Index: STATUS =================================================================== --- STATUS (.../2.2.3) (revision 493482) +++ STATUS (.../2.2.4) (revision 493482) @@ -26,7 +26,8 @@ [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases, while x.{even}.z versions are Stable/GA releases.] - 2.2.3 : Tagged on July 27, 2006 + 2.2.4 : Tagged on January 5, 2007 + 2.2.3 : Released on July 28, 2006 as GA. 2.2.2 : Released on May 1, 2006 as GA. 2.2.1 : Tagged on April 1, 2006, not released. 2.2.0 : Released on December 1, 2005 as GA. @@ -79,35 +80,120 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: + * mpm_winnt: Fix return values from wait_for_many_objects. + Note - this is required to avoid hangups of socket #64, #128 + as Microsoft set aside 64 reserved values. + Trunk version of patch: + http://svn.apache.org/viewvc?view=rev&revision=428029 + 2.2.x version of patch: + Trunk version works + http://people.apache.org/~wrowe/mpm_winnt_waits.patch + is easier to read (-U8) + +1: mturk + wrowe notes: a patch should have the necessary effect with the + minimum lines of code - there's alot of redecorating that's + going on in this patch to no net effect. The WAIT_TIMEOUT + result value seems to be ignored in the revised code? + * Bundled PCRE: backport r381783 from trunk Fix brokenness on certain platforms when building with -DDEBUG. http://svn.apache.org/viewvc?view=rev&revision=381783 - +1 sctemme, fielding + +1 sctemme, fielding, pquerna, jerenkrantz -1 niq: Why are we hacking a third-party package as bundled, rather than upstream? This has potential for chaos for modules (and we have a history of PCRE trouble) as well as a maintenance nightmare! + jerenkrantz: I don't believe that's a valid reason to block this. + We're bundling PCRE for the duration of the 2.2.x series, + but we can re-evaluate for future major/minor revs. + wrowe: nak niq, ack je; this is a silly debate, fix, push fixes upstream + and adopt a newer PCRE at trunk/. - * mod_isapi: Simply backport the host of fixes for compilation on unix, - PR#'s 15993 29098 30022 16637 30033 28089 - by pushing to trunk/ rev 416293 of modules/arch/win32/mod_isapi.[ch] - which compiles without changes. Source + Binary posted at - http://people.apache.org/~wrowe/mod_isapi-416293.zip - and delta posted at - http://people.apache.org/~wrowe/mod_isapi-416293-to-httpd-2.2.patch - +1 wrowe , fielding + * PKCS#7: backport PCKS#7 patches from trunk. + +1 ben + jerenkrantz: What's the revision number to backport? + wrowe asks: ditto jerenkrantz - * mod_deflate: don't choke on flush buckets in INFLATE filter - PR#39854 - http://svn.apache.org/viewvc?rev=416165&view=rev - +0: niq - (this patch is now superseded by rpluem/wrowe better patch) - -0: wrowe - on quick glance the line 1091 change looks incomplete, - and I'm not convinced that we should ignore flush. Has anyone - inquired of the proper mechanism or composed the appropriate - patch to finish an incomplete packet and resume encoding or - this entirely impossible in the current scheme of things? - rpluem: I discussed this with Justin at the ApacheCon and we discussed - ways how to fix this and take care about the flush buckets. - I am willing to propose patches, but due to personal time - constraints they will not show up before the second half of July. + * mod_proxy: Support variable interpolation in reverse proxy configuration + http://svn.apache.org/viewvc?view=rev&revision=421686 (code) + http://svn.apache.org/viewvc?view=rev&revision=422178 (code) + http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml?r1=420990&r2=421725 (docs) + +1: niq, mturk + -.9: wrowe notes; modifying the existing syntax seems inappropriate, new + ProxyPassSubstitute or similarly named directives would seem to + make more sense, permit direct