Subject: CVS commit: pkgsrc/www/ap-jk
To: None <pkgsrc-changes@NetBSD.org>
From: OBATA Akio <obache@netbsd.org>
List: pkgsrc-changes
Date: 04/25/2007 06:24:02
Module Name: pkgsrc
Committed By: obache
Date: Wed Apr 25 06:24:02 UTC 2007
Modified Files:
pkgsrc/www/ap-jk: Makefile.common distinfo
pkgsrc/www/ap-jk/patches: patch-aa
Log Message:
Update ap-jk to 1.2.22.
Changes between 1.2.21 and 1.2.22
Native
Refactor line endings logging to make it correct for all platforms and webservers. (mturk)
Added command line windows make files. (mturk)
Allow fail_on_status directive to be multi line. (mturk)
42076: Fix name of new option from ForwardCertChain to ForwardSSLCertChain as documented. (rjung)
Docs: Fix a couple of typos, change format of a few tables, fix links to news pages. (rjung)
Fix correct URL for TC 6 examples in new IIS rewrite.properties configuration example file. (rjung)
Add svn properties to several files. (rjung)
Add TC 6 examples to uriworkermap.properties in config examples. (rjung)
Allow multiple status codes for fail_on_status directive. The status codes can be delimited by space or comma characters. (mturk)
IIS. Added pcre like regular expressions for url rewrite rules. (mturk)
41922: Apache 1.3. Enable JkEnvVar. (mturk)
Apache. Add --enable-flock configure parameter for explicit compilation of faster flock() system calls for OS supporting those calls. By default the fcntl system call for locking will be used that is a little bit slower but it can work on NFS mounted volumes as well. (mturk)
41562: Add Debug logging for read from client in ISAPI Redirector. Contributed by Tim Whittington. (mturk)
Apache. Add ForwardSSLCertChain JkOption. Contributed by Patrik Schnellmann. (mturk)
IIS. Do not forbid access to web-inf or meta-inf if there is no mapped worker. This allows to have resource with those names that are outside mapped contexts. (mturk)
Apache. Use process id for creating shared memory name and delete shared memory and shared memory lock files on exit. (mturk)
IIS. Fix Keep-Alive regression introduced in 1.2.21. (mturk)
Delete unused check for empty init_map during startup. (rjung)
41770: Fix startup error if no JkWorkersFile is used. (rjung)
Use JK_TRUE/JK_FALSE instead of OK/!OK as return values in init_jk(). (rjung)
Minor adjustments to apache startup log messages (when to use STDERR, remove deprecated NOERRNO flag, shm warning and warnings for usage of default files). (rjung)
Replace APR precompiler directive by httpd mpm_query to detect MPM threading. Add a debug log message about auto-detected pool size. (rjung)
Make MMN check easier to understand and a little more precise (for new ap_get_server_banner()/ap_get_server_description()). We use the new API only for Apache httpd 2.3. This way our binaries are not tightly coupled to a minor 2.0 version, and we don't use ap_get_server_banner() any way. (rjung)
Use the full description string ap_get_server_description() instead of the truncated info from ap_get_server_banner(), because this info gets used internally (status worker display and ajp14 backend communication) and is not send back to the normal user. (rjung)
41757: Document the "--enable-prefork" flag of configure. (rjung)
Enhance log messages for failures when parsing attribute maps. (rjung)
Correct log message during worker initialization, in case remote host could not be resolved. We logged the default host name "localhost" instead of the configured one. (rjung)
41770: Fix the second part of the bug: local_worker and local_worker_only is missing from the list of deprecated attributes (and not supported either), so prevents the web server from startup. (rjung)
Changes between 1.2.20 and 1.2.21
Native
CVE-2007-0774 : A denial of service and critical remote code execution vulnerability. Caused by buffer overflow in map_uri_to_worker() when URL were longer that 4095 bytes. Reported by ZDI (www.zerodayintiative.com). Please note this issue only affected versions 1.2.19 and 1.2.20 of the Apache Tomcat JK Web Server Connector and not previous versions. Tomcat 5.5.20 and Tomcat 4.1.34 included a vulnerable version in their source packages. Other versions of Tomcat were not affected.
