Apache

1.3.7 [not released]

Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 1.3.7 [not released] Changelog
  • The "Vary" response header field is now sanitised right before the header is sent back to the client. Multiple "Vary" fields are combined, and duplicate tokens (e.g., "Vary: host, host" or "Vary: host, negotiate, host, accept-language") are reduced to single instances. This is a better solution than the force-no-vary one (which is still valid for clients that can't cope with Vary at all). [Dean Gaudet, Roy Fielding, Ken Coar] PR#3118
  • Portability changes for BeOS. [David Reid ]
  • Link DSO's with "gcc -shared" instead of "ld -Bshareable" at least on Linux and FreeBSD for now. [Rasmus Lerdorf]
  • Win32: More apache -k restart work. Restarts are now honored immediately and connections in the listen queue are -not- lost. This is made possible by the use of the WSADuplicateSocket() call. The listeners are opened in the parent, duplicated, then the duplicates are passed to the child. The original listen sockets are not closed by the parent across a restart, thus the listen queue is preserved. [Bill Stoddard ]
  • Fix handling of case when a client has sent "Expect: 100-continue" and we are going to respond with an error, but get stuck waiting to discard the body in the pointless hope of preserving the connection. [Roy Fielding, Joe Orton ] PR#4499, PR#3806
  • Fix 'configure' to work correctly with SysV-based versions of 'tr' (consistent with Configure's use as well). [Jim Jagielski]
  • apxs: Add "-S var=val" option which allows for override of CFG_* built-in values. Add "-e" option which works like -i but doesn't install the DSO; useful for editing httpd.conf with apxs. Fix editing code so that multiple invocations of apxs -a will not create duplicate LoadModule/AddModule entries; apxs can now be used to re- enable/disable a module. [Wilfredo Sanchez]
  • Win32: Update the server to use Winsock 2. Specifically, link with ws2_32.lib rather than wsock32.lib. This gives us access to WSADuplcateSocket() in addition to some other enhanced comm APIs. Win 95 users may need to update their TCP/IP stack to pick up Winsock 2. (See http://www.microsoft.com/windows95/downloads/) [Bill Stoddard ]
  • Win32: Redirect CGI script stderr (script debug info) into the error.log when CGI scripts fail. This makes Apache on Win32 behave more like Unix. [Bill Stoddard ]
  • Fixed `httpd' usage display: -D was missing. [Ralf S. Engelschall] PR#4614
  • Fix `make r' test procedure in src/regex/: ap_isprint was not found. [Ralf S. Engelschall] PR#4561, PR#4562
  • OS/2: Fix problem with accept lock semaphores where server would die with "OS2SEM: Error 105 getting accept lock. Exiting!" [Brian Havard] PR#4505
  • Add DSO support for DGUX 4.x using gcc. Tested on x86 platforms. [Randy Terbush ] Add the new mass-vhost module (mod_vhost_alias.c) developed and used by Demon Internet, Ltd. [Tony Finch ]
  • Better GCC detection for DSO flags under Solaris 2 where the `cc' command potentially _is_ GCC. [Ralf S. Engelschall]
  • Fix apxs build issues on AIX [Rasmus Lerdorf ]
  • DocumentRoot Checking: Under previous versions, when Apache first started up, it used to do a stat of each DocumentRoot to see if it existed and was a directory. If not, then an error message was printed. THIS HAS BEEN DISABLED. If DocumentRoot does not exist, you will get error messages in error_log. If the '-t' command line option is used (to check the configuration) the check of DocumentRoot IS performed. An additional command line option, '-T', has been added if you want to avoid the DocumentRoot check even when checking the configuration. [Jim Jagielski]
  • Win32: The query switch "apache -S" didn't exit after showing the vhost settings. That was inconsistent with the other query functions. [Bill Stoddard - Fixed by Martin on Unix in 1.3.4]
  • Win32: Changed behaviour of apache -k restart. Previously, the server would drain all connections in the stack's listen queue before honoring the restart. On a busy server, this could take hours. Now, a restart is honored almost immediately. All connections in Apache's queues are handled but connections in the stack's listen queue are discarded. Restart triggered by MaxRequestPerChild is unchanged. [Bill Stoddard ]
  • Win32: Eliminated unnecessary call to wait_for_multiple_objects in the accept loop. Good for a 5% performance boost. Cleaned up parent/child process management code. [Bill Stoddard ]
  • Added ceiling on file size for memory mapped files. [John Giannandrea ] PR#4122
  • Fix ndbm.h include problems with brain-dead glibc >= 2.1 which has ndbm.h in a non-standard db1/ subdir. PR#4431, PR#4528 [Henri Gomez , Ralf S. Engelschall]
  • Determine AP_BYTE_ORDER for ap_config_auto.h and already use this at least for Expat. [Ralf S. Engelschall]
