Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 1.3b6 Changelog
  • PORT: Clean up warnings on Ultrix and HPUX. [Ben Hyde] Adding DSO support for the HP/UX platform by emulating the dlopen-style interface via the similar but proprietary HP/UX shl_xxx-style system calls. [Ralf S. Engelschall]
  • PORT: Updated UnixWare 2.0.x and 2.1.x entries for DSO support and made APACI Makefile.tmpl "install" target more robust for sensible UnixWare Make. [Ralf S. Engelschall]
  • ++++ THE BIG SYMBOL RENAMING ++++ To avoid symbol clashes with third-party code compiled into the server, we globally applied the prefix "ap_" to the following classes of functions: - Apache provided general functions (e.g., ap_cpystrn) - Public API functions (e.g., palloc, bgets) - Private functions which we can't make static (because of cross-object usage) but should be (e.g., new_connection) For backward source compatibility a new header file named compat.h was created which provides defines for the old symbol names and can be used by third-party module authors. [The Apache Group]
  • Added dynamic shared object (DSO) support for SVR4-derivates: The problem under SVR4 is that there is no command flag to force the linker to export the global symbols of the httpd executable therewith they are available to the DSO's. Instead of problematic hacks like creating a dummy.so file (containing dummy references to all global symbols) the httpd binary is linked against, we use a clean trick stolen from Perl 5: Placing the Apache core code itself into a DSO library named libhttpd.so. This way the global symbols _HAVE_ to be exported and thus are available to any manually loaded DSO's under runtime. To reduce the impact to the user to null we go even further and create a stub httpd executable which automatically keeps track of the DSO library loading itself and thus hides the complete mechanism from the user. Although the generation of this DSO library is automatically triggered for platforms which essentially need it (mostly all SVR4-derivates) it can be also enabled manually via the Rule SHARED_CORE. This can be interesting in the future where we perhaps exploit this libhttpd.so mechanism for providing nifty features like graceful upgrades, or whatever. [Ralf S. Engelschall, Martin Kraemer]
  • Build the libraries before building the rest of the tools. [Ben Hyde]
  • Add "distclean" target to src/-Makefiles to provide "make distclean" also inside the src subtree (i.e. for non-APACI users). Following GNU Makefile conventions while "clean" removes only stuff created by "all" targets, "distclean" additionally removes the stuff from the configuration process. This way "make distclean" (hence the name) provides a fresh source tree as it was for distribution. [Ralf S. Engelschall]
  • Allow top-level (APACI) Makefile to break on build errors the same way the src/ subtree Makefiles breaks on them by replacing the initial APACI sed-subdir-display-kludge with a more clean variable-passing-solution: variable SDP can optionally hold the subdir prefix which is consistently used for displaying the subdir movement. This way even the top-level Makefile can stop correctly on errors as the user expects. [Ralf S. Engelschall]
  • Fixed ordering of argument checks for RewriteBase directive. [Todd Eigenschink ] PR#2045
  • Change Win32 IS_MODULE to SHARED_MODULE to match Unix' method of indicating that a module is being compiled for dynamic loading. Also remove #define IS_MODULE from modules and add SHARED_MODULE define to the mak/dsp files. [Alexei Kosut]
  • Reduce logging level of "normal" warning messages to APLOG_INFO, since we are now logging APLOG_WARNING by default. [Roy Fielding]
  • PORT: OS/2 tweak to deal with multiple .exe targets. [Brian Havard] Add documentation file and src/Configuration.tmpl entry for the experimental mod_mmap_static module. Because although it is and marked as an experimental one it is distributed and thus should be documented and prepared for configuration the same way as all others modules. [Ralf S. Engelschall]
  • Add query (-q) option to apxs support tool to be able to manually query specific settings from apxs. This is needed for instance when you manually want to access Apache's header files and you need to assemble the -I option. Now you can do -I`apxs -q INCLUDEDIR`. [Ralf S. Engelschall]
