Apache is expected to perform
>equally
>well on all supported platforms.
>
>There are new snapshots of the Apache httpd source available every 6
>hours from http://cvs.apache.org/snapshots/ - please download and test
>if you feel brave. We don't guarantee anything except that it will
>take up disk space, but if you have the time and skills, please
>give it a spin on your platforms.
>
>Apache has been the most popular web server on the Internet since
>April of 1996. The March 2002 WWW server site survey by Netcraft (see
>http://www.netcraft.com/survey/) found that more web servers were
>using Apache than any other software; Apache runs on more than 54%
>of the web servers on the Internet.
>
>For more information and to download the release tarballs, please
>visit http://httpd.apache.org/
>
>
>Changes since 2.0.36
>---------------------------------------------
>
>Changes with Apache 2.0.39
>
>   *) Fixed a build problem in htpasswd.c on Win32.
>      [Guenter Knauf <eflash@gmx.net>, Cliff Woolley]
>
>Changes with Apache 2.0.38
>
>   *) Rewrite htpasswd to use APR.  The removes the annoying warning
>about
>      tmpnam being unsafe.   [Ryan Bloom]
>
>   *) We must set the MIME-type for .shtml files to text/html if we want
>them
>      to be parsed for SSI tags.  Add the config for that to the default
>
>      config file so that it is easier to enable .shtml parsing.
>      [Dave Dyer <ddyer@real-me.net>]
>
>   *) Fixed a problem with 'make install' on ReliantUnix.
>      [Jean-frederic Clere <jfrederic.clere@fujitsu-siemens.com>]
>
>   *) Make the default_handler catch all requests that aren't served by
>      another handler.  This also gets us to return a 404 if a
>directory
>      is requested, there is no DirectoryIndex, and mod_autoindex isn't
>      loaded.  [Justin Erenkrantz]
>
>   *) Fixed the handling of nested if-statements in shtml files.
>      PR 9866  [Brian Pane]
>
>   *) Allow 'make install DESTDIR=/path'.  This allows packagers to
>install
>      into a directory different from the one that was configured.  This
>
>      also mirrors the root= feature from 1.3.  We cannot use prefix=,
>      because both APR and APR-util resolve their installation paths at
>
>      configuration time.  This means that there is no variable prefix
>      to replace.  [Andreas Hasenack <andreas@netbank.com.br>]
>
>   *) AIX 4.3.2 and above: Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
>      These levels of AIX don't have a thundering herd problem with
>      accept().  [Jeff Trawick]
>
>   *) prefork MPM: Ignore mutex errors during graceful restart.  For
>      certain types of mutexes (particularly SysV semaphores), we
>      should expect to occasionally fail to obtain or release the
>      mutex during restart processing.  [Jeff Trawick]
>
>   *) Fix install-bindist.sh so that it finds any perl instead of just
>      early perl 5.x versions.  This is consistent with a build/install
>      from source, and it allows the perl scripts installed by a bindist
>
>      to work on systems with perl 5.6.  [Jeff Trawick]
>
>   *) Fix apxs so that the makefile created by "apxs -g" works on AIX
>and
>      Tru64 (and probably some other platforms).  [Jeff Trawick]
>
>   *) Allow CGI scripts to return their Content-Length.  This also fixes
>a
>      hang on HEAD requests seen on certain platforms (such as
>FreeBSD).
>      [Justin Erenkrantz]
>
>   *) Added log rotation based on file size to the RotateLog support
>      utility. [Brad Nicholes]
>
>   *) Fix some casting in mod_rewrite which broke random maps.
>      PR 9770  [Allan Edwards, Greg Ames, Jeff Trawick]
>
>Changes with Apache 2.0.37
>
>   *) allow POST method over SSL when per-directory client cert
>      authentication is used with 'SSLOptions +OptRenegotiate' enabled
>      and a client cert was found in the ssl session cache.
>
>   *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl
>      session cache when there is no cert chain in the cache.  prior to
>      the fix this situation would result in a FORBIDDEN response and
>      error message "Cannot find peer certificate chain"
>      [Doug MacEachern]
>
>   *) ap_finalize_sub_req_protocol() shouldn't send an EOS bucket if
>      one was already sent.  PR 9644  [Jeff Trawick]
>
>   *) Fix the display of the default name for the mime types config
>      file.  PR 9729  [Matthew Brecknell <mbrecknell@orchestream.com>]
>
>   *) Fix the working directory *for WinNT/2K/XP services only* to
>      change to the Apache directory (one level above the location
>      of Apache.exe, in the case that Apache.exe resides in bin/.)
>      Solves the case of ServerRoot /foo paths where /foo was not
>      on the same drive as /winnt/system32.  [William Rowe]
>
>   *) Make 2.0's "AcceptMutex" startup message now "completely"
>      match how 1.3 does it. [Jim Jagielski]
>
>   *) Implement a fixed size memory cache using a priority queue
>      [Ian Holsman]
>
>   *) Fix apxs to allow "apxs -q installbuilddir" and to allow
>      querying certain other variables from config_vars.mk.  PR 9316
>      [Jeff Trawick]
>
>   *) Added the "detached" attribute to the cgi_exec_info_t internals
>      so that Win32 and Netware won't create a new window or console
>      for each CGI invoked.  PR 8387
>      [Brad Nicholes, William Rowe]
>
>   *) Consolidated the command line parameters and attributes that are
>      manipulated by the optional function ap_cgi_build_command() in
>      mod_cgi into a single structure.