  • Allow .module files to specify libraries with Lib:. [Ben Laurie]
  • Allow SetEnvIf[NoCase] to test environment variables as well as header fields and request attributes. [Ken Coar]
  • Fix mod_autoindex's handling of ScanHTMLTitles when file content-types are "text/html;parameters". [Ken Coar] PR#4524
  • Remove "mxb" support from mod_negotiation -- it was a draft feature never accepted into any standard, and it opens up certain DoS attacks. [Koen Holtman ]
  • TestCompile updated. We can now run programs and output the results during the Configure process. [ Jim Jagielski]
  • The source is now quad (long long) aware as needed. Specifically, the Configure process determines the correct size of off_t and *void. When the OS/platform/compiler supports quads, ap_snprintf() provides for the 'q' format qualifier (if quads are not available, 'q' is silently "demoted" to long). [Jim Jagielski]
  • When the username or password fed to htpasswd is too long, include the size limit in the error message. Also report illegal characters (currently only ':') in the username. Add the size restrictions to the man page. [Ken Coar]
  • Fixed the configure --without-support option so it doesn't result in an infinite loop. [Marc Slemko]
  • Piped error logs could cause a segfault if an error occured during configuration after a restart. [Aidan Cully ] PR#4456
  • If a "Location" field was stored in r->err_headers_out rather than r->headers_out, redirect processing wouldn't find it and the server would core dump on ap_escape_html(NULL). Check both tables and raise HTTP_INTERNAL_SERVER_ERROR with a log message if Location isn't set. [Doug MacEachern, Ken Coar]
  • Add RULE_EXPAT, the src/lib/ directory structure, and a modified copy of the Expat 1.0.2 distribution. [Greg Stein]
  • Replace regexec() calls with calls to a new API stub function ap_regexec(). This solves problems with DSO modules which use the regex library. [Jens-Uwe Mager , Ralf S. Engelschall]
  • Add 'Request_Protocol' special keyword to mod_setenvif so that environment variables can be set according to the protocol version (e.g., HTTP/0.9 or HTTP/1.1) of the request. [Ken Coar]
  • Add DSO support for OpenStep (Mach 4.2) platform. [Ralf S. Engelschall, Rex Dieter ] PR#3997
  • Fix sed regex for generating ap_config_auto.h in src/Configure. [Jan Gallo ] PR#3690, PR#4373 Switch to /bin/sh5 in APACI on Ultrix and friends to avoid problems with their brain-dead /bin/sh. [Ralf S. Engelschall] PR#4372
  • Better DSO flags recognition on NetBSD platforms using ELF. [Todd Vierling ] PR#4310
  • Always log months in english format for %t in mod_log_config. [Petr Lampa ] PR#4366, 679
  • Support for server-parsed and multiview-determined ReadmeName and HeaderName files in mod_autoindex. Removed the restriction on "/"s in ReadmeName and HeaderName directives since the *sub_req* routines will deal with the access issues. (It's now possible to have {site|group|project|customer|...} wide readmes and headers.) [Raymond S Brand , Ken Coar] PR#1574, 3026, 3529, 3569, 4256
  • When stat() fails, don't assume anything about the contents of the struct stat. [Ed Korthof ]
  • It's OK for a semop to return EINTR, just loop around and try again. [Dean Gaudet]
  • Fix configuration engine re-entrant hangups, which solve a handful of problems seen with mod_perl configuration sections [Salvador Ortiz Garcia ]
  • Mac OS and Mac OS X Server now use the appropriate custom layout by default when building with APACI; allow for platform-specific variable defaults in configure. [Wilfredo Sanchez]
  • Do setgid() before initgroups() in http_main; some platforms zap the grouplist when setgid() is called. This was fixed in suexec earlier, but the main httpd code missed the change. [Rob Saccoccio ] PR#2579
  • Add recognition of .tgz as a gzipped tarchive. [Bertrand de Singly ] PR#2364
  • mod_include's fsize/flastmod should allow only relative paths, just like "include file". [Jaroslav Benkovsky ]
  • OS/2: Add support for building loadable modules using DLLs. [Brian Havard]
  • Add iconsdir, htdocsdir, and cgidir to config.layout. [Wilfredo Sanchez]
  • Fix minor but annoying bug with the test for Configuration.tmpl being newer than Configuration so that it is less likely to fail when using APACI and shadow sources. [Wilfredo Sanchez]
  • PORT: Add initial support for Mac OS (versions 10.0 and greater). Use Mac OS X Server layout for now. Clean up dyld code in unix/os.c, and don't install the dyld error handlers, which are no longer needed in Mac OS. [Wilfredo Sanchez]
  • Rename Rhapsody layout to "Mac OS X Server". Change install locations to appropriate ones for user-built (as opposed to system) installs. [Wilfredo Sanchez]
  • Modify mod_autoindex's handling of AddDescription so that the behaviour matches the documentation. [Ken Coar] PR#1898, 3072.
