| APACHE 2.2 STATUS: -*-text-*- |
| Last modified at [$Date$] |
| |
| The current version of this file can be found at: |
| |
| * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS |
| |
| Documentation status is maintained separately and can be found at: |
| |
| * docs/STATUS in this source tree, or |
| * http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/STATUS |
| |
| The current development branch of this software can be found at: |
| |
| * http://svn.apache.org/repos/asf/httpd/httpd/trunk |
| |
| Patches considered for backport are noted in their branches' STATUS: |
| |
| * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS |
| * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS |
| |
| |
| Release history: |
| [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases, |
| while x.{even}.z versions are Stable/GA releases.] |
| 2.2.20 : Tagged August 29, 2011. |
| 2.2.19 : Tagged May 20, 2011. ABI restored. |
| 2.2.18 : Released May 11, 2011. ABI broken. |
| 2.2.17 : Released October 19, 2010. |
| 2.2.16 : Released July 25, 2010. |
| 2.2.15 : Released March 6, 2010. |
| 2.2.14 : Released October 3, 2009. |
| 2.2.13 : Released August 8, 2009. |
| 2.2.12 : Released July 28, 2009. |
| 2.2.11 : Released December 14, 2008. |
| 2.2.10 : Released October 14, 2008. |
| 2.2.9 : Released June 14, 2008. |
| 2.2.8 : Released January 19, 2008. |
| 2.2.7 : Tagged January 4, 2008. Not released. |
| 2.2.6 : Released September 7, 2007. |
| 2.2.5 : Tagged August 10, 2007, not released. |
| 2.2.4 : Released on January 9, 2007 as GA. |
| 2.2.3 : Released on July 28, 2006 as GA. |
| 2.2.2 : Released on May 1, 2006 as GA. |
| 2.2.1 : Tagged on April 1, 2006, not released. |
| 2.2.0 : Released on December 1, 2005 as GA. |
| 2.1.10 : Tagged on November 19, 2005, not released. |
| 2.1.9 : Released on November 5, 2005 as beta. |
| 2.1.8 : Released on October 1, 2005 as beta. |
| 2.1.7 : Released on September 12, 2005 as beta. |
| 2.1.6 : Released on June 27, 2005 as alpha. |
| 2.1.5 : Tagged on June 17, 2005. |
| 2.1.4 : not released. |
| 2.1.3 : Released on February 22, 2005 as alpha. |
| 2.1.2 : Released on December 8, 2004 as alpha. |
| 2.1.1 : Released on November 19, 2004 as alpha. |
| 2.1.0 : not released. |
| |
| |
| Contributors looking for a mission: |
| |
| * Just do an egrep on "TODO" or "XXX" in the source. |
| |
| * Review the bug database at: http://issues.apache.org/bugzilla/ |
| |
| * Review the "PatchAvailable" bugs in the bug database: |
| |
| https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&keywords=PatchAvailable |
| |
| After testing, you can append a comment saying "Reviewed and tested". |
| |
| * Open bugs in the bug database. |
| |
| |
| CURRENT RELEASE NOTES: |
| |
| * Forward binary compatibility is expected of Apache 2.2.x releases, such |
| that no MMN major number changes will occur. Such changes can only be |
| made in the trunk. Note 2.2.18 contained an incompatible ABI change, |
| subsequently corrected, and should not be referenced. |
| |
| * All commits to branches/2.2.x must be reflected in SVN trunk, |
| as well, if they apply. Logical progression is commit to trunk, |
| get feedback and votes on list or in STATUS, then merge into |
| branches/2.2.x, as applicable. |
| |
| |
| RELEASE SHOWSTOPPERS: |
| |
| |
| |
| PATCHES ACCEPTED TO BACKPORT FROM TRUNK: |
| [ start all new proposals below, under PATCHES PROPOSED. ] |
| |
| * core: Fix CVE-2011-3192 |
| Trunk patch: All changes to modules/http/byterange_filter.c from r1161534 to |
| r1162687. |
| 2.2.x patch: http://people.apache.org/~sf/CVE-2011-3192_2.2.diff |
| +1: sf, jim (with r1162669 and r1162687 added), rpluem |
| |
| |
| PATCHES PROPOSED TO BACKPORT FROM TRUNK: |
| [ New proposals should be added at the end of the list ] |
| |
| * mod_cache: Realign the cache_quick_handler() to behave identically |
