1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
|
APACHE 2.4 STATUS: -*- mode: text; coding: utf-8 -*-
Last modified at [$Date$]
The current version of this file can be found at:
* http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/STATUS
Documentation status is maintained separately and can be found at:
* docs/STATUS in this source tree, or
* http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/docs/STATUS
The current development branch of this software can be found at:
* http://svn.apache.org/repos/asf/httpd/httpd/trunk
Consult the following STATUS files for information on related projects:
* http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS
* http://svn.apache.org/repos/asf/apr/apr/branches/1.4.x/STATUS
* http://svn.apache.org/repos/asf/apr/apr-util/branches/1.4.x/STATUS
Patches considered for backport are noted in their branches' STATUS:
* http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS
* http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS
* http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/STATUS
Release history:
[NOTE that x.{odd}.z versions are strictly Alpha/Beta releases,
while x.{even}.z versions are Stable/GA releases.]
2.4.10 : In development.
2.4.9 : Tagged on March 13, 2014.
2.4.8 : Tagged on March 11, 2014. Not released.
2.4.7 : Tagged on November 19, 2013. Released on Nov 25, 2013
2.4.6 : Tagged on July 15, 2013. Released July, 22, 2013
2.4.5 : Tagged on July 11, 2013, not released.
2.4.4 : Tagged on February 18, 2013. Released Feb 25, 2013
2.4.3 : Tagged on August 17, 2012. Released Aug 18, 2012
2.4.2 : Tagged on April 5, 2012. Released Apr 17, 2012.
2.4.1 : Tagged on February 13, 2012. Released Feb 21, 2012.
2.4.0 : Tagged on January 16, 2012, not released.
2.3.16 : Tagged on December 15, 2011.
2.3.15 : Tagged on November 8, 2011. Released Nov. 15, 2011.
2.3.14 : Tagged on August 1, 2011. Released Aug. 9, 2011.
2.3.13 : Tagged on June 28, 2011, not released.
2.3.12 : Tagged on May 11, 2011. Released May 23, 2011.
2.3.11 : Released as Beta on March 7, 2011.
2.3.10 : Tagged on December 13, 2010. Released Dec 21, 2010.
2.3.9 : Tagged on November 23, 2010, not released.
2.3.8 : Tagged on August 24, 2010.
2.3.7 : Tagged on August 19, 2010, not released.
2.3.6 : Released on June 21, 2010.
2.3.5 : Released on January 26, 2010.
2.3.4 : Released on December 8, 2009.
2.3.3 : Tagged on November 11, 2009, not released.
2.3.2 : Tagged on March 23, 2009, not released.
2.3.1 : Tagged on January 2, 2009, not released.
2.3.0 : Tagged on December 6, 2008, not released.
Contributors looking for a mission:
* Just do an egrep on "TODO" or "XXX" in the source.
* Review the bug database at: http://issues.apache.org/bugzilla/
* Review the "PatchAvailable" bugs in the bug database:
https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&keywords=PatchAvailable
After testing, you can append a comment saying "Reviewed and tested".
* Open bugs in the bug database.
* See also the STATUS file in the docs/ directory, which lists documentation-specific TODO items.
CURRENT RELEASE NOTES:
* Forward binary compatibility is expected of Apache 2.4.x releases, such
that no MMN major number changes will occur after 2.4.1. Such changes can
only be made in the trunk.
* All commits to branches/2.4.x must be reflected in SVN trunk,
as well, if they apply. Logical progression is commit to trunk
then merge into branches/2.4.x, as applicable.
* Current exceptions for RTC for this branch:
. mod_lua
. documentation
. non-Unix build
. non-Unix, single-platform code
RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
* mod_auth_form: Make sure the optional functions are loaded even when
the AuthFormProvider isn't specified. PR 56351.
trunk patch: https://svn.apache.org/r1531672
2.4.x patch: trunk patch works, modulo CHANGES
+1: minfrin, jim, ylavic
* rotatelogs: Avoid zombie processes on modern UNIX platforms
trunk patch: http://svn.apache.org/r1587255
+1: druggeri, ylavic, covener
* Merge mod_authnz_fcgi from trunk.
trunk:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c
http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authnz_fcgi.xml
and a line each in CMakeLists.txt and modules/aaa/config.m4
(It was never added to other build systems.)
See the 2.4.x patch mergeinfo for trunk revisions. I've also added a tiny
part of r1522544 to create an entry in os/win32/BaseAddr.ref.
2.4.x patch: http://people.apache.org/~trawick/authnz_fcgi-2.4.txt
The patch includes generated doc changes in order to carry eol-style.