Check the worker. parameters and don't start if the parameter is not a valid one. (jfclere)
41439: Allow session IDs to get stripped off URLs of static content in Apache by adding JkStripSession directive (configurable per vhost). (mturk)
Change semantics of empty defaults for JkEnvVar variables. Until 1.2.19: not allowed. In 1.2.20: send variables as empty strings, if neither set to non empty in config, nor during runtime. Starting with 1.2.21: If config has no second argument only send variable if set (even when set to empty string) during runtime. Allows good combination with condition attribute in tomcat access log. (rjung)
41610: Fix incorrect detection of missing Content-Length header leading to duplicate headers. Contributed by Boris Maras. (rjung)
Better build support for SunONE (Netscape/iPlanet) webservers. (jim)
Add warning if duplicate map keys are read and are not allowed, e.g. when parsing uriworkermap.properties. (rjung)
Don't concat worker names, if uriworkermap.properties has a duplicate pattern, instead overwrite the worker. (rjung)
Log deprecation message even in duplication case. (rjung)
uriworkermap.properties: Fix off-by-one problem when deleting URL mapping during reloading of uriworkermap.properties. (rjung)
41439: Allow session IDs to get stripped off URLs of static content in IIS (configurable). (rjung)
41333: Refactoring isapi_plugin configuration reading. (rjung)
41332: Add some more errno logging and unify the format. (rjung)
JkStatus: Improved logging by adding status worker name to messages. Added messages to the recover worker action. (rjung)
JkStatus: Refactoring searching for workers and sub workers. (rjung)
41318: Add configuration to make status worker user name checks case insensitive. (rjung)
JkStatus: Add estimated time until next global maintenance to other mime types and adopt jkstatus ant task. (rjung)
JkStatus: Show estimated time until next global maintenance. Change displayed time until next recovery to a min/max pair. (rjung)
JkStatus: Allow a user of a read/write status worker to switch it to and from read_only mode temporarily. (rjung)
JkStatus: Do not show read/write commands in a read_only status worker. (rjung)
JkStatus: Allow lb sub workers in error state to be marked for recovery administratively from the status worker. (rjung)
Load Balancer: Do not try to recover multiple times in parallel. Use additional runtime states "PROBE" and "FORCED". (rjung)
JkStatus: Improve data synchronization between different processes. (rjung)
41381: Fix segfault in feature fail_on_status (wrong order of log arguments). Patch by Juri Haberland. (rjung)
Use correct windows line endings for log file on WIN32 platform. (rjung)
Changes between 1.2.19 and 1.2.20
Native
JkStatus Ant Task documentation page. (pero/rjung)
JkStatus Ant Tasks: Add new tasks for update and reset. (pero)
JkStatus Ant Tasks: Update for new xml status format. (pero)
Allow integer and string values when setting enumeration/boolean attributes via status worker update action. (rjung)
Docs: New reference guide page for status worker. (rjung)
Docs: Renaming the config dir to reference and using the title Reference Guide in the docs. (rjung)
Added retry_on_status for workers directive. (mturk)
Status Worker: Add directive to make property prefix and good/bad rule configurable. (rjung)
Status Worker: Omit lb members when att=nosw. (rjung)
Status Worker: New command cmd=version for a short version output. (rjung)
Status Worker: New output stype mime=prop produces property lists. (rjung)
Apache: Fix incorrect handling of JkEnvVar when Vars are set multiple times. (rjung)
Renamed jvm_route to route. Deprecated jvm_route, but still use it as fallback when parsing the worker configuration. (rjung)
IIS: Make uriworkermap file reload check interval configurable. (mturk)
Apache: Make uriworkermap file reload check interval configurable. (rjung)
Status Worker: Add directives for customizing the XML output (ns, xmlns, doctype). (mturk)
Docs: New page with description of uriworkermap. (rjung)