| to the default_handler() when reacting to errors when writing to the |
| filter stack. Stops APR errors appearing in access_log as result codes. |
| Trunk patches: http://svn.apache.org/viewvc?view=revision&revision=1003913 |
| 2.2.x patch: http://people.apache.org/~minfrin/httpd-mod_cache-errorfix-22.patch |
| +1: minfrin |
| trawick: any reason it shouldn't be completely aligned with default_handler's |
| choice to return OK vs. 500? |
| |
| * Adjust inflated log severity. |
| PR: 44020 |
| Trunk patch: Was never in trunk. |
| 2.2.x patch: http://people.apache.org/~sf/PR44020.diff |
| +1: sf |
| +0: covener did you see Jim's initial concern on introducing the |
| ap_construct_url() in maintenance? This dissuaded me from |
| proposing the same. |
| sf replies: I think that was mainly refering to the fact that in the |
| !ap_is_url(ret) case, the trunk version returns internal |
| server error while the 2.2 version just does nothing. |
| In that case, there is a log message with level error, but |
| that is not the one I want to change. |
| |
| * mod_filter: fix parsing of regexps containing slashes |
| PR 51434 (and 51435, which includes the fix) |
| Trunk patch: N/A |
| 2.2.x patch: https://issues.apache.org/bugzilla/attachment.cgi?id=27229 |
| +1: niq |
| |
| * mod_win32: Invert logic for env var UTF-8 fixing. |
| Now we exclude a list of vars which we know for sure they |
| dont hold UTF-8 chars; all other vars will be fixed. This |
| has the benefit that now also all vars from 3rd-party modules |
| will be fixed. This fix is based on PR 13029 / 34985, and |
| includes now the SSL_ and GEOIP_ vars; otherwise its impossible |
| to run CGIs when mod_ssl and/or mod_geoip are loaded and those |
| mods return UTF-8 chars in any var during a request. |
| Trunk patch: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_win32.c?r1=1054347&r2=1146932 |
| 2.2.x patch: http://people.apache.org/~fuankg/diffs/2.2.x-mod_win32.c.diff |
| +1: fuankg |
| |
| * mod_proxy_ajp: Respect "reuse" flag in END_RESPONSE |
| Trunk patch: http://svn.apache.org/viewvc?rev=1152379&view=rev |
| 2.2.x patch: http://people.apache.org/~rjung/patches/mod_proxy_ajp_reuse_flag.patch |
| +1: rjung |
| |
| * mod_rewrite: validate RewriteMap int:foo even if RewriteEngine is "off" to avoid crash. |
| Trunk patch: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?view=diff&r1=1154807&r2=1154808&pathrev=1154808 |
| 2.2.x patch: trunk works |
| +1 covener |
| |
| * mod_proxy_ajp: Ignore flushing if headers have not been sent. |
| Trunk patch: http://svn.apache.org/viewvc?rev=1153531&view=rev |
| 2.2.x patch: http://people.apache.org/~rpluem/patches/51608.diff |
| +1: rpluem, jim |
| |
| * mod_ssl: Add SSLProxyMachineCertificateChainFile directive |
| Adds a new function in ssl_util_ssl.c SSL_X509_INFO_create_chain that will |
| construct a chain of trusted certificates. When a remote server requests |
| a client certificate that is NOT the direct issuer of any available client |
| certificate, the chain for that certificate will be used to trace it to a |
| known CA and that client certificate will be used. |
| druggeri note: 2.2 documentation patch needed |
| Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1160863 |
| 2.2.x patch: http://people.apache.org/~druggeri/patches/httpd-2.2.19-SSLProxyMachineCertificateChainFile.patch |
| |
| * core: Add AllowOverrideList directive |
| Discussed on mailing list http://marc.info/?l=apache-httpd-dev&m=131111915903270&w=2 |
| druggeri note: 2.2 documentation patch needed from trunk patch |
| Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1151654 |
| 2.2.x patch: http://people.apache.org/~druggeri/patches/httpd-2.2.19.AllowOverrideList.patch |
| |
| PATCHES/ISSUES THAT ARE STALLED |
| |
| * core: Support wildcards in both the directory and file components of |
| the path specified by the Include directive. |