  • Now src/Configure uses a fallback strategy for the shared object support on platforms where no explicit information is available: If a Perl installation exists we ask it about its shared object support and if it's the dlopen-style one we shamelessly guess the compiler and linker flags for creating shared objects from Perls knowledge. Of course, the user is warning about what we are doing and informed that he should send us the guessed flags when they work. [Ralf S. Engelschall]
  • Provide APACI --without-support option to be able to disable the build and installation of the support tools from the src/support/ area. Although its useful to have these installed per default we should provide a way to compile and install without them for backward-compatibility. [Ralf S. Engelschall]
  • Add of the new APache eXtenSion (apxs) support tool for building and installing modules into an _already installed_ Apache package through the dynamic shared object (DSO) mechanism [mod_so.c]. The trick here is that this approach actually doesn't need the Apache source tree. The (APACI-installed) server package is enough, because this now includes the Apache C header files (PREFIX/include) and the new APXS tool (SBINDIR/apxs). The intend is to provide a handy tool for third-party module authors to build their Apache modules _OUTSIDE_ the Apache source tree while avoiding them to fiddle around with the totally platform dependend way of compiling DSO files. The tool supports all ranges of modules, from trivial ones (single mod_foo.c) to complex ones (like PHP3 which has a mod_php3.c plus a pre-built libmodphp3-so.a) and even can on-the-fly generate a minimalistic Makefile and sample module for the first step to provide both a quick success event and to demonstrate the APXS mechanism to module authors. [Ralf S. Engelschall]
  • Fix core dumps in use of CONNECT in proxy. [] PR#1326, #1573, #1942
  • Modify the log directives in httpd.conf-dist files to use CustomLog so that users have examples of how CustomLog can be used. [Lars Eilebrecht]
  • Add the new Apache Autoconf-style Interface (APACI) for the top-level of the Apache distribution tree. Until Apache 1.3 there was no real out-of-the-box batch-capable build and installation procedure for the complete Apache package. This is now provided by a top-level "configure" script and a corresponding top-level "Makefile.tmpl" file. The goal is to provide a GNU Autoconf-style frontend which is capable to both drive the old src/Configure stuff in batch and additionally installs the package with a GNU-conforming directory layout. Any options from the old configuration scheme are available plus a lot of new options for flexibly customizing Apache. [Ralf S. Engelschall]
  • The floating point ap_snprintf code wasn't threadsafe. Had to remove the HAVE_CVT macro in order to do threadsafe calling of the ?cvt() floating point routines. [Dean Gaudet]
  • PORT: Add the SCO_SV port. [Jim Jagielski] PR#1962
  • PORT: IRIX needs the -n32 flag iff using the 'cc' compiler [Jim Jagielski] PR#1901
  • BUG: Configure was using TCC and CC inconsistently. Make sure Configure knows which CC we are using. [Jim Jagielski]
  • "Options +Includes" wasn't correctly merged if "+IncludesNoExec" was defined in a parent directory. [Lars Eilebrecht]
  • API: ap_snprintf() code mutated into ap_vformatter(), which is a generic printf-style routine that can call arbitrary output routines. Use this to replace http_bprintf.c. Add new routines psprintf(), pvsprintf() which allocate the exact amount of memory required for a string from a pool. Use psprintf() to clean up various bits of code which used ap_snprintf()/pstrdup(). [Dean Gaudet]
  • PORT: HAVE_SNPRINTF doesn't do anything any longer. This is because ap_snprintf() has different semantics and formatting codes than snprintf(). [Dean Gaudet]
  • SIGXCPU and SIGXFSZ are now reset to SIG_DFL at boot-time. This is necessary on at least Solaris where the /etc/rc?.d scripts are run with these signals ignored, and "SIG_IGN" settings are maintained across exec(). [Rein Tollevik ] PR#2009
  • Fix the check for symbolic links in ``RewriteCond ... -l'': stat() was used instead of lstat() and thus this flag didn't work as expected. [Rein Tollevik ] PR#2010