  • Add functionality to the install-bindist.sh script created by binbuild.sh to use tar when copying distribution files to the serverroot. This allows upgrading an existing installation without nesting the new distribution in the old.
  • install-bindist.sh now detects the local perl5 path to install apxs and dbmmanage with proper path to perl interpreter.
  • Add an install-binsupport target which copies the source files for apxs and dbmmanage to bindist to allow these scripts to be properly installed relative to the destination serverroot. [Randy Terbush, Covalent Technologies, ]
  • Fix intermittent SEGV in ap_proxy_cache_error() in src/modules/proxy_util.c where a NULL filepointer and temporary filename were closed and unlinked. [Graham Leggett , Tim Costello ] PR#3178
  • Fix inconsistent error messages reported by mod_proxy. [Graham Leggett ]
  • OS/2: Fix terminating CGIs that aren't compiled by EMX GCC when a connection is aborted. [Brian Havard]
  • Force the LANG envariable to the known state of "C" so that we have assurance about how string manipulators (e.g., tr) will function. [Ken Coar] PR#1630
  • Add a directive to allow customising of the tracking cookie name. [Ken Coar] PR#2921, 4303
  • Add "force-no-vary" envariable to allow servers to work around clients that choke on "Vary" fields in the response header. [Ken Coar, Dmitry Khrustalev ] PR#4118
  • Fixed a bug in mod_dir that causes a child process will infinitely recurse when it attemps to handle a request for a directory wnd the value of the DirectoryIndex directive is a single dot. Also likely to happen for anyother values of DirectoryIndex that will map back to the same directory. The handler now only considers regular files as being index candidates. No PR#s found. [Raymond S Brand ]
  • Ease configuration debugging by making TestCompile fall back to using "make" if the $MAKE variable is unset [Martin Kraemer]
  • Fixed the ServerSignature directive to work as documented. [Raymond S Brand ] PR#4248
  • Add "opt" (SysV-style) layout to config.layout. [Raymond S Brand ]
  • Add APACI --without-execstrip option which can be used to disable the stripping of executables on installation. This is very important for DSO and debugging situations. [Ralf S. Engelschall]
  • Add support for OS/2 (case insenstive filesystem, .exe suffix, etc) to APACI files and related scripts. [Yitzchak Scott-Thoennes , Ralf S. Engelschall] PR#4269
  • Add support for standalone mode in TPF [Joe Moenich ]
  • Fix number of bytes copied by read_connection() in src/support/ab.c [Jim Cox ] PR#4271
  • Fix special RewriteCond "-s" pattern matching. [Bob Finch ]
  • Fix value quoting in src/Configure script for ap_config_auto.h [Paul Sutton ]
  • Make sure RewriteLock can be used only in the global context, (i.e. outside of any sections) because it's a global facility of the rewrite engine. [Ralf S. Engelschall]
  • Fix the ownership delegation for proxy directory under `make install'. [Ralf S. Engelschall]
  • APACI would not correctly build suexec. [Maria Verina ] PR#4260
  • mod_mime_magic passed only the first 4k of a file to uncompress/gzip, but those tools sometimes do not produce any output unless a sufficient portion of the compressed file is input. Change to pass the entire file -- but only read 4k of output. [Marcin Cieslak ] PR#4097
  • "IndexOptions None" generated extra spaces at the end of each line. [] PR#3770
  • The "100 Continue" response wasn't being sent after internal redirects. [Jose KAHAN ] PR#3910, 3806, 3575
  • When padding the name with spaces for display, mod_autoindex would count &, <, and > in their escaped width, messing up the display. [Dean Gaudet] PR#4075, 3758
  • PORT: fixed a compilation problem on NEXT. [Jacques Distler ] PR#4130
  • r->request_time wasn't being set properly in certain error conditions. [Dean Gaudet] PR#4156
  • PORT: deal with UTS compiler error in http_protocol.c [Dave Dykstra ] PR#4189
  • Add ap_vrprintf() function. [John Tobey ] PR#4246
  • Fix the mod_mime hash table to work properly with locales other than C. [Dean Gaudet] PR#3427