| Trunk patch: http://svn.apache.org/viewvc?rev=909878&view=rev |
| http://svn.apache.org/viewvc?rev=917735&view=rev |
| http://svn.apache.org/viewvc?rev=917759&view=rev |
| 2.2.x patch: http://people.apache.org/~minfrin/httpd-wildcard+docs2.patch |
| Submitted by: minfrin, poirier |
| +1: minfrin, jim, poirier |
| -1: wrowe [This introduces new invalid paths which do not resolve to any |
| configuration file paths, increasing the probability of unreported |
| syntax errors to further confuse the administrator.] |
| |
| * srclib/pcre and vendor/pcre |
| http://www.vuxml.org/freebsd/pkg-pcre.html |
| |
| update to pcre-7.8 |
| outcome: remove from trunk, leave alone in branches/2.2.x and branches/2.0.x |
| |
| * core, authn/z: Avoid calling access control hooks for internal requests |
| with configurations which match those of initial request. Revert to |
| original behaviour (call access control hooks for internal requests |
| with URIs different from initial request) if any access control hooks or |
| providers are not registered as permitting this optimization. |
| Introduce wrappers for access control hook and provider registration |
| which can accept additional mode and flag data. Convert common |
| provider version strings to macros. |
| The core purpose of this pile of patches is to avoid unnecessary |
| authn/z hooks when a single request spawns large numbers of internal |
| requests to which an identical set of httpd configurations apply. |
| This permits modules such as mod_authn_dbd and mod_dav to work together |
| acceptably. |
| Because certain external modules such as mod_authz_svn rely on the old |
| behaviour, this optimization can be made only when all authn/z hooks and |
| providers are registered with the appropriate flag. |
| It would be excellent if Windows and NetWare people could ensure this |
| builds correctly. |
| In particular, mod_auth.h must be included into request.c and I've left |
| mod_auth.h under modules/aaa rather than try to replicate wrowe's work |
| in trunk moving all the include files around. |
| I'm open to suggestions that this remain in trunk only, but in that case, |
| it would be very helpful to know whether most people expect a 2.4 branch |
| or just a 3.0 branch to be next. If 3.0, some of the backwards |
| compatibility work could potentially be ditched. |
| Trunk version of patches: |
| http://svn.apache.org/viewvc?view=rev&revision=644525 |
| http://svn.apache.org/viewvc?view=rev&revision=644562 (trunk MMN bump) |
| http://svn.apache.org/viewvc?view=rev&revision=645395 |
| http://svn.apache.org/viewvc?view=rev&revision=645472 |
| http://svn.apache.org/viewvc?view=rev&revision=645540 |
| http://svn.apache.org/viewvc?view=rev&revision=646445 (reverted by r659160) |
| http://svn.apache.org/viewvc?view=rev&revision=658046 |
| http://svn.apache.org/viewvc?view=rev&revision=659160 |
| Backport version for 2.2.x of patch: |
| http://people.apache.org/~chrisd/patches/walk_cache/walk_cache-2.2.x.patch |
| +1: chrisd |
| -0: jim (would prefer to see in 2.4, and to push 2.4 out) |
| |
| * beos MPM: Create pmain pool and run modules' child_init hooks when |
| entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run(). |
| Otherwise modules' child_init hooks appear to never be executed. |
| Also, destroying pmain ensures that cleanups registered in modules' |
| child_init hooks are performed (e.g., mod_log_config and mod_dbd). |
| Trunk version of patch: |
| http://svn.apache.org/viewvc?view=rev&revision=491922 |
| 2.2.x version of patch: |
| http://people.apache.org/~chrisd/patches/mod_dbd_pools_groups/mpm_child_init-beos-2.2.x.patch |
| +0: chrisd (abstaining; unable to test) |
| |
| * PKCS#7: backport PCKS#7 patches from trunk. |
| +1 ben |
| jerenkrantz: What's the revision number to backport? |
| wrowe asks: ditto jerenkrantz |
| sctemme: svn blame suggests r424707 |