  • Fix the proxy pass-through feature of mod_rewrite for the case of existing QUERY_STRING now that mod_proxy was recently changed because of the new URL parsing stuff. [Ralf S. Engelschall]
  • A few changes to scoreboard definitions which helps gcc generate better code. [Dean Gaudet]
  • ANSI C doesn't guarantee that "int foo : 2" in a structure will be a signed bitfield. So mark a few bitfields as signed to ensure correct code. [Dean Gaudet]
  • The default for HostnameLookups was changed to Off, but there was a problem and it wasn't taking effect. [Dean Gaudet]
  • PORT: Clean up undefined signals on some platforms (SCO, BeOS). [Dean Gaudet]
  • After a SIGHUP the listening sockets in the parent weren't properly marked for closure on fork(). [J?rgen Keil ] PR#2000 Allow %2F in two situations: 1) it is in the query part of the URI, therefore not exposed to %2F -> '/' translations and 2) the request is a proxy request, so we're not dealing with a local resource anyway. Without this, the proxy would fail to work for any URL's with %2f in them (occurs quite often in http://.../cgi-bin/...?http%3A%2F%2F... references) [Martin Kraemer]
  • Protect against FD_SETSIZE mismatches. [Dean Gaudet]
  • Make the shared object compilation command more portable by avoiding the direct combination of `-c' & `-o' which is not honored by some compilers like UnixWare's cc. [Ralf S. Engelschall]
  • WIN32: the proxy was creating filenames missing the last four characters. While this normally doesn't stop anything from working, it can result in extra collisions. [Tim Costello ] PR#1890
  • Now mod_proxy uses the response string (in addition to the response status code) from the already used FTP SIZE command to setup the Content-Length header if available. [Ralf S. Engelschall] PR#1183
  • Reanimated the (still undocumented) proxy receive buffer size directive: Renamed from ReceiveBufferSize to ProxyReceiveBufferSize because the old name was really too generic, added documentation for this directive to the mod_proxy.html and corrected the hyperlink to it in the new_features_1.3.html document. [Ralf S. Engelschall] PR#1348
  • Fix a bug in the src/helpers/fp2rp script and make it a little bit faster [Martin Kraemer] Make Configure die when you give it an unknown command switch. [Ben Hyde]
  • Add five new and fresh manpages for the support programs: dbmmanage.1, suexec.8, htdigest.1, rotatelogs.8 and logresolve.8. Now all up-to-date and per default compiled support programs have manual pages - just to document our stuff a little bit more and to be able to do really Unix-like installations ;-) [Ralf S. Engelschall]
  • Major cleanups to the Configure script to make it and its generated Makefiles again readable and maintainable: add SRCDIR option, removed INCLUDES_DEPTH[0-2] kludge, cleanup of TARGET option, cleanup of generated sections, consequently added Makefile headers with inheritance information, added subdir movement messages for easier following where the build process currently stays (more verbose then standard Make, less verbose than GNU make), same style to comments in the Configure script, added Apache license header, fixed a few bugs, etc. [Ralf S. Engelschall] Add the new ApacheBench program "ab" to src/support/: This is derived from the ZeusBench benchmarking program and can be used to determine the response performance of an Apache installation. This version is officially licensed with Zeus Technology, Ltd. See the license agreement statements in <199803171224.NAA24547 en1.engelschall.com> in apache-core. [Ralf S. Engelschall]
  • API: Various core functions that are definately not part of the API have been made static, and a few have been marked API_EXPORT. Still more have been marked CORE_EXPORT and are not intended for general use by modules. [Doug MacEachern, Dean Gaudet]
  • mod_proxy was not clearing the Proxy-Connection header from requests; now it does. This did not violate any spec, however causes poor interactions when you are talking to remote proxies. [Marc Slemko] PR#1741
  • Various cleanups to the command line interface and manual pages. [Ralf S. Engelschall]
  • cfg_getline() was not properly handling lines that did not end with a line termination character. [Marc Slemko] PR#1869, 1909
  • Performance tweak to mod_log_config. [Dmitry Khrustalev]
