Apache 2.0alpha7 Released ------------------------- The Apache Group is pleased to announce the release of the seventh public alpha release of Apache 2.0. Apache 2.0 offers numerous enhancements, improvements and performance boosts over the 1.3 codebase. The most visible and noteworthy addition is the ability to run Apache in a hybrid thread/process mode on any platform that supports both threads and processes. This has shown to improve the scalability of the Apache HTTPD server significantly in our early testing, on some versions of Unix. This release also greatly improves the performance and robustness of Apache on the Microsoft Windows Operating Systems. Lastly we are proud to announce support for BeOS in this version of the server. The newest development in Apache 2.0 is the addition of input filtering. This allows modules to filter data before the core server receives it from the network. The sixth alpha had support for output filtering only, this alpha adds input filtering as well. This feature is still in its infancy, and it is likely to change and evolve in the next few weeks. Apache 2.0a7 under UNIX has undergone some testing, but there are some known issues in the current release (hey, it is an "alpha" for a reason!). It is intended for developers and experienced Apache HTTPD administrators to play around with and work on. It is not a production release. If you do not feel comfortable compiling and working with code, the Apache Group strongly recommends that you wait for a more stable beta release before you try this version. Apache 2.0a7 under Windows has undergone some testing as well. There are known issues in the current release with regards to Apache on windows 95 and 98. We are working through those problems, and hope to have them fixed for future releases of the 2.0 alpha. There are new snapshots of the Apache httpd source available every 6 hours from http://dev.apache.org/from-cvs/apache-2.0/ - please download and test if you feel brave. We don't guarantee anything except that it will take up disk space, but if you have the time and skills, please give it a spin on your platforms. Apache has been the most popular web server on the Internet since April of 1996. The May 2000 WWW server site survey by Netcraft (see: http://www.netcraft.co.uk/Survey/) found that more web servers were using Apache than any other software running on more than 60% of the Internet web servers. For more information, please check out http://www.apache.org/httpd.html Changes with Apache 2.0a7 *) Fix mod_log_config so that it compiles cleanly with BUFFERED_LOGS [Mike Abbott ] *) Remove ap_send_fb. This is no longer used in Apache, and it doesn't make much sense, because Apache uses buckets instead of BUFFs now. [Ryan Bloom] *) send_the_file now falls back to a read/write loop on platforms that do not have sendfile. [Ryan Bloom and Brian Havard] *) Install apachectl correctly, and substitute the proper values so that it works again. [Ryan Bloom] *) Better(??) handle platforms that lack sendfile(). [Jim Jagielski] *) APR now has UUID generation/formatting/parsing support. [Greg Stein] *) Begin the http_filter. This is an input filter that understands the absolute basic amount required to parse an HTTP Request. The goal is to be able to split headers from request body before passing the data back to the other filters. [Ryan Bloom] *) Bring forward from 1.3.13 the config directory implementation [Jim Jagielski] *) install apxs if it is created [Ryan Bloom] *) Added APR_IS_STATUS_condition test macros to eliminate canonical error conversions. [William Rowe] *) Now that we have ap_add_input_filter(), rename ap_add_filter() to ap_add_output_filter(). [Jeff Trawick] *) Multiple build and configuration fixes Build process: -add datadir and localstatedir substitutions -fix layout name -fix logfilename misspelling -fix evaluation of installation dir variables and -replace $foobar by $(foobar) to be usefull in the makefile Cross compile: -add rules for cross-compiling in rules.mk. Okay, rule to check for $CC_FOR_BUILD is still missing -use CHECK_TOOL instead of CHECK_PROG for ranlib -add missing "AR=@AR@" to severaly Makefile.in's -cache result for "struct rlimit" -compile all helper programs with native and cross compiler and use the native version to generate header file ["Rüdiger" Kuhlmann ] *) Prepare our autoconf setup for autoconf 2.14a and for cross- compiling. ["Rüdiger" Kuhlmann ] *) Fix a bug where a client which only sends \n to delimit header lines (netcat) gets a strange looking HTTP_NOT_IMPLEMENTED message. Start working on ebcdic co-existance with input filtering. [William Rowe, Greg Ames] *) If mod_so is enabled in the server always create libexec, even if there are no modules installed in this directory. This is a requirement for APXS to work correctly. [Ryan Bloom] *) Connection oriented output filters are now stored in the conn_rec instead of the request_rec. This allows us to add the output filter in the pre-connection phase instead of the post_read_request phase, which keeps us from trying to write an error page before we have a filter to write to the network. [Ryan Bloom, Jeff Trawick, and Greg Ames] *) Cleaning up an mmap bucket no longer deletes the mmap. An mmap can be used across multiple buckets (default_handler with byte ranges, mod_file_cache, mod_mmap_static), so cleanup of the mmap itself can't be associated with the bucket. [Jeff Trawick] *) Add .dll caching directive ISAPICacheFile to mod_isapi. [William Rowe] *) Radical surgery to improve mod_isapi support under Win32. Includes a number of newer ServerSupportFunction calls, support for ReadClient (in order to retrieve POSTs greater than 48KB), and general bug fixes to more reliably load ISAPI .dll's and prevent leaking handle resources. Note: There are still discrepancies between IIS's and Apache's ServerVariables, and async calls are still not supported. Additional