APACHE 2.2 STATUS: -*-text-*- Last modified at [$Date$] The current version of this file can be found at: * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS Documentation status is maintained seperately and can be found at: * docs/STATUS in this source tree, or * http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/STATUS Consult the following STATUS files for information on related projects: * http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS * http://svn.apache.org/repos/asf/apr/apr-util/trunk/STATUS Patches considered for backport are noted in their branches' STATUS: * http://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x/STATUS * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS Release history: [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases, while x.{even}.z versions are Stable/GA releases.] 2.2.11 : Tagged December 6, 2008. 2.2.10 : Released October 14, 2008. 2.2.9 : Released June 14, 2008. 2.2.8 : Released January 19, 2008. 2.2.7 : Tagged January 4, 2008. Not released. 2.2.6 : Released September 7, 2007. 2.2.5 : Tagged August 10, 2007, not released. 2.2.4 : Released on January 9, 2007 as GA. 2.2.3 : Released on July 28, 2006 as GA. 2.2.2 : Released on May 1, 2006 as GA. 2.2.1 : Tagged on April 1, 2006, not released. 2.2.0 : Released on December 1, 2005 as GA. 2.1.10 : Tagged on November 19, 2005, not released. 2.1.9 : Released on November 5, 2005 as beta. 2.1.8 : Released on October 1, 2005 as beta. 2.1.7 : Released on September 12, 2005 as beta. 2.1.6 : Released on June 27, 2005 as alpha. 2.1.5 : Tagged on June 17, 2005. 2.1.4 : not released. 2.1.3 : Released on February 22, 2005 as alpha. 2.1.2 : Released on December 8, 2004 as alpha. 2.1.1 : Released on November 19, 2004 as alpha. 2.1.0 : not released. Contributors looking for a mission: * Just do an egrep on "TODO" or "XXX" in the source. * Review the bug database at: http://issues.apache.org/bugzilla/ * Review the "PatchAvailable" bugs in the bug database: https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&keywords=PatchAvailable After testing, you can append a comment saying "Reviewed and tested". * Open bugs in the bug database. CURRENT RELEASE NOTES: * Forward binary compatibility is expected of Apache 2.2.x releases, such that no MMN major number changes will occur. Such changes can only be made in the trunk. * All commits to branches/2.2.x must be reflected in SVN trunk, as well, if they apply. Logical progression is commit to trunk, get feedback and votes on list or in STATUS, then merge into branches/2.2.x, as applicable. RELEASE SHOWSTOPPERS: None PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] PATCHES/ISSUES THAT ARE STALLED * mod_ssl: Add server name indication (RFC 4366) support (PR 34607). Trunk version of patches: http://svn.apache.org/viewvc?view=rev&revision=606190 http://svn.apache.org/viewvc?view=rev&revision=607420 http://svn.apache.org/viewvc?view=rev&revision=607425 http://svn.apache.org/viewvc?view=rev&revision=611216 http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?r1=611216&r2=630436 http://svn.apache.org/viewvc?view=rev&revision=662815 Backport version for 2.2.x of updated patch: http://people.apache.org/~fuankg/diffs/httpd-2.2.x-sni.diff +1: fuankg +0: like ssl upgrade of 2.2, perhaps this is a good reason to bring httpd-2.4 to completion? vhost changes could be disruptive to third party module authors. -1: rpluem: jorton found some problems with the trunk version and they should be fixed / discussed in trunk before we backport. pquerna: Until issues for this feature are fixed in trunk, we can not backport it. * srclib/pcre and vendor/pcre http://www.vuxml.org/freebsd/pkg-pcre.html update to pcre-7.8 +1: pgollucci, pquerna -0: covener: Don't We get a pass on some of these issues for building without UTF-8 support and/or not having ever moved past 5.x? It's not always crisp from the advisories. I'd hate to jump up to 7.8 and pick up unknown exposures from an expanding codebase. pquerna says: We can't protect ourselves from our dependencies by _not_ upgrading -- the best policy