  • Clean up some undocumented behavior of mod_setenvif related to "merging" two SetEnvIf directives when they match the same header and regex. Document that mod_setenvif will perform comparisons in the order they appear in the config file. Optimize mod_setenvif by doing more work at config time rather than at runtime. [Dean Gaudet]
  • src/include/ap_config.h now wraps it's #define's with #ifndef/#endif's to allow for modules to overrule them and to reduce redefinition warnings [Jim Jagielski]
  • [PORT] For A/UX change the OS-#define for -DAUX to -DAUX3. [Jim Jagielski]
  • Making the hard-coded cross-module function call mime_find_ct() (from mod_proxy to mod_mime) obsolete by making sure the API hook for MIME type checking is really called even for proxy requests except for URLs with HTTP schemes (because there we can optimize by not running the type checking hooks due to the fact that the proxy gets the MIME Content-type from the remote host later). This change cleans up mod_mime by removing the ugly export kludge, makes the one-liner file mod_mime.h obsolete, and especially unbundles mod_proxy and mod_mime. This way they both now can be compiled as shared objects and are no longer tied together. [Ralf S. Engelschall]
  • util.c cleanup and speedup. [Dean Gaudet]
  • API: Clarification, pstrndup() will always copy n bytes of the source and NUL terminate at the (n+1)st byte. [Dean Gaudet]
  • Mark module command_rec and handler_rec structures const so that they end up in the read-only data section (and are friendlier to systems that don't do optimistic memory allocation on fork()). [Dean Gaudet]
  • Add check to the "Port" directive to make sure the specified port is in the appropriate range. [Ben Hyde]
  • Performance improvements to invoke_handler(). [Dmitry Khrustalev ]
  • Added support for building shared objects even for library-style modules (which are built from more than one object file). This now provides the ability to build mod_proxy as a shared object module. Additionally modules like mod_example are now also supported for shared object building because the generated Makefiles now no longer assume there is at least one statically linked module. [Ralf S. Engelschall]
  • API: Clarify usage of content_type, handler, content_encoding, content_language and content_languages fields in request_rec. They must always be lowercased; and the strings pointed to shouldn't be modified (you must copy them to modify them). Fix a few bugs related to this. [Dean Gaudet]
  • API: Clarification: except for RAW_ARGS, all command handlers can treat the char * parameters as permanent, and modifiable. There is no need to pstrdup() them. Clean up some needless pstrdup(). [Dean Gaudet]
  • Now mod_so keeps track of which module shared objects with which names are loaded and thus avoids multiple loading and unloading and irritating error_log messages. [Ralf S. Engelschall]
  • Prior to the existence of mod_setenv it was necessary to tweak the TZ environment variable in the apache core. But that tweaking interferes with mod_setenv. So don't tweak if the user has specified an explicit TZ variable. [Jay Soffian ] PR#1888
  • rputs() did not calculate r->sent_bodyct properly. [Siegmund Stirnweiss ] PR#1900
  • The CGI spec says that REMOTE_HOST should be set to the remote hosts's name, or left unset if this value is unavailable. Apache was setting it to the IP address when unavailable. [Tony Finch ] PR#1925
  • Various improvements to the configuration and build support for compiling modules as shared objects. Especially Solaris 2.x, SunOS 4.1, IRIX and OSF1 support with GCC and vendor compilers was added. This way shared object support is now provided out-of-the-box for FreeBSD, Linux, Solaris, SunOS, IRIX and OSF1. In short: On all major platforms! [Ralf S. Engelschall]
  • Minor cleanup in http_main -- split QNX and OS2 specific "mmap" scoreboard code into separate #defines -- USE_POSIX_SCOREBOARD and USE_OS2_SCOREBOARD. [Dean Gaudet]