warnings are logged to facilitate debugging of unsupported ISAPI calls. [William Rowe] *) Add input filtering to Apache. The basic idea for the input filters is the same as the ideas for output filters. The biggest difference is that instead of calling ap_pass_brigade, ap_get_brigade should be called, and the order of execution for the filter itself is different. When writing an output filter, a brigade is passed in, and filters operate directly on that brigade, when done, they call ap_pass_brigade. Input filters are the exact opposite. Because input is not a push operation, filters first call ap_get_brigade. When this function returns, the input filter will be left with a valid brigade. The input filter should then operate on the brigade, and return. [Ryan Bloom] *) Fix building on BSD/OS using its native make. The build system falls back to the BSD .include directive on that host platform. [Sascha Schumann] *) Expand dbmmanage to allow -d -m -s -p options for Crypt, MD5, SHA1 and plaintext password encodings. Make feature tests a bit more flexible. [William Rowe] *) Charset translation: mod_charset_lite handles output content translation in a filter. mod_charset_lite no longer ignores subrequests. A bunch of cruft related to BUFF's support for translating response bodies was removed. [Jeff Trawick] *) Move the addition of the CORE filter to the post_read_request hook in http_core.c. This removes the need to add the filter in multiple places and allows for an SSL module to be added much simpler. [Ryan Bloom] *) Fix a security problem that affects certain configurations of mod_rewrite. If the result of a RewriteRule is a filename that contains expansion specifiers, especially regexp backreferences $0..$9 and %0..%9, then it may be possible for an attacker to access any file on the web server. [Tony Finch] *) Fix a bug where errors that are detected during early request parsing don't produce visible HTTP error messages at the browser, because the core_filter wasn't present. [Greg Ames] *) Provide apr_socklen_t as a portability aid. [Victor J. Orlikowski] *) Overhaul of dbmmanage to allow a groups arg (as in Apache 1.2) as well as a comment arg to the add, adduser and update cmds. update allows the user to clear or preserve pw/groups/comment. Fixed a bug in dbmmanage that prevented the check option from parsing a password followed by :group... text. Corrected the seed calcualation for Win32 systems, and added -lsdbm support. [William Rowe] *) Configured mod_auth_dbm to compile with sdbmlib under Win32. [William Rowe] *) Avoid a segfault when parsing .htaccess files. An uninitialized tree pointer was passed to ap_build_config(). [Jeff Trawick] *) Change the way that inet_addr & inet_network are checked for in APR's configure process to allow BeOS BONE to correctly find them. With this change BeOS BONE now builds from source with no problems. [David Reid] *) Fix a bug in apr_create_process() for Unix. The NULL signifying the end of the parameters to execve() was stored in the wrong location, overlaying the storage beyond the newargs[] array and also passing uninitialized storage to execve(), which would sometimes fail with EFAULT. [Jeff Trawick] *) Fix a bug parsing configuration file containers. With a sequence like this in the config file any stuff (blank line) any stuff the second container would be terminated at the blank line due to sediment in the buffer from reading the prior and an error message would be generated for the real for the second container. Also due to this problem, any two characters could be used for "] *) Fix chunking problem with CGI scripts. The general problem was that the CGI modules were adding an EOS bucket and then the core added an EOS bucket. The chunking filter finalizes the chunked response when it encounters an EOS bucket. Because two EOS buckets were sent, we finalized the response twice. The fix is to make sure we only send one EOS, by utilizing a flag in the request_rec. [Ryan Bloom] *) apr_put_os_file() now sets up the unget byte appropriately on Unix and Win32. Previously, the first read from an apr_file_t set up via apr_put_os_file() would return a '\0'. [Jeff Trawick] *) Mod_cgid now creates a single element bucket brigade, with a pipe bucket, instead of using BUFF's and ap_r*. [Ryan Bloom] *) APRVARS.in no longer overwrites the EXTRA_LIBS variable. [Mike Abbott ] *) Remove ap_bopenf from buff code. This required modifying the file_cache code to use APR file's directly instead of going through BUFFs. [Ryan Bloom] *) Fix compile break on some platforms for mod_mime_magic.c [John K. Sterling ] *) Fix merging of AddDefaultCharset directive. PR #5872 (1.3) [Jun Kuriyama ] *) Minor revamp of the rlimit sections of code. We now test explicitly for setrlimit and getrlimit. Also, unixd_set_rlimit() is now "available" even if the platform doesn't support the rlimit family (it's just a noop though). [Jim Jagielski] *) Migrate the pre-selection of which MPM to use for specific platforms to hints.m4, which contains (or should contain) all platform specific "hints". [Jim Jagielski] *) Remove IOLs from Apache. With filtering, IOLs are no longer necessary [Ryan Bloom] *) Add tables with non-string/binary values to APR. [Ken Coar] *) Fix some bad calls to ap_log_rerror() in mod_rewrite. [Jeff Trawick] *) Update PCRE to version 3.2. [Ryan Bloom] *) Change the way buckets' destroy functions are called so that they can be more directly used when changing the type of a bucket in place. [Tony Finch] *) Add generic support for reference-counting the resources used by buckets, and alter the HEAP and MMAP buckets to use it. Change the way buckets are initialised to support changing the type of buckets in place, and use it when setting aside TRANSIENT buckets. Change the implementation of TRANSIENT buckets so that it can be mostly shared with IMMORTAL buckets, which are now implemented. [Tony Finch]