----- Forwarded message from Apache Week <[EMAIL PROTECTED]> ----- From: Apache Week <[EMAIL PROTECTED]> Subject: Apache Week issue 145 (15 January 1999) To: [EMAIL PROTECTED] Date: Tue, 12 Jan 1999 16:31:18 +0000 This is the latest edition of Apache Week. To read this issue or any past issues, see http://www.apacheweek.com/ ---------------------------------------------------------------------- [1]Advert: Is your data secure? See http://www.int.c2.net/ _[2]Apache Week Home | [3]Features | [4]Apache 1.3.3 | [5]Other Issues _ APACHE WEEK The essential weekly guide for users of the world's most popular Web server. Issue 145: 15 January 1999 _Contents:_ What's new in 1.3.4 Incompatibilities between 1.3.3 and 1.3.4 Bugs fixed in Apache 1.3.4 Apache Status This week's edition of Apache Week has been published early to coincide with the release of Apache 1.3.4. The next regular Apache Week will be on 22 January. This edition contains some very important information about incompatibilities between Apache 1.3.3 and 1.3.4 which should be read before upgrading. What's new in 1.3.4 Apache 1.3.4 was released on 11th January 1999. It is available in source form for compiling on Unix (or Windows) and as a pre-compiled installable binary on Windows. Download it from a [6]local download site. This is a bug fix and minor upgrade release. There are several new features and a couple of important changes. The bugs fixed are listed at the end of this document. Because of these fixes, all users of 1.3.3 and earlier should upgrade to 1.3.4. Users on Windows systems should definitely update because of some important security fixes in 1.3.4. _Important_: before compiling or using Apache 1.3.4 you should read the section below on upgrading, since there are some important incompatible changes between 1.3.3 and 1.3.4. New features There are several new features in 1.3.4: * A default language for documents can be set with the DefaultLanguage directive. * Mappings from file extension to handler can be removed with RemoveHandler * The negotiation module has been extensively updated to support the latest version of the HTTP/1.1 specification, to fix various bugs and inefficiencies, and to add some support for the transparent content negotiation RFCs. * All the new HTTP/1.1 methods required for WEBDAV (distributed authoring) have been added, so that they can be used by third-party modules to implement the DAV specifications. * A default order for fancy directory indexes can be set with IndexDefaultOrder. * New options have been added to ./configure: --target sets the executable name, --permute-module sets relative module order, --with-layout sets the directory layout and --shadow has been extended to specify the shadow directory name. Changes for Windows There have been a number of important security fixes to Apache on Windows. The most important is that there is much better protection against people trying to access special DOS device names (such as "nul"). In addition, there is better processing of UNC paths, and Makefiles are now provided to allow Apache to be compiled on Windows 95. Default configuration files Apache 1.3.3 and earlier came with three configuration files in the conf directory: httpd.conf, access.conf and srm.conf. This was for purely historic reasons: any directive can appear in any file, and the configuration files can have any filename (although the configuration file defaults to conf/httpd.conf unless overridden with the -f command line option). Many people configure Apache using a single file, normally httpd.conf. This can be created by appending the contents of access.conf and srm.conf to httpd.conf, then removing access.conf and srm.conf. Apache 1.3.4 comes with this already done (although the access.conf and srm.conf files will exist containing a comment about why they are now empty). Incompatibilities between 1.3.3 and 1.3.4 Because of the various changes between 1.3.3 and 1.3.4, when upgrading you should beware of the following things: * If you use ./configure to configure and compile Apache, be careful to ensure that you get the directory layout you want. If you previously used --compat, you can omit it. If you previously did not use --compat you must give --with-layout=GNU * If you have can scripts which run Apache and use any of the arguments -?, -h, -l or -L, then they must be updated to use the new arguments (-h, -l, -L and -R, respectively) * If you use the -S command line option to show the virtual host configuration and start the server running, you will have to do this is in two steps since -S will now exit without starting the server * If you use UseCanonicalName inside .htaccess files, you must ensure that the Options override