Reverse'als when appropriate and + restrict the Substitutions to be parsed only when required. + + * mod_authn_dbd: Export any additional columns queried in the SQL select + into the environment with the name AUTHENTICATE_. This brings + mod_authn_dbd behaviour in line with mod_authnz_ldap. + Trunk: http://svn.apache.org/viewvc?view=rev&revision=466865 + +1: minfrin + niq: This wants a little tidying. Use of 13 as a magic number (for a + strlen of something defined elsewhere) is nasty. More importantly + you need to document how it affects the module's directives. + I'll +1 it when that's done. + wrowe: ditto's - good concept. + + * core: Allow AcceptMutex to accept pathname arguments ala SSLMutex, + and, as a result, semi-depreciate Lockfile. + Trunk version of patch: + http://svn.apache.org/viewvc?view=rev&revision=467326 + http://svn.apache.org/viewvc?view=rev&revision=468049 + 2.2.x version of patch: + Trunk version works (requires handling of CHANGES and ap_mmn.h + conflict though) + +1: jim, wrowe + wrowe notes: Adding to ease migration to 2.4 - good. Deprecating + any directive in a .even released branch, bad. + jim notes: it's more an enhancement to AcceptMutex than a + depreciation of LockFile... no regressions are + introduced. + wrowe adds: Isn't it time for SSL/FTP/JK/FTP who all need the very + same syntax to benefit from one generic implementation + (in httpd, not apr, since it's config syntax specific). + + * mod_proxy_balancer: Remove unnecessary lock/unlock for + the post_request hook. We are actually doing nothing here. + But keep the code (but macroed out) for future usage. + Trunk version of patch: + http://svn.apache.org/viewvc?view=rev&revision=484789 + http://svn.apache.org/viewvc?view=rev&revision=484794 + 2.2.x version of patch: + Trunk version works. + +1: jim + +0: rpluem: Shouldn't we remove this code on 2.2.x? Keeping seems to be ok + for me on trunk, but on a stable branch? + jim says: the reason why we keep it is in case we + ever start using it. So we keep the framework in + that case. Make trunk backports easier. + + * mod_cache: Correctly cache objects whose URL query string has been + modified by mod_rewrite. + PR: 40805 + Trunk version of patch: + http://svn.apache.org/viewvc?view=rev&revision=476625 + 2.2.x version of patch: + Trunk version works + +1: rpluem + + * mod_cache: While serving a cached entity ensure that filters that have + been applied to this cached entity before saving it to the cache are not + applied again. + PR: 40090 + Trunk version of patch: + http://svn.apache.org/viewvc?rev=425787&view=rev + 2.2.x version of patch: + Trunk version works + +1: rpluem + + * mod_alias: Accept path components (URL part) in Redirects + PR: 35314 + http://svn.apache.org/viewvc?rev=490142&view=rev + +1: niq + + * mod_headers: Allow % at the end of a Header value + PR: 36609 + http://svn.apache.org/viewvc?rev=490156&view=rev + +1: niq + Index: modules/proxy/NWGNUproxyajp =================================================================== --- modules/proxy/NWGNUproxyajp (.../2.2.3) (revision 493482) +++ modules/proxy/NWGNUproxyajp (.../2.2.4) (revision 493482) @@ -171,6 +171,7 @@ $(OBJDIR)/ajp_header.o \ $(OBJDIR)/ajp_msg.o \ $(OBJDIR)/ajp_link.o \ + $(OBJDIR)/ajp_utils.o \ $(OBJDIR)/libprews.o \ $(EOLIST) Index: CHANGES =================================================================== --- CHANGES (.../2.2.3) (revision 493482) +++ CHANGES (.../2.2.4) (revision 493482) @@ -1,4 +1,165 @@ -*- coding: utf-8 -*- +Changes with Apache 2.2.4 + + *) mod_isapi: Correctly present SERVER_PORT_SECURE. + PR: 40573. [Matt Eaton ] + + *) Allow htcacheclean, httxt2dbm, and fcgistarter to link apr/apr-util + statically like the older support programs. + [Eric Covener ] + + *) core: Fix NONBLOCK status of listening