  • Fix one more special locking problem for RewriteMap programs in mod_rewrite: According to the documentation of flock(), "Locks are on files, not file descriptors. That is, file descriptors duplicated through dup(2) or fork(2) do not result in multiple instances of a lock, but rather multiple references to a single lock. If a process holding a lock on a file forks and the child explicitly unlocks the file, the parent will lose its lock.". To overcome this we have to make sure the RewriteLock file is opened _AFTER_ the childs were spawned which is now the case by opening it in the child_init instead of the module_init API hook. [Ralf S. Engelschall] PR#1029
  • Change to Location and LocationMatch semantics. LocationMatch no longer lets a single slash match multiple adjacent slashes in the URL. This change is for consistency with RewriteRule and AliasMatch. Multiple slashes have meaning in URLs that they do not have in (some) filesystems. Location on the other hand can be considered a shorthand for a more complicated regex, and it does match multiple slashes with a single slash -- which is also consistent with the Alias directive. [Dean Gaudet] related PR#1440
  • Fix bug with mod_mime_magic causing certain files, including files of length 0, to result in no response from the server. [Dean Gaudet]
  • The Configure script now generates src/include/ap_config.h which contains the set of defines used when Apache is compiled on a platform. This file can then be included by external modules before including any Apache header files in case they are being built separately from Apache. Along with this change, a couple of minor changes were made to make Apache's #defines coexist peacefully with any autoconf defines an external module might have. [Rasmus Lerdorf]
  • Fix mod_rewrite for the ugly API case where sections exist but without any RewriteXXXXX directives. Here mod_rewrite is given no chance by the API to initialize its per-server configuration and thus receives the wrong one from the main server. This is now avoided by remembering the server together with the config structure while configuring and later assuming there is no config when we see a difference between the remembered server and the one calling us. [Ralf S. Engelschall] PR#1790
  • Fixed the DBM RewriteMap support for mod_rewrite: First the support now is automatically disabled under configure time when the dbm_xxx functions are not available. Second, two heavy source code errors in the DBM support code were fixed. This makes DBM RewriteMap's usable again after a long time of brokenness. [Ralf S. Engelschall] PR#1696
  • Now all configuration files support Unix-style line-continuation via the trailing backslash ("\") character. This enables us to write down complex or just very long directives in a more readable way. The backslash character has to be really the last character before the newline and it has not been prefixed by another (escaping) backslash. [Ralf S. Engelschall]
  • When using ProxyPass the ?querystring was not passed correctly. [Joel Truher ]
  • To deal with modules being compiled and [dynamically] linked at a different time from the core, the SERVER_VERSION and SERVER_BUILT symbols have been abstracted through the new API routines apapi_get_server_version() and apapi_get_server_built(). [Ken Coar] PR#1448
  • WIN32: Preserve trailing slash in canonical path (and hence in PATH_INFO). [Paul Sutton, Ben Laurie]
  • PORT: USE_PTHREAD_SERIALIZED_ACCEPT has proven unreliable depending on the rev of Solaris and what mixture of modules are in use. So it has been disabled, and Solaris is back to using USE_FCNTL_SERIALIZED_ACCEPT. Users may experiment with USE_PTHREAD_SERIALIZED_ACCEPT at their own risk, it may speed up static content only servers. Or it may fail unpredictably. [Dean Gaudet] PR#1779, 1854, 1904
  • mod_test_util_uri.c created which tests the logic in util_uri.c. [Dean Gaudet]
  • API: Rewrite of absoluteURI handling, and in particular how absoluteURIs match vhosts. Unless a request is a proxy request, a "http://host" url is treated as if a similar "Host:" header had been supplied. This change was made to support future HTTP/1.x protocols which may require clients to send absoluteURIs for all requests.
  • In order to achieve this change subtle changes were made to the API. In a request_rec, r->hostlen has been removed. r->unparsed_uri now exists so that the unmodified uri can be retrieved easily. r->proxyreq is not set by the core, modules must set it during the post_read_request or translate_names phase.
  • Plus changes to the virtualhost test suite for absoluteURI testing.