>      [Brad Nicholes]
>
>   *) Get rid of uninitialized value errors with "apxs -q" on certain
>      variables.  [Stas Bekman <stas@stason.org>]
>
>   *) Fix apxs to allow it to work when the build directory is
>somewhere
>      besides server-root/build.  PR 8453
>      [Jeff Trawick and a host of others]
>
>   *) Allow ap_discard_request_body to be called multiple times in the
>      same request.  Essentially, ap_http_filter keeps track of whether
>      it has sent an EOS bucket up the stack, if so, it will only ever
>      send an EOS bucket for this request.
>      [Ryan Bloom, Justin Erenkrantz, Greg Stein]
>
>   *) Remove all special mod_ssl URIs.  This also fixes the bug where
>      redirecting (.*) will allow an SSL protected page to be viewed
>      without SSL.  [Ryan Bloom]
>
>   *) Fix the binary build install script so that the build logic
>      created by "apxs -g" will work when the user has a binary
>      build.  [Jeff Trawick]
>
>   *) Allow instdso.sh to work with full paths to the shared module.
>      [Justin Erenkrantz]
>
>   *) NetWare: Enabled CGI functionality and added mod_cgi as a built
>      in module for NetWare  [Brad Nicholes]
>
>   *) Changed cgi and piped log behavior to accept 65536 characters
>      on Win32 (matching Linux) before deadlocking between outputing
>      client stdin, slurping the output from stdout and then the stderr
>      stream.  PR 8179  [William Rowe]
>
>   *) Fixed Win32 wintty.exe support to assure the window title is
>valid.
>      Elimiates possible gpfault or garbage title without the -t
>option.
>      [William Rowe]
>
>   *) Rewrite mod_cgi, mod_cgid, and mod_proxy input handling to use
>      brigades and input filters.  [Justin Erenkrantz]
>
>   *) Allow ap_http_filter (HTTP_IN) to return EOS when there is no
>request
>      body.  [Justin Erenkrantz]
>
>   *) NetWare: Piping log entries through RotateLogs using the
>      CustomLogs directive is finally supported now that we have
>      the pipes and spawning functionality working.
>      [Brad Nicholes]
>
>   *) Detect overflow when reading the hex bytes forming a chunk line.
>      [Aaron Bannert]
>
>   *) Allow RewriteMap prg:'s to take command-line arguments.  PR 8464.
>      [James Tait <JTait@wyrddreams.demon.co.uk>]
>
>   *) Correctly return 413 when an invalid chunk size is given on
>      input.  Also modify ap_discard_request_body to not do anything
>      on sub-requests or when the connection will be dropped.
>      [Justin Erenkrantz]
>
>   *) Fix the TIME_* SSL var lookups to be threadsafe.  PR 9469.
>      [Cliff Woolley]
>
>   *) Ensure that apr_brigade_write() flushes in all of the cases that
>      it should to avoid conditions in some modules that could cause
>      large amounts of data to be buffered.  [Cliff Woolley]
>
>   *) Fix problem where mod_cache/mod_disk_cache was incorrectly
>      stripping the content_type from cached responses.
>      [Bill Stoddard]
>
>   *) apachectl passes through any httpd options.  Note: apachectl
>      should be used in preference to httpd since it ensures that any
>      appropriate environment variables have been set up.
>      [Jeff Trawick]
>
>   *) Fix the combination of mod_cgid, mod_setuexec, and mod_userdir.
>      PR 7810  [Colm MacCarthaigh <colmmacc@redbrick.dcu.ie>]
>
>   *) Fix suexec execution of CGI scripts from mod_include.
>      PR 7791, 8291  [Colm MacCarthaigh <colmmacc@redbrick.dcu.ie>]
>
>   *) Fix segfaults at startup on some platforms when mod_auth_digest,
>      mod_suexec, or mod_ssl were used as DSO's due to the way they
>      were tracking the current init phase since DSO's get completely
>      unloaded and reloaded between phases.  PR 9413.
>      [Tsuyoshi Sasamoto <nazonazo@super.win.ne.jp>, Brad Nicholes]
>
>   *) Fix mod_include's handling of regular expressions in
>      "<!--#if" directives [Julius Gawlas <julius_gawlas@hp.com>]
>
>   *) Fix the worker MPM deadlock problem  [Brian Pane]
>
>   *) Modify the module documentation to allow for translations.
>      [Yoshiki Hayashi, Joshua Slive]
>
>   *) Fix a file permissions problem which prevented mod_disk_cache
>      from working on Unix.  [Jeff Trawick]
>
>   *) Add "-k start|restart|graceful|stop" support to httpd for the Unix
>
>      MPMs.  These have semantics very similar to the old apachectl
>      commands of the same name.  [Justin Erenkrantz, Jeff Trawick]
>
>   *) Make sure that the runtime dir is created by make install.