| rpluem: Digging through the history suggests that |
| r424735 |
| r424821 |
| r424823 |
| need to be added to this. See also |
| http://mail-archives.apache.org/mod_mbox/httpd-dev/200607.mbox/%3c20060723093125.GA19423@redhat.com%3e |
| and follow ups for more details. |
| needs r930063 to avoid a memory leak, +1 with r930063. |
| |
| * prefork MPM: simple patch to enable mod_privileges. |
| trunk: N/A (this patch substitutes for the availability of |
| drop_privileges hook). |
| 2.2.x patch: |
| http://people.apache.org/~niq/patches/2.2mod_privileges-core-patch |
| +1: niq, igalic |
| |
| * unixd: set suexec_enabled correctly when httpd is run by non-root |
| PR 42175 |
| Trunk Patch: http://cvs.apache.org/viewvc?view=rev&revision=791337 |
| 2.2.x Patch: https://issues.apache.org/bugzilla/attachment.cgi?id=20004 |
| +1: niq |
| -0: wrowe; Please refer to man 'access' BUGS section about linux 2.4 |
| vs 2.6 kernels, potentially a suspect test for root. |
| sf: Couldn't the linux 2.4 bug be worked around by calling access |
| twice? Once with R_OK and once with X_OK. |
| wrowe: It would seem we only need to test for X_OK? |
| |
| * mod_disk_cache: Decline the opportunity to cache if the response is |
| a 206 Partial Content. This stops a reverse proxied partial response |
| from becoming cached, and then being served in subsequent responses. |
| Trunk patch: http://svn.apache.org/viewvc?rev=951222&view=rev |
| 2.2.x patch: http://people.apache.org/~minfrin/httpd-cache-partial-2.2.patch |
| +1: minfrin |
| niq asks: I can see the logic of not cacheing partial responses, |
| but why should mod_disk_cache worry about them if mod_cache allows |
| them, as in the following proposal? |
| rpluem says: As poirier correctly mentions, the same must be done for mod_mem_cache |
| as well. |
| |
| *) mod_cache: Explicitly allow cache implementations to cache a 206 Partial |
| Response if they so choose to do so. Previously an attempt to cache a 206 |
| was arbitrarily allowed if the response contained an Expires or |
| Cache-Control header, and arbitrarily denied if both headers were missing. |
| Trunk patch: http://svn.apache.org/viewvc?rev=952823&view=rev |
| 2.2.x Patch: http://people.apache.org/~minfrin/httpd-cache-partial2-2.2.patch |
| +1: minfrin |
| -1: rpluem: Until the patch proposal above for mod_disk_cache is backported |
| and a similar patch for mod_mem_cache is proposed (no backport |
| possible since mod_mem_cache is no longer in trunk) and |
| committed. |
| |
| * config: fix/optimize SSL connections for IE6 browsers |
| PR 49484 |
| Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=966055 |
| 2.2 patch: should apply cleanly |
| +1: gstein |
| -0: sf: If we change it, then change it to something that will be OK for |
| MSIE 10, too. Also, some people recommend keeping ssl-unclean-shutdown |
| for newer versions of MSIE. |
| See http://marc.info/?l=apache-httpd-dev&m=127970632901262&w=2 and |
| the links therein. |
| |
| * mod_proxy: Release the backend connection as soon as EOS is detected, |
| so the backend isn't forced to wait for the client to eventually |
| acknowledge the data. |
| Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1026665 |
| http://svn.apache.org/viewvc?view=revision&revision=1030850 |
| http://svn.apache.org/viewvc?view=revision&revision=1030855 |
| http://svn.apache.org/viewvc?view=revision&revision=1035605 |
| 2.2.x patch: http://people.apache.org/~minfrin/httpd-mod_proxy-closeearly22-4.patch |
| +1: minfrin |
| +1: jim (requires mmn bump due to proxy_conn_rec) |
| rpluem says: r1052224 r1052314 need to be added as well as the patch above |
| has a thread safety issue. |
| minfrin: r1055246 needs to be added to r1052314 to ensure the cleanup |
| isn't attempted twice. |
| rpluem says: Mind to update the 2.2.x version of the patch with r1052224, |
| r1052314, r1055246 and r1055570 (Comment fix by Jim)? |