"Fossies" - the Fresh Open Source Software Archive 
As a special service "Fossies" has tried to format the requested text file into HTML format (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
See also the latest
Fossies "Diffs" side-by-side code changes report for "CHANGES":
2.4.7-03_vs_2.4.7-04.
1 mpm-itk 2.4.7-04, released 2016-02-14:
2
3 - Fix a compilation error on RHEL6; patch from Hans Kristian Rosbach.
4 - Add a new flag EnableCapabilities (default on), which can be disabled
5 to revert to the behavior in place before 2.4.2-02, which causes problems
6 when the filesystem in use does not respect capabilities (in particular
7 NFS).
8 - Update copyright to 2016.
9
10
11 mpm-itk 2.4.7-03, released 2015-09-09:
12
13 - Fix an issue where connections would be attempted closed in the parent
14 instead of in the child. This would result in "Connection: close" not being
15 honored, and various odd effects with SSL keepalive in certain browsers.
16 - Correct a log message on AssignGroupIDExpr failure; patch from Roland Mas.
17 - Update copyright to 2015.
18
19
20 mpm-itk 2.4.7-02, released 2014-03-01:
21
22 - In the seccomp.c filter, allow -1 as value in certain system calls,
23 as it means not to change the given value. Heavily based on patch
24 from Jason Rhineland.
25 - Update copyright to 2014.
26 - Fix the minimum required version number in the README.
27
28
29 mpm-itk 2.4.7-01, released 2013-11-26:
30
31 - Note: This is almost identical to the previously released 2.4.6-01,
32 which was later retracted since Apache 2.4.6 did not contain the
33 required hook in question.
34 - Changed the htaccess hook to the form that was eventually included
35 in the Apache 2.4.7 release. This makes 2.4.7-01 the first version of
36 mpm-itk that can compile against an entirely unpatched Apache from
37 upstream, as Apache 2.4.7 includes all required patches for mpm-itk.
38 - Deleted the now obsolete patches/ directory.
39 - Updated copyright to 2013.
40
41
42 mpm-itk 2.4.4-04, released 2013-02-28:
43
44 - Make seccomp.c compile on 64-bit x86. Based on a bug report
45 and patch from Hans Kristian Rosbach.
46 - Fix a few compiler warnings, including a bug that could cause
47 confusing behavior if fork() failed. Now failing fork() should
48 reliably result in 500 Internal Server Error being sent.
49
50
51 mpm-itk 2.4.4-03, released 2012-12-31:
52
53 - Call ap_close_listeners() right after forking. This makes sure
54 a runaway/rogue process cannot keep the server from restarting,
55 or worse, call accept() on the listening socket.
56
57
58 mpm-itk 2.4.4-02, released 2012-11-12:
59
60 - Change from being an MPM to being a regular module, like
61 mod_privileges is. This means we no longer need to duplicate
62 large parts of prefork's functionality; instead, the user needs
63 to run regular prefork and then load mpm-itk as a regular
64 module. Note that the name is unchanged, to prevent (or maybe cause)
65 further confusion.
66 - Add a configure script (via autoconf), so that HAVE_LIBCAP is set
67 if the system supports Linux capabilities. (2.2.4-01 always ran
68 with libcap disabled.)
69 - Remove a duplicate definition of the MaxClientsVhost directive
70 (harmless, but stylistically bad).
71 - Make the .htaccess check more efficient, by using access()
72 instead of actually opening the file.
73 - Actually use the post_perdir_config hook Apache has for us;
74 seemingly it has been unused for a very long time (we hooked into
75 header_parser instead, which is ever so slightly later, and does not
76 run for subrequests).
77 - Drop our extra privileges properly even if we have a vhost
78 with default uid/gid; keeping them was probably not what the
79 administrator intended.
80 - Rewrite the MaxClientsVHost handling so that it properly takes
81 into account the port the vhost is running on (unless the vhost
82 name is very long). This matches Apache's existing scoreboard format,
83 so we don't need to write into it ourselves anymore.
