1.3.14.1, adding a superminor version number to indicate possible EAPI
update.
*) Fixed the parsing of SSLSessionCache directives. The prefixes were
incorrectly skipped and leaded to "unable to open semaphore file"
errors.
The security fixes are:
* A problem with the Rewrite module, mod_rewrite, allowed access to
any file on the web server under certain circumstances
* The handling of Host: headers in mass virtual hosting
configurations, mod_vhost_alias, could allow access to any file on
the server
* If a cgi-bin directory is under the document root, the source to
the scripts inside it could be sent if using mass virtual hosting
The main new features include:
* Support for a directory-based configuration system. If any of the
configuration directives point to directories instead of files,
all files in that directory (and in subdirectories) will be also
parsed as configuration files
* Support name-based virtual hosting without needing to specify an
IP address in the Apache configuration file. This enables sites
that use dynamic IP addresses to support name-based virtual
hosting as well as allowing identical machines to share a
configuration file, say in a load-balanced cluster
* The SetEnvIf and BrowserMatch range of directives are now able to
be used in .htaccess files.
* Administrators who are nervous about their full server version
details being public can use the new keyword 'ProductOnly' in the
ServerTokens directive. This keyword forces the server to only
return the string "Apache" as the server version.
* The new digest authentication module, mod_auth_digest has had a
number of fixes and upgrades applied
EAPI didn't change so no need to change Apache's version number.
Also standardize package builds to have Apache listen on ports 80/443
regardless of UID of user that builds the package, and make MAINTAINER
point to me.
bump; EAPI is unchanged)
- Remove restriction of mod_include to disallow "../" or "/" prefixed
file names in <!--#include file=""--> if Includes (but not
IncludesNOEXEC) is set; proposed in Apache PR mod_include/3500
- Add signature for hook function used to do mod_include callbacks
(perl-embedded SSI was not working with new 4 argument call)
ap_include_extern_func's (needed for a couple upcoming XSSI-extending
modules). Also fix apxs to use `install' and fix the cgi-bin
`preservation' while we're here.
- Now uses APACI, Apache's GNU-autoconf-style (but not GNU autoconf)
configuration system to configure, build, and install
- Enables build and install of all `support' tools
- Enables use of shared modules, and compiles mod_include dynamically
- Installs the Apache user manual by default.