+1: trawick, jim
+1: gsmith, please include r1588054 (tradional Win build)
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
* mod_slotmem_shm: Remove wonky and dangerous code that knows about APR
internals. We work fine w/o it anyway at this stage.
trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1561385
2.4.x patch: trunk works
+1: jim, ylavic
* proxy_util.c: Allow mod_rewrite to also use UDS for proxied links.
trunk patch: http://svn.apache.org/r1543174
http://svn.apache.org/r1560367
http://svn.apache.org/r1560546
http://svn.apache.org/r1560689
http://svn.apache.org/r1560979
http://svn.apache.org/r1561137
http://svn.apache.org/r1561660
2.4.x patch: trunk works
http://people.apache.org/~jim/patches/uds-rewrite.patch
+1: jim, humbedooh
ylavic: still being worked on, see issues here in the following thread
https://www.mail-archive.com/dev@httpd.apache.org/msg59276.html
jim: Isn't the issue an additional "feature" and not
a bug in the as-documented behavior?
ylavic: You're right, I'll add another proposal: -1 reverted.
* mod_deflate: Fix decompression of files larger than 4GB. According to RFC1952,
Input SIZE contains the size of the original input data modulo 2^32.
PR 56062.
Submitted by: [Lukas Bezdicka <social v3 sk>]
Committed by: jkaluza
trunk patch: http://svn.apache.org/r1572092
2.4.x patch: trunk works
+1: ylavic
ylavic: does not depend on r1572655 and al or r1572896 and al below,
these proposals can be backported in any order.
* mod_deflate: Fix reentrance in output and input filters (buffering of
incomplete Zlib header or validation bytes). PR 46146.
trunk patch: https://svn.apache.org/r1572655
https://svn.apache.org/r1572663
https://svn.apache.org/r1572668
https://svn.apache.org/r1572669
https://svn.apache.org/r1572670
https://svn.apache.org/r1572671
https://svn.apache.org/r1573224
https://svn.apache.org/r1586745
https://svn.apache.org/r1587594
https://svn.apache.org/r1587639
2.4.x patch: trunk works
+1: ylavic
ylavic: does not depend on r1572092 above or r1572896 and al below,
these proposals can be backported in any order.
* mod_deflate: Don't fail when asked to flush inflated data to the user-agent
and that coincides with the end of stream ("Zlib error flushing
inflate buffer"). PR 56196.
trunk patch: http://svn.apache.org/r1572896
http://svn.apache.org/r1572911
Submitted by: [Christoph Fausak <christoph fausak glueckkanja com>]
Committed by: ylavic
2.4.x patch: trunk works
+1: ylavic
ylavic: does not depend on r1572092 or r1572655 and al above,
these proposals can be backported in any order.
* mod_authn_socache: Fix creation of default socache_instance. Fixes crash
on startup if default socache_provider is used and
AuthnCacheEnable or AuthnCacheProvideFor is used.
This problem has been introduced in r1531961.
PR 56371.
Submitted/Committed by: jkaluza
trunk patch: http://svn.apache.org/r1576233
2.4.x patch: trunk works
+1: ylavic
* mod_alias: Fix segfault in mod_alias introduced in r1132494.
AliasMatch does not append unmatched parts of the original URI
to the new URI. So no need to subtract anything from the new URI length.
The existing code crashed when using "AliasMatch / /some/thing" and
sending a request with a long URI.
trunk patch: http://svn.apache.org/r1583175
2.4.x patch: trunk works
+1: rjung,
-1: covener would rather take this oppty to remove it from AliasMatch, the
prefix and docroot don't make sense.
* mod_ssl: Add SSLOCSPUseRequestNonce directive to control whether or not
OCSP requests should use a nonce to be checked against the responder's
one. PR 56233.
trunk patch: http://svn.apache.org/r1583191
http://svn.apache.org/r1584098
http://svn.apache.org/r1584665 (manual: use 2.4's backport
version instead of temporary
2.5-dev <compatibility> ref)
2.4.x patch: trunk works (modulo CHANGES)
+1: ylavic
* mod_expires: don't add Expires header to error responses (4xx/5xx),
be they generated or forwarded. PR 55669.
trunk patch: http://svn.apache.org/r1584430
http://svn.apache.org/r1584434
2.4.x patch: trunk works (modulo CHANGES)
+1: ylavic, covener
* mod_ssl: bring SNI behavior into better conformance with RFC 6066
(also addresses PR 56241)
trunk patch: https://svn.apache.org/r1585090
2.4.x patch: trunk patch works (modulo CHANGES)
+1: kbrand
* mod_ssl: only read "active" values from the key_files array (PR 56306)
trunk patch: https://svn.apache.org/r1585918
2.4.x patch: trunk patch works (modulo CHANGES)
+1: kbrand, ylavic
* mod_ssl: reverse the order when merging global and vhost-level config
arrays (PR 56353)
trunk patch: https://svn.apache.org/r1585919
2.4.x patch: trunk patch works (modulo CHANGES)
+1: kbrand, ylavic
* core: synch with trunk
- follow-up to r813376: finish reverting r808965 (ServerTokens set foo)
- tweak syntax strings for ServerTokens
trunk patch: https://svn.apache.org/r1514255
https://svn.apache.org/r1514267
2.4.x patch: http://people.apache.org/~jailletc36/r1514255.patch
+1: jailletc36, gsmith
* mod_proxy_wstunnel: wstunnel rollup for connection handling
trunk patch: http://svn.apache.org/r1587036 (set backend->close)
http://svn.apache.org/r1587040 (remove reqtimeout)
http://svn.apache.org/r1587053 (poll fixes / frontend connection close)
http://svn.apache.org/r1587654 (set backend->close)
2.4.x patch: http://people.apache.org/~covener/patches/httpd-2.4.x-wstunnel.diff
+1: covener
*) mod_headers: allow expr= in the value argument of Header/RequestHeader
trunk patch: http://svn.apache.org/r1546801
2.4.x patch: trunk works
+1 covener, gsmith
OTHER PROPOSALS
* A list of further possible backports can be found at:
http://people.apache.org/~rjung/patches/possible-backports-httpd-trunk-2_4.txt
If you want to propose one of those, please add them above.