  • Fix a memory leak which is exacerbated by certain configurations. [Dean Gaudet] PR#4225
  • Prevent clobbering saved IFS values in APACI. [Jim Jagielski]
  • Fix buffer overflows in ap_uuencode and ap_uudecode pointed out by "Peter 'Luna' Altberg " and PR#3422 [Peter 'Luna' Altberg , Ronald Tschal?r]
  • Make {Set,Unset,Pass}Env per-directory instead of per-server. [Ben Laurie]
  • Correct an apparent typo: on the Windows and MPE platforms, the htpasswd utility was limiting passwords to only 8 characters. [Ken Coar]
  • EBCDIC platforms: David submitted patches for two bugs in the MD5 digest port for EBCDIC machines: a) the htdigest utility overwrote the old contents of the digest file b) the Content-MD5 header value (ContentDigest directive) was wrong when the returned file was not converted from EBCDIC, but was a binary (e.g., image file) in the first place. [David McCreedy at IBM]
  • support/htpasswd now permits the password to be specified on the command line with the '-b' switch. This is useful when passwords need to be maintained by scripts -- particularly in the Win32 environment. [Ken Coar]
  • Win32: Win32 multiple services patch. Added capability to install and run multiple copies of apache as individual services.
  • Example 1: apache -n apache1 -i -f c:/httpd.conf Installs apache as service 'apache1' and associates c:/httpd.conf with that service. net start apache1 Starts apache1 service. net stop apache1 Stops apache1 service
  • Example 2: apache -n apache2 -i Installs apache as service 'apache2'. httpd.conf is located under the default server root (/apache/conf/httpd.conf). net start apache2 Starts apache2 service.
  • Example 3: apache -n apache3 -i -d c:/program files/apache Install apache as service 'apache3' and sets server root to c:/program files/apache.
  • Example 4: apache -n apache2 -k restart Restart apache2 service
  • [Keith Wannamaker, Ken Parzygnat, Bill Stoddard]
  • Correct the signed/unsigned character handling for the MD5 routines; mismatches were causing compilation problems with gcc -pedantic and in the TPF cross-compilation. [Ken Coar]
  • OS/2: Rework CGI handling to use spawn*() instead of fork/exec, achieving a roughly 5 fold speed up. [Brian Havard]
  • proxy ftp: instead of using the hardwired string "text/plain" as a fallback type for files served by the ftp proxy, use the ap_default_type() function to determine the configured type. This allows for special configurations like DefaultType gargle/blurb Additionally, add the Content-Encoding: header to FTP proxy replies when the encoding is defined (by the AddEncoding directive). Because it was missing, it was almost impossible to browse compressed files using the FTP proxy (works now perfectly in Communicator). The ftp proxy now also returns the Date: and Server: header lines (if not much else... This code is "somewhat" broken) like normal requests do. [Martin Kraemer]
  • Be more smart in APACI's configure script when determining the UID/GID for User/Group directives and use the determined UID/GID to initialize the permissions on the proxycachedir. [Dirk-Willem van Gulik, Ralf S. Engelschall]
  • Changed the forking-prior-to-cleanup in the proxy module to first check wether it actually needs to collect garbage. This reduces the number of fork()s from one/request to just the odd one an hour. [Dirk-Willem van Gulik]
  • Added proxy, auth and header support to src/support/ab.c. Added a README file to src/support/ [Dirk-Willem van Gulik]
  • Don't hard-code the path to AWK in --shadow bootstrapping Makefile. [Ralf S. Engelschall] PR#4050
  • Add support for DSO module compilation on BSD/OS 3.x. [Randy Terbush, Covalent Technologies]
  • Fix sed-substitutions in `make install': path elements like `httpd/conf' (for instance from an APACI configure --sysconfdir=/etc/httpd/conf option) were substituted with $(TARGET).conf, etc. Same for other strings with dots where the dot wasn't matched as plain text. [Ralf S. Engelschall]
  • PORT: Add support for FreeBSD 4.x [Ralf S. Engelschall]
  • Fix verbose output of APACI configure (option -v) [Martin Kraemer, Ralf S. Engelschall]