  • This fixes several bugs with the proxy proxying requests to vhosts managed by the same httpd. [Dean Gaudet]
  • API: Cleanup of code in http_vhost.c, and remove vhost matching code from mod_rewrite. The vhost matching is now performed by a globally available function matches_request_vhost(). [Dean Gaudet]
  • Reduce memory usage, and speed up ServerAlias support. As a side-effect users can list multiple ServerAlias directives and they're all considered. [Chia-liang Kao ] PR#1531
  • The "poly" directive in image maps did not include the borders of the polygon, whereas the "rect" directive does. Fix this inconsistency. [Konstantin Morshnev ] PR#1771
  • Make \\ behave as expected. []
  • Add the `%a' construct to LogFormat and CustomLog to log the client IP address. [Todd Eigenschink ] PR#1885
  • API: A new source module main/util_uri.c; It contains a routine parse_uri_components() and friends which breaks a URI into its component parts. These parts are stored in a uri_components structure called parsed_uri within each request_rec, and are available to all modules. Additionally, an unparse routine is supplied which re-assembles the URI components back to an URI, optionally hiding the username:password@ part from ftp proxy requests, and other useful routines. Within the structure, you find on a ready-for-use basis: scheme; /* scheme ("http"/"ftp"/...) */ hostinfo; /* combined [user[:password]@]host[:port] */ user; /* user name, as in http://user:passwd@host:port/ */ password; /* password, as in http://user:passwd@host:port/ */ hostname; /* hostname from URI (or from Host: header) */ port_str; /* port string (integer representation is in "port") */ path; /* the request path (or "/" if only scheme://host was given) */ query; /* Everything after a '?' in the path, if present */ fragment; /* Trailing "#fragment" string, if present */ This is meant to serve as the platform for *BIG* savings in code complexity for the proxy module (and maybe the vhost logic). [Martin Kraemer]
  • Make all possible meta-construct expansions ($N, %N, %{NAME} and ${map:key}) available for all location where a string is created in mod_rewrite rewriting rulesets: 1st arg of RewriteCond, 2nd arg of RewriteRule and for the [E=NAME:STRING] flag of RewriteRule. This way the possible expansions are consequently usable at all string creation locations. [Ralf S. Engelschall]
  • Fix initialization of RewriteLogLevel (default now is 0 as documented and not 1) and the per-virtual-server merging of directives. Now all directives except `RewriteEngine' and `RewriteOption' are either completely overridden (default) or completely inherited (when `RewriteOptions inherit') is used. [Ralf S. Engelschall] PR#1325
  • Fix `RewriteMap' program lookup in situations where such maps are defined but disabled (`RewriteEngine off') in per-server context. [Ralf S. Engelschall] PR#1431
  • Fix bug introduced in 1.3b4-dev, config with no Port setting would cause server to bind to port 0 rather than 80. [Dean Gaudet]
  • Fix long-standing problem with RewriteMap _programs_ under Unix derivates (like SunOS and FreeBSD) which don't accept the locking of pipes directly. A new directive RewriteLock is introduced which can be used to setup a separate locking file which then is used for synchronization. [Ralf S. Engelschall] PR#1029
  • WIN32: The server root is obtained from the registry key HKLM\SOFTWARE\Apache Group\Apache\ (version is currently "1.3 beta"), unless overridden by the -d command line flag. The value is stored by running "apache -i -d serverroot". [Paul Sutton]
  • Merged os/win32/mod_dll.c into modules/standard/mod_so.c to support dynamic loading on Win32 and Unix via the same module. [Paul Sutton]
  • Now mod_rewrite no longer makes problematic assumptions on the characters a username can contain when trying to expand it via /etc/passwd. [Ralf S. Engelschall]
  • The mod_setenvif BrowserMatch backwards compatibility command did not work properly with spaces in the regex. [Ronald Tschalaer] PR#1825
  • Add new RewriteMap types: First, `rnd' which is equivalent to the `txt' type but with a special post-processing for the looked-up value: It parses it into alternatives according to `|' chars and then only one particular alternative is chosen randomly (this is an essential functionality needed for balancing between backend-servers when using Apache as a Reverse Proxy. The looked up value here is a list of servers). Second, `int' with the built-in maps named `tolower' and `toupper' which can be used to map URL parts to a fixed case (this is an essential feature to fix the case of server names when doing mass virtual-hosting with the help of mod_rewrite instead of using sections). [Ralf S. Engelschall, parts based on code from Jay Soffian ] PR#1631
  • Add a new directive to mod_proxy similar to ProxyPass: `ProxyPassReverse'. This directive lets Apache adjust the URL in Location-headers on HTTP redirect responses sent by the remote server. This way the virtually mapped area is no longer left on redirects and thus by-passed which is especially essential when running Apache as a reverse proxy. [Ralf S. Engelschall]
  • Hide Proxy-Authorization from CGI/SSI/etc just like Authorization is hidden. [Alvaro Martinez Echevarria]
  • Apache will, when started with the -X (single process) debugging flag, honor the SIGINT or SIGQUIT signals again now. This capability got lost a while ago during OS/2 signal handling changes.