is in force rather than the AuthConfig override. * If you used multiviews for content negotiation and relied on the fact that Apache read the variants from the disk in the directory order (rather than, say, alphabetically) you should check that the negotiation still works as expected (Apache now sorts the variants into order before using them, so that negotiation is not dependent on the usually arbitrary directory order of the files). This should not normally be a problem. The first three items are described in more detail below. Directory layout changes in ./configure If you configure Apache with ./configure you will have to change the options you use to set the directory layout. If you do not currently use an option to set the directory layout you will have to use an option in 1.3.4 because the default layout has changed. There are two layouts for directories: the first is the "Apache" layout. This was used in all versions of Apache before 1.3, and in Apache 1.3 it is still used if you use src/Configure to configure and build Apache. The second layout was introduced by ./configure, and is called the "GNU" layout because it is similar to the standard layout used by GNU tools. This created two layouts within Apache 1.3.*: the Apache layout if src/Configure was used, and the GNU layout if ./configure was used (although ./configure could also be told to use the Apache layout with the --compat option). Unfortunately this created a lot of confusion, and in particular many people thought that the GNU layout was the preferred directory layout for 1.3, because it was the default in ./configure. It is not: the preferred layout is the "Apache" layout, consistent with src/Configure and Apache 1.2. In Apache 1.3.4, the Apache layout becomes the default layout for ./configure. If you have been using the --compat option, then you do not need it anymore. However if you did not use the --compat option (that is, you used the GNU directory layout) then you _must_ now use --with-layout=GNU. This table summarises the meaning of the directory layout arguments in each version: Layout option Meaning in 1.3.3 Meaning in 1.3.4 None GNU layout Apache layout --compat Apache layout Apache layout (but not needed since this is the default) --with-layout=GNU Not valid GNU layout --with-layout=Apache Not valid Apache layout (but not needed since this is the default) Command line argument changes Various command line arguments have changed in meaning. This affects the -h, -l and -L options. This table shows the meanings of these arguments in both versions of Apache. Option Meaning in 1.3.3 Meaning in 1.3.4 -? List command line options List command line options (but use -h instead) -h List modules List command line options -l List all directives List modules -L Specify location of the core loadable module if built with SHARED_CORE List all directives -R Not used Specify location of the core loadable module if built with SHARED_CORE So if you were using -?, change to using -h. Similarly, change from -h to -l, from -l to -L and from -L to -R. Also, the -S option now exits after showing the virtual host configuration, rather than continuing and starting the server. Bugs fixed in Apache 1.3.4 These are the main bugs in 1.3.3 that have been fixed in 1.3.4: _Windows-specific Bugs_ * On Unix, the file /dev/null can use used to signify a non-existing file, as in ResourceConfig /dev/null. On Windows, the file nul serves a similar purpose and can be referenced in _any_ directory. However Apache would treat it like a real file, and since it does not actually exist, would log an error. In the next version it will be possible to use directives like ResourceConfig nul. [7]PR#2708. * If a script cannot be run because the interpreter specified on the initial #! line did not start correctly, log the interpreter filename and the reason it did not work. * Doing a nmake clean did not clean the files created for mod_rewrite. [8]PR#3100. * More problems with the way that paths starting with drive letters and UNC designations where handled. [9]PR#2555, [10]PR#2915, [11]PR#3064, [12]PR#3232. _Other Bugs_ * In some circumstances, mod_autoindex's index output could be misaligned. * The proxy module could cause a segmentation fault if there is a problem sending a response which is non-cachable. A [13]patch is available. [14]PR#2950. * If an ErrorDocument is set in a .htaccess file for 500 errors, and a 500 error occurs because of the contents of a .htaccess file in a subdirectory, the ErrorDocument will be ignored. [15]PR#2409. * Apache would not notice the syntax error if the closing > character was missing from a opening <Directory ... > section. [16]PR#3279. * Certain error conditions (such as when a handler name was defined but no handler was available with that name) would result in the wrong error status. * Using content negotiation (mod_negotiation), Apache will return the unencoded version of a resource even if an encoded version exists and the client can accept the encoded version (encodings are things like compression with gzip or compress). [17]PR#3447. * If mod_negotiation is negotiating between a set of variants, some of which have a particular attribute (such as an "encoding") of the same type and others of which have no value for that attribute, Apache does not create a proper Vary header in the response. Note that Apache does create a proper Vary header when the variants have different values for the attribute. * ./configure could get confused when trying to configure a modules whose name is part of another module's name (for example, modules named fastcgi and cgi). [18]PR#3380. * mod_perl was not properly disabling <!--#perl sub=... --> when IncludesNoExec option was set. [19]PR#3502. * Some dynamically loaded modules were not initialised properly. This caused problems with mod_perl where the perl-script handler was not found. * As reported previously, a bug in the AIX C compiler makes Apache given a "Expected </Files> but saw </Files>" error (or the same error for the other container directives). Patches are now available from IBM to fix the compiler, from [20]http://service.software.ibm.com/support/rs6000. [21]PR#2312. * The Apache -S option shows the virtual host configuration, but unlike the -t option it then continued and ran Apache. This has now been changed to exit after displaying the configuration. * In a log format, the %v and %p log options log the information from the request, rather than the official ServerName and Port. * The proxy module was not allowing the (valid) syntax http://_host_:/_path_. [22]PR#3530. * The directives UseCanonicalName and ContentDigest are now allowed in .htaccess files if the Options option is in effect, rather than the AuthConfig option. * In a directory index, the SuppressColumnSorting option could be overridden by specifying the sort option on the URL query string. Apache Status _Apache Site_: [23]www.apache.org _Release:_ 1.3.4 (Released 11th January 1999) ([24]local download sites) _Beta:_ None Apache 1.3.4 is the current stable release. Users of Apache 1.3.3 and earlier should look at upgrading to this version. Read [25]Guide to 1.3.4 for information about changes between 1.3.3 and 1.3.4 and between 1.2 and 1.3.4. _________________________________________________________________ Comments or criticisms? Please email us at [26][EMAIL PROTECTED] [27]Apache Week is copyright 1996-1999 by [28]C2Net Europe Limited. [29]C2Net sells network security and encryption products. References 1. http://www.apacheweek.com/ads/?n=orangevisa&do=go 2. http://www.apacheweek.com/ 3. http://www.apacheweek.com/features/ 4. http://www.apacheweek.com/features/guide13 5. http://www.apacheweek.com/issues/ 6. http://www.apache.org/dyn/closer.cgi 7. http://bugs.apache.org/index/full/2708 8. http://bugs.apache.org/index/full/3100 9. http://bugs.apache.org/index/full/2555 10. http://bugs.apache.org/index/full/2915 11. http://bugs.apache.org/index/full/3064 12. http://bugs.apache.org/index/full/3232 13. http://www.apache.org/dist/patches/apply_to_1.3.3/proxy_segv.txt 14. http://bugs.apache.org/index/full/2950 15. http://bugs.apache.org/index/full/2409 16. http://bugs.apache.org/index/full/3279 17. http://bugs.apache.org/index/full/3447 18. http://bugs.apache.org/index/full/3380 19. http://bugs.apache.org/index/full/3502 20. http://service.software.ibm.com/support/rs6000 21. http://bugs.apache.org/index/full/2312 22. http://bugs.apache.org/index/full/3530 23. http://www.apache.org/ 24. http://www.apache.org/dyn/closer.cgi 25. http://www.apacheweek.com/features/guide13 26. mailto:[EMAIL PROTECTED] 27. http://www.apacheweek.com/ 28. http://www.eu.c2.net/ 29. http://www.c2.net/ ------------------------------------------------------------------------ To stop receiving Apache Week, send a message to [EMAIL PROTECTED] containing the text unsubscribe apacheweek ----- End forwarded message ----- -- Opensource: "Given enough eyeballs, all bugs are shallow." Microsoft: "Given enough bugs, all eyeballs are shallow." ** Jadual puasa Ramadhan @ http://www.indoglobal.com/puasa.html ** Layanan Informasi Iklan Baris Internet * http://www.iklan-25.co.id -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- To unsubscribe, e-mail : [EMAIL PROTECTED] To subscribe, e-mail : [EMAIL PROTECTED] Netika BerInternet : [EMAIL PROTECTED] HI-Reliability low cost web hosting service - http://www.IndoGlobal.com