sockets on restart/graceful + PR 37680. [Darius Davis ] + + *) mod_deflate: Rework inflate output and deflate output filter to fix several + issues: Incorrect handling of flush buckets, potential memory leaks, + excessive memory usage in inflate output filter for large compressed + content. PR 39854. [Ruediger Pluem, Nick Kew, Justin Erenkrantz] + + *) mod_mem_cache: Memory leak fix: Unconditionally free the buffer. + [Davi Arnaut ] + + *) Allow mod_dumpio to log at other than DEBUG levels via + the new DumpIOLogLevel directive. [Jim Jagielski] + + *) rotatelogs: Improve error message for open failures. PR 39487. + [Joe Orton] + + *) mod_dbd: share per-request database handles across subrequests + and internal redirects [Chris Darroch] + + *) mod_dbd: key connection pools to virtual hosts correctly even when + ServerName is unset/unavailable [Graham Leggett] + + *) Better detection and clean up of ldap connection that has been + terminated by the ldap server. PR 40878. + [Rob Baily ] + + *) mod_mem_cache: Convert mod_mem_cache to use APR memory pool functions + by creating a root pool for object persistence across requests. This + also eliminates the need for custom serialization code. + [Davi Arnaut ] + + *) mod_authnz_ldap: Add an AuthLDAPRemoteUserAttribute directive. If + set, REMOTE_USER will be set to this attribute, rather than the + username supplied by the user. Useful for example when you want users + to log in using an email address, but need to supply a userid instead + to the backend. [Graham Leggett] + + *) mod_cgi and mod_cgid: Don't use apr_status_t error return + from input filters as HTTP return value from the handler. + PR 31579. [Nick Kew] + + *) mod_cache: Eliminate a bogus error in the log when a filter returns + AP_FILTER_ERROR. [Niklas Edmundsson ] + + *) core: Fix issue which could cause piped loggers to be orphaned and never + terminate after a graceful restart. PR 40651. [Joe Orton, Ruediger Pluem] + + *) core: Fix address-in-use startup failure caused by corruption of the list + of listen sockets in some configurations with multiple generic Listen + directives. [Jeff Trawick] + + *) mod_headers: Support regexp-based editing of HTTP headers. [Nick Kew] + + *) mod_proxy: Add explicit flushing feature. When Servlet container sends AJP + body message with size 0, this means that Servlet container has asked for + an explicit flush. Create flush bucket in that case. This feature has been + added to the recent Tomcat versions without breaking the AJP protocol. + [Mladen Turk] + + *) mod_proxy_balancer: Set the new environment variable BALANCER_ROUTE_CHANGED + if a worker with a route different from the one supplied by the client + had been chosen or if the client supplied no routing information for + a balancer with sticky sessions. [Ruediger Pluem] + + *) mod_proxy_balancer: Add information about the route, the sticky session + and the worker used during a request as environment variables. PR 39806. + [Brian ] + + *) mod_proxy: Don't try to use dead backend connection. PR 37770. + [Olivier BOEL ] + + *) mod_proxy_balancer: Extract stickysession routing information contained as + parameter in the URL correctly. PR 40400. + [Ruediger Pluem, Tomokazu Harada ] + + *) mod_proxy_ajp: Added cping/cpong support for the AJP protocol. + A new worker directive ping=timeout will cause CPING packet + to be send expecting CPONG packet within defined timeout. + In case the backend is too busy this will fail instead + sending the full header. [Mladen Turk] + + *) mod_disk_cache: Make sure that only positive integers are accepted + for the CacheMaxFileSize and CacheMinFileSize parameters in the + config file. PR39380. [Niklas Edmundsson ] + + *) mod_cache: From RFC3986 (section 6.2.3.) if a URI contains an + authority