PATCHES/ISSUES THAT ARE BEING WORKED
PATCHES/ISSUES THAT ARE STALLED
* core: Stop the HTTP_IN filter from attempting to write error buckets
to the output filters
trunk patch: https://svn.apache.org/viewvc?view=revision&revision=1482522
https://svn.apache.org/viewvc?view=revision&revision=1482918
2.4.x patch: /* working on it */
+1: jim
* mod_proxy: Ensure network errors detected by the proxy are returned as
504 Gateway Timout as opposed to 502 Bad Gateway
trunk patch: https://svn.apache.org/viewvc?view=revision&revision=1480058
2.4.x patch: trunk patch works modulo CHANGES
+1:
-1: rpluem: This change is still disputed. See
http://mail-archives.apache.org/mod_mbox/httpd-dev/201305.mbox/%3C1B16B9E3-87BA-4EEF-939C-7C7313B54714%40gbiv.com%3E
* cross-compile: allow to provide CC_FOR_BUILD so that gen_test_char will be
compiled by the build compiler instead of the host compiler.
Also set CC_FOR_BUILD to 'cc' when cross-compilation is detected.
Trunk patches: http://svn.apache.org/viewvc?view=revision&revision=1327907
http://svn.apache.org/viewvc?view=revision&revision=1328390
http://svn.apache.org/viewvc?view=revision&revision=1328714
2.4 patch: http://people.apache.org/~fuankg/diffs/httpd-2.4.x-cross_compile.diff
fuankg: on hold until we agree for a better and more simple solution ...
* mod_ssl: Add support for Next Protocol Negotiation.
Trunk patch:
http://svn.apache.org/viewvc?view=revision&revision=1332643
2.4.x patch:
Trunk patch works.
+1: ben
sf says: Needs r1345599, too.
And wrowe's comment about the 2.2 patch is also valid for 2.4:
http://svn.apache.org/viewvc?view=revision&revision=1354823
* Makefile.win: Added copying of .vbs / .wsf CGIs to Windows install target.
Moved fixing of shebang to separate target so that it is
no longer executed by default and all CGIs remain inactive.
trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1387984
http://svn.apache.org/viewvc?view=revision&revision=1421203
http://svn.apache.org/viewvc?view=revision&revision=1421591
2.4.x patch: http://people.apache.org/~fuankg/diffs/httpd-2.4.x-Makefile.win.diff
+1 fuankg, gsmith
-.8: trawick
This commit is essentially deciding that an httpd install on
Windows now has printenv/testcgi written in 2 more languages.
To the extent that the usefulness is that it shows how to make scripts
of these types executable by httpd, I believe that the documentation
is the proper place to solve that. To the extent that the usefullness
is to show how to implement a CGI in these particular languages, I believe
that the httpd distribution and documentation in general is not the
place for that. Historically these types of scripts have caused problems
for downstream vendorsas well as newbies (and sometimes the intersection
of those two groups) who don't understand that these are information leaks
once they are enabled, and the subtlety of the way they are disabled ("Apache
messed up the first line; let me fix that") contributes to that.
fuankg notes: I've just added a big warning to all CGI scripts which should now
make absolutely clear that these CGIs are for testing purpose only - so those
who enable those scripts with inserting the right shebang should be 100% aware
of any risks (this should cover your last point).
jim: trawick, does the above address your concerns?
trawick: to some extent (somebody reading the script gets an idea)
Why isn't the configuration requirement documented instead
of described indirectly in a sample?
Why are these new samples added to the install without three
votes? (I didn't veto it; put your name next to the two
existing ones and I'll be satisified that enough people
considered this addition as an appropriate solution for a
real httpd usability problem.)
wrowe: I'd agree with trawick, and suggest that these scripts can begin
their life somewhere in the manual/ tree. This really seems like
the place where /usr/share/httpd/examples/ would be useful, but
there isn't an ordinary directory for that. Since we want none
of the scripts to function 'out of the box', what about a new
cgi-examples/ dir alongside cgi-bin/? Otherwise manual/cgi/examples
might work?
|