Docs: Added short description of max_packet_size to worker reference. (rjung)
Status Worker: All functions accessible also for xml and txt mime types (list, show, update, reset). (rjung)
Status Worker: New global health indicators for load balancers named bad (error, recovering or stopped), degraded (busy or disabled) and good (the rest, active and OK or N/A). (rjung)
Status Worker: New edit page, to change one attribute for all members of a load balancer. (rjung)
Status Worker: Standard logging for status worker. (rjung)
Status Worker: code refactoring. (rjung)
Status Worker: New attribute user (list) denies access, if the request user in the sense of remote_user is not in this list. Empty list = no deny (rjung)
Status Worker: New attribute read_only disables the parts of the status worker, that change states and configurations. (rjung)
36121: Don't change main uri when mod_jk serves included uri. (markt)
Apache VHosts: Merge JkOptions +base - -base + +vhost - -vhost. (rjung)
Apache Docs: Adding requirements, context information, default values and inheritance rules to the Apache config documentation. (rjung)
Status Worker: Add source type to status worker, remove the redundant "context" column in the map listing (context=uri). (rjung)
uriworkermap: On reload of the file, all old entries from the previous file version get deleted, before the new ones are being read. (rjung)
Keep normal maps and exclusion maps internally separate. Don't treat them as the same when adding a rule. (rjung)
Status Worker: Display mapping rules also for non-lb workers and in global view. (rjung)
Apache VHosts: Use the vhost log files instead of the main log. (rjung)
Apache VHosts: Allow individual timestamp formats by refactoring the formatting method. (rjung)
Apache VHosts: Adding all missing config items to the virtual host level. Don't overwrite the settings from the global server, but inherit them in case they are not set in the virtual host. (rjung)
Apache: remove unnecessary function names from log messages. (rjung)
Apache: add a default log file location and a message, if the default gets used. (rjung)
Apache: add missing JK_IS_DEBUG_LEVEL() (rjung)
Apache VHosts: Allow JkWorkersFile, JKWorkerProperty, JkShmFile and JkShmFileSize only in global virtual server. (rjung)
Add some more jk_close_socket() and reduce log level for some info messages. (rjung)
Load Balancer: Added the Sessions strategy. Contributed by Takayuki Kaneko. (rjung)
Docs: Minor enhancements and syncing with more recent versions. (rjung)
40997: Separate uri mappings from their '!' counterpart when checking for duplicates in uriworkermap reloading. (rjung)
40877: Make sure the shared memory is reset on attach for multiple web server child processes. (mturk)
IIS: Added shm_size property to be able to deal with over 64 workers configurations. (mturk)
IIS: Increase default thread count to 250, so its the same as Apache Httpd default configuration. (mturk)
40966: Fix socket descriptor checks on windows. (mturk)
40965: Initialize missing service parameters. (mturk)
40938: Fix releasing of rewrite map. Thanks to Chris Adams for spotting that. (mturk)
Apache: Added +FlushHeader JkOptions. (mturk)
Added explicit flush when AJP body packet size is zero. (mturk)
40856: Fixing case sensitivity bug in URL mapping. (rjung)
40793: Documentation: Improvements to Apache HowTo provided by Paul Charles Leddy. (markt)
40774: Fixing wrong recursion termination. This one restricted the "reference" feature unintentionally to 20 workers. (rjung)
40716: Adding "reference" feature to IIS and Netscape. (rjung)
Documentation: Corrected SetEnvIf syntax in JK_WORKER_NAME example. (rjung)
Documentation: Added forgotten STATE and ACTIVATION notes for load balancer logging in Apache. (rjung)
Apache: Use instdso.sh instead libtool: libtool does not work on HP-UX for example. (jfclere)
To generate a diff of this commit:
cvs rdiff -r1.4 -r1.5 pkgsrc/www/ap-jk/Makefile.common
cvs rdiff -r1.7 -r1.8 pkgsrc/www/ap-jk/distinfo
cvs rdiff -r1.4 -r1.5 pkgsrc/www/ap-jk/patches/patch-aa
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.