IMO is to follow them, 5.x is not going to be maintained. +0 -1: niq: since pcre just got deleted from trunk, this isn't even a backport being proposed. It's an untested change over their major versions, when we promise binary-compatibility! If we're in the business of untested changes, then make the sane one and just stop bundling it altogether. -1: rpluem: Agree with niq on binary compatibility argument. But IMHO unbundling it is also not possible with 2.2.x for the same reason. IMHO this has to wait until 2.4. -1: sctemme: This is one of the perils of bundling, but IMHO for 2.2.x we're stuck with it. And if that starts inheriting us security issues that we can't fix, all the more reason to retire the branch. pgollucci volunteers pgollucci replies: known to work on freebsd see the WITH_PCRE_FROM_PORTS option in www/apache22. backport/merge 5.0v7.8 into vendor/pcre/current +1 -0 +0 -1: pgollucci * core, authn/z: Avoid calling access control hooks for internal requests with configurations which match those of initial request. Revert to original behaviour (call access control hooks for internal requests with URIs different from initial request) if any access control hooks or providers are not registered as permitting this optimization. Introduce wrappers for access control hook and provider registration which can accept additional mode and flag data. Convert common provider version strings to macros. The core purpose of this pile of patches is to avoid unnecessary authn/z hooks when a single request spawns large numbers of internal requests to which an identical set of httpd configurations apply. This permits modules such as mod_authn_dbd and mod_dav to work together acceptably. Because certain external modules such as mod_authz_svn rely on the old behaviour, this optimization can be made only when all authn/z hooks and providers are registered with the appropriate flag. It would be excellent if Windows and NetWare people could ensure this builds correctly. In particular, mod_auth.h must be included into request.c and I've left mod_auth.h under modules/aaa rather than try to replicate wrowe's work in trunk moving all the include files around. I'm open to suggestions that this remain in trunk only, but in that case, it would be very helpful to know whether most people expect a 2.4 branch or just a 3.0 branch to be next. If 3.0, some of the backwards compatibility work could potentially be ditched. Trunk version of patches: http://svn.apache.org/viewvc?view=rev&revision=644525 http://svn.apache.org/viewvc?view=rev&revision=644562 (trunk MMN bump) http://svn.apache.org/viewvc?view=rev&revision=645395 http://svn.apache.org/viewvc?view=rev&revision=645472 http://svn.apache.org/viewvc?view=rev&revision=645540 http://svn.apache.org/viewvc?view=rev&revision=646445 (reverted by r659160) http://svn.apache.org/viewvc?view=rev&revision=658046 http://svn.apache.org/viewvc?view=rev&revision=659160 Backport version for 2.2.x of patch: http://people.apache.org/~chrisd/patches/walk_cache/walk_cache-2.2.x.patch +1: chrisd -0: jim (would prefer to see in 2.4, and to push 2.4 out) * beos MPM: Create pmain pool and run modules' child_init hooks when entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run(). Otherwise modules' child_init hooks appear to never be executed. Also, destroying pmain ensures that cleanups registered in modules' child_init hooks are performed (e.g., mod_log_config and mod_dbd). Trunk version of patch: http://svn.apache.org/viewvc?view=rev&revision=491922 2.2.x version of patch: http://people.apache.org/~chrisd/patches/mod_dbd_pools_groups/mpm_child_init-beos-2.2.x.patch +0: chrisd (abstaining; unable to test) * PKCS#7: backport PCKS#7 patches from trunk. +1 ben jerenkrantz: What's the revision number to backport? wrowe asks: ditto jerenkrantz sctemme: svn blame suggests r424707 rpluem: Digging through the history suggests that r424735 r424821 r424823 need to be added to this. See also http://mail-archives.apache.org/mod_mbox/httpd-dev/200607.mbox/%3c20060723093125.GA19423@redhat.com%3e and follow ups for more details.