component and an empty path, the empty path is to be equivalent + to "/". It explicitly cites the following four URIs as equivalents: + http://example.com + http://example.com/ + http://example.com:/ + http://example.com:80/ + [Davi Arnaut ] + + *) mod_cache: Don't cache requests with a expires date in the past; + otherwise mod_cache will always try to cache the URL. This bug + might lead to numerous rename() errors on win32 if the URL was + previously cached. [Davi Arnaut ] + + *) core: Deal with the widespread use of apr_status_t return values + as HTTP status codes, as documented in PR#31759 (a bug shared by + the default handler, mod_cgi, mod_cgid, mod_proxy, and probably + others). PR31759. [Jeff Trawick, Ruediger Pluem, Joe Orton] + + *) mod_ext_filter: Handle filter names which include capital letters. + PR 40323. [Jeff Trawick] + + *) mod_isapi: Avoid double trailing slashes in HSE_REQ_MAP_URL_TO_PATH + support. Also corrects the slashes for Windows. + PR 15993. [William Rowe] + + *) mod_isapi: Handle "HTTP/1.1 200 OK" style status lines correctly, the + token parser worked while the resulting length was misinterpreted. + PR 29098. [Brock Bland ] + + *) mod_isapi: Return 0 (failure) for more of the various ap_pass_brigade + attempts to stream the response at the client. Log these as well. + PR 30022, 40470. [William Rowe, Matt Eaton ] + + *) mod_isapi: Ensure we walk through all the methods the developer may have + employed to report their HTTP status result code. + PR 16637 30033 28089. [Matt Lewandowsky , William Rowe] + + *) mod_echo: Fix precedence problem in if statement. PR 40658. + [Larry Cipriani ] + + *) mod_mime_magic: Fix precedence problem in if statement. PR 40656. + [Larry Cipriani ] + + *) The full server version information is now included in the error log at + startup as well as server status reports, irrespective of the setting + of the ServerTokens directive. ap_get_server_version() is now deprecated, + and is replaced by ap_get_server_banner() and ap_get_server_description(). + [Jeff Trawick] + + *) mod_proxy_balancer: Workers can now be defined as part of + a balancer cluster "set" in which members of a lower-numbered set + are preferred over higher numbered ones. [Jim Jagielski] + + *) mod_proxy_balancer: Workers can now be defined as "hot standby" which + will only be used if all other workers are unusable (eg: in + error or disabled). Also, the balancer-manager displays the election + count and I/O counts of all workers. [Jim Jagielski] + + *) mod_proxy_ajp: Close connection to backend if reading of request body + fails. PR 40310. [Ian Abel ] + + *) mod_proxy_balancer: Retry worker chosen by route / redirect worker if + it is in error state before sending "Service Temporarily Unavailable". + PR 38962. [Christian Boitel ] + Changes with Apache 2.2.3 *) SECURITY: CVE-2006-3747 (cve.mitre.org) @@ -6,7 +167,7 @@ handling. For some RewriteRules this could lead to a pointer being written out of bounds. Reported by Mark Dowd of McAfee. [Mark Cox] - + *) Win32: Minor fixes to build more cleanly under Visual Studio 2005 with command line builds. [William Rowe] Index: README.platforms =================================================================== --- README.platforms (.../2.2.3) (revision 493482) +++ README.platforms (.../2.2.4) (revision 493482) @@ -96,3 +96,17 @@ (That patch works with many recent levels of Apache 2+.) +================ + Solaris: + + On Solaris, better performance may be achieved by using the Sun Studio + compiler instead of gcc. As of version 11, it is now free (registration + required). Download the compiler from: + + http://developers.sun.com/prodtech/cc/downloads/index.jsp + + If you use Sun Studio, the following compiler flags (CFLAGS) are + recommended: + + -XO4 -xchip=generic +