  • [PORT] Work around the fact that NeXT runs on more than the m68k chips in mod_status [Scott Anguish and Timothy Luoma ]
  • [PORT] Recognize FreeBSD versions so we can use the OS regex as well as handling unsigned-chars for FreeBSD v3 and v2 [Andrey Chernov and Jim] PR#1450
  • Use SA_RESETHAND or SA_ONESHOT when installing the coredump handlers. In particular the handlers could trigger themselves into an infinite loop if RLimitMem was used with a small amount of memory -- too small for the signal stack frame to be set up. [Dean Gaudet]
  • Fix problems with absoluteURIs introduced during 1.3b4. [Dean Gaudet, Alvaro Martinez Echevarria ]
  • Fix multiple UserDir problem introduced during 1.3b4-dev. [Dean Gaudet] PR#1850
  • ap_cpystrn() had an off-by-1 error. [Charles Fu ] PR#1847
  • API: As Ken suggested the check_cmd_context() function and related defines are non-static now so modules can use 'em. [Martin Kraemer]
  • mod_info would occasionally produce an unpaired in its output. Fixed. [Martin Kraemer]
  • By default AIX binds a process (and it's children) to a single processor. httpd children now unbind themselves from that cpu and re-bind to one selected at random via bindprocessor() [Doug MacEachern]
  • Linux 2.0 and above implement RLIMIT_AS, RLIMIT_DATA has almost no effect. Work around it by using RLIMIT_AS for the RLimitMEM directive. [Enrik Berkhan ] PR#1816
  • mod_mime_magic error message should indicate the filename when reads fail. ["M.D.Parker" ] PR#1827
  • Previously Apache would permit to end (and similary for Location and Directory), now this is diagnosed as an error. Improve error messages for mismatched sections (, , , , ...). [Dean Gaudet, Martin Kraemer]
  • is not permitted within (because of the semantic ordering). [Dean Gaudet] PR#379
  • with wildcards was broken by the change in wildcard semantics (* does not match /). To fix this, now apply only to the basename of the request filename. This fixes some other inconsistencies in semantics (such as not working). [Dean Gaudet] PR#1817
  • Removed bogus "dist.tar" target from Makefile.tmpl and make sure backup files are removed on "clean" target [Ralf S. Engelschall]
  • PORT: Add -lm to LIBS for HPUX. [Dean Gaudet] PR#1639
  • Various errors from select() and accept() in child_main() would result in an infinite loop. It seems these two tickle kernel or library bugs occasionally, and result in log spammage and a generally bad scene. Now the child exits immediately, which seems to be a good workaround. [Dean Gaudet] PR#1747, 1107, 588, 1787, 987, 588
  • Cleaned up some race conditions in unix child_main during initialization. [Dean Gaudet]
  • SECURITY: "UserDir /abspath" without a * in the path would allow remote users to access "/~.." and bypass access restrictions (but note /~../.. was handled properly). [Lauri Jesmin ] PR#1701
  • API: os_is_path_absolute() now takes a const char * instead of a char *. [Dean Gaudet]