84
85
86 mpm-itk 2.4.4-01, released 2012-11-11:
87
88 - Build completely out-of-tree; thanks to Jeff Trawick for spearheading
89 this on the Apache side. Note that this requires patches that
90 are not in any Apache 2.4 release right now, so you will either need to
91 apply the patches from the patches/ directory (that have been backported
92 to 2.4.3, from Subversion) or build against httpd trunk. (It is hoped, but
93 not guaranteed, that they will be part of the Apache 2.4.4 release.)
94 Also, note that the performance will be ever so slightly lower than the
95 in-tree versions, due to double statting of .htaccess files. I hope to
96 fix this eventually.
97
98 I've chosen to keep the version numbers consistent with the previous
99 release, indicating that this release will probably go along with
100 Apache 2.4.4, but assuming out-of-tree-builds will be the way forward
101 in the 2.4 and newer series, Apache and mpm-itk version numbers will
102 probably diverge in the future.
103 - Add a version component ("mpm-itk/2.4.4-01") when the module is loaded,
104 so maybe over time we can get a better idea of how widespread mpm-itk
105 really is, and in what versions.
106
107 apache2.4-mpm-itk 2.4.2-02, released 2012-08-05:
108
109 - Take advantage of two new patches from upstream to simplify our code:
110 First of all, our hook patch is now in Apache proper. Also, a new
111 ap_stat() hook allows us to do the close-connection-on-EACCES
112 handling with less patching into Apache itself (and in a future version,
113 we hope to be able to build entirely out-of-tree). Note that since none
114 of these patches are currently in a 2.4 release, we add them to the
115 beginning of the patch series for now, with a “00_upstream” prefix.
116 - If libcap is available, run as a normal user (the one specified in
117 httpd.conf) with extra capabilities, instead of restricted root.
118 Note that this does not really help a lot unless seccomp v2 is
119 available (see next point), as the process can still call setuid(0)
120 and then read or write files owned by root.
121 - If seccomp v2 is available (Linux 3.5.0 or newer), restrict
122 setuid() and setgid() calls (as well as seteuid() etc.), limiting
123 their range. By default, only 0 is excluded, but the administrator
124 can set a custom range with the LimitUIDRange and/or LimitGIDRange
125 directives (e.g. "LimitUIDRange 1000 2000" to allow only uids
126 from 1000 to 2000, inclusive). Note due to technical reasons,
127 setgroups() is _not_ restricted, so a rogue or runaway process
128 can still get add any group, including the root group, as supplementary.
129
130
131 apache2.4-mpm-itk 2.4.2-01, released 2012-07-20:
132
133 - The patch is now against Apache 2.4.2 instead of Apache 2.4.1.
134 Note that even though the patch set will probably _apply_
135 to 2.4.1, it will not _work_ properly, due to a missing bugfix
136 that is no longer in the patch set.
137 - Support dynamic uid and gid selection through Apache 2.4's new
138 generic expression syntax. For instance, you can now use mod_rewrite
139 to do something like this:
140
141 RewriteEngine on
142 RewriteRule /~([a-z]+)/ - [E=ITKUID:$1]
143 AssignUserIDExpr %{reqenv:ITKUID}
144
145 which will cause e.g. /~sesse/foo to be run as the user “sesse”.
146 Obviously, you will need to exercise caution here to avoid opening
147 up new security holes.
148 - Fix another case where we should drop the connection instead
149 of returning 403; this time related to FollowSymLinks and directory
150 traversal. Bug report and patch by Anton Statutov.
151 - We now do clean_child_exit() instead of exit() after the request;
152 this runs pool cleanup hooks, fixing an issue with mod_qos
153 (reported by Daniele Orlandi). Note that this does not work
154 properly in the case where we hard-close connections due to uid
155 switch, so the fix is incomplete.
156 - Fixed a typo in a comment in itk.c, and removed some stray
157 trailing whitespace.
158 - Added CHANGES file for the 2.4 series.
159
160
161 apache2.2-mpm-itk 2.4.1-pre01, released 2012-04-01:
162
163 - Backport the bug fix for bug 52904 from upstream, instead of
164 reverting the entire commit that caused it.
165 - Fix so AssignUserID can not be given in .htaccess files.
166
167
168 apache2.2-mpm-itk 2.4.1-pre00, released 2012-03-14:
169
170 - First port of mpm-itk to Apache 2.4.