>      PR 9233.  [Jeff Trawick]
>
>   *) Fix an unusual set of ./configure arguments that could cause
>      mod_http to be built as a DSO, which it currently doesn't
>      support.  PR 9244.
>      [Cliff Woolley, Robin Johnson <robbat2@orbis-terrarum.net>]
>
>   *) Win32: Fix bug in apr_sendfile() that caused incorrect operation
>      of the %X, %b and %B logformat options. PR 8253, 8996.
>      [Bill Stoddard]
>
>   *) If content-encoding is already present, do not run deflate (PR
>9222)
>      [Kazuhisa ASADA <kaz@asada.sytes.net>]
>
>   *) The APLOG_NOERRNO flag to ap_log_[r]error() is now deprecated.
>      It is currently ignored and it will be removed in a future
>release
>      of Apache.  [Jeff Trawick]
>
>   *) Removed documentation references to the no-longer-supported
>      "make certificate" feature of mod_ssl for Apache 1.3.x.  Test
>      certificates, if truly desired, can be generated using openssl
>      commands.  PR 8724.  [Cliff Woolley]
>
>   *) Remove SSLLog and SSLLogLevel directives in favor of having
>      mod_ssl use the standard ErrorLog directives.  [Justin
>Erenkrantz]
>
>   *) OS/390: LIBPATH no longer has to be manually uncommented in
>      envvars to get apachectl to set up httpd properly.  [Jeff
>Trawick]
>
>   *) mod_isapi: All mod_isapi directives, excluding ISAPICacheFile,
>      may now be specified to the <File/Directory > container, rather
>      than by vhost.  [William Rowe]
>
>   *) mod_isapi: Experimental support for faux async support for ISAPI
>      modules.  [William Rowe]
>
>   *) mod_isapi: Major refactoring of the code to rely on apr internals
>      rather than MS APIs (using our own mod_isapi.h headers for ISAPI
>      symbol definitions.)  [William Rowe]
>
>   *) mod_isapi: Fixed the return string length from GetServerVariable
>      callback, it was not including the trailing null in the consumed
>      buffer size.  This was particularly bad for Delphi 6.0 users.
>      PR 8934  [Sebastian Hantsch <sebastian.hantsch@gmx.de>]
>
>   *) Fixed Win32 builds for Microsoft VisualStudio 7.0 (.net).
>      [William Rowe]
>
>   *) Make apxs look in the correct directory for envvars.  It was
>      broken when sbindir != bindir.  PR 8869
>      [Andreas Sundstr÷m <sunkan@zappa.cx>]
>
>   *) Fix mod_deflate corruption when using multiple buckets.  PR 9014.
>      [Asada Kazuhisa <kaz@asada.sytes.net>]
>
>   *) Performance enhancements for access logger when using
>      default timestamp formatting  [Brian Pane]
>
>   *) Added EnableMMAP config directive to enable the server
>      administrator to disable memory-mapping of delivered files
>      on a per-directory basis.  [Brian Pane]
>
>   *) Performance enhancements for mod_setenvif  [Brian Pane]
>
>   *) Fix a mod_ssl build problem on OS/390.  [Jeff Trawick]
>
>   *) Fixed If-Modified-Since on Win32, which would give false
>positives
>      because of the sub-second resolution of file timestamps on that
>      platform.  [Cliff Woolley]
>
>   *) Reverse the hook ordering for mod_userdir and mod_alias so
>      that Alias/ScriptAlias will override Userdir.  PR 8841
>      [Joshua Slive]
>
>   *) Move mod_deflate out of experimental and into filters.
>      [Justin Erenkrantz]
>
>   *) Get proxy CONNECT basically working.  [Jeff Trawick]
>
>   *) Fix mod_rewrite hang when APR uses SysV Semaphores and
>      RewriteLogLevel is set to anything other than 0.  PR: 8143
>      [Aaron Bannert, Cliff Woolley]
>
>   *) Fix byterange requests from returning 416 when using dynamic data
>      (such as filters like mod_include).  [Justin Erenkrantz]
>
>   *) Allow mod_rewrite's set of "int:" internal RewriteMap functions
>      to be extended by third-party modules via an optional function.
>      [Tahiry Ramanamampanoharana <nomentsoa@hotmail.com>, Cliff
>Woolley]
>
>   *) Fix mod_include expression parser's handling of unquoted strings
>      followed immediately by a closing paren.  PR 8462.  [Brian Pane]
>
>   *) Remove autom4te.cache in 'make distclean'.
>      [Thom May <thom@planetarytramp.net>]
>
>   *) Fix generated httpd.conf to respect layout for LoadModule lines.
>      PR 8170.  [Thom May <thom@planetarytramp.net>]
>
>   *) Win32: During a graceful restart, threads in the new process
>      were accessing scoreboard slots still in use by active threads in
>
>      the the old process. [Bill Stoddard]



Mime
View raw message