
this is were version changes are recorded for mod_pubcookie

Legend:
M - module changes
L - library changes
H - only .h files changed
O - other (Makefile, Makefile.apxs, etc.)

a5 1.77.2.4 17Jul2002 rcs references: module 1.77.2.4
M  - Removed explicit expires on cookies added in 1.77.2.2

a5 1.77.2.3 20Jun2002 rcs references: module 1.77.2.3
M  - made PubcookieAuthTypeNames be required.

a5 1.77.2.2 6Jun2002 rcs references: module 1.77.2.2
M  - added expire times to granting requests and pre-session cookies
M  - Started removal of Apache1.2 code
M  - Force the connection to SSL to keep connection encrypted for browsers
     that send 'secure' cookies over non-ssl connections.
M  - Short-term-logout support via more EndSession args

a5 1.69 11Jan2002 rcs references: module 1.69
M  - fixed escaping of eol chars in string constant.

a5 1.68 26Nov2001 rcs references: module 1.68
M  - moved super_debug from being server config to dir config
M  - added new super_debugging to dump server and directory recs
M  - fixed inactive and hard expire values that were being reset by default
     values.  Now default values aren't set until after all directory create
     and merge functions hav happened.

a5 1.67 13Nov2001 rcs references: module 1.67
M  - No code changes just warnings against setting the redirect in the header

a5 1.65 27Oct2001 rcs references: m1.65
M  - fixed missing semi-colon in Set-cooie headers missing per rfc2109

a5 1.64 17Oct2001 rcs references: m1.64
M  - added a server merge line for the no blank cookie flag

a5 1.63 17Oct2001 rcs references: m1.63
M  - added JimFox's no blank cookie code

a5 1.62 17Oct2001 rcs references: m1.62
M  - added support for PubcookieEndSession, which clears the session cookie

a5 1.61 11Oct2001 rcs references: m1.61
M  - changed PubcookieSuperDebug to toggle with On/Off instead of True/False
M  - cleaned-out some UWash-isms
L  - moved libpbc_check_exp from module code to library
L  - moded libpbc_check_version from module code to library

a5 1.60 10Sep2001 rcs references: m1.60
M  - added support for session reauth
M  - changed app_id to appid
M  - changed appsrv_id to appsrvid
M  - misc cleanups
M  - added log messages if the key or cert files doesn't load (CMU)
M  - httpd will now exit if any keys or certs are missing
M  - indenting changes
M  - fixed url for pubcookie docs
M  - fixed error message when the G cookie expired to show number of seconds expired instead of number of second it took to get to the webserver.

a5 1.55 2May2001 rcs references: m1.55
M  - flopped the credential checking back to the way they were in a5release11

a5 1.54 23Apr2001 rcs references: m1.54
O  - new exciting version number!
M  - fixed the g cookie credential checking, broken in the Jan2001 release
M  - misc cleanup
O  - First version covered by external distribution license

a5 release11 26Jan2001 rcs references: m1.50
M  - increased buffer size into which to base64 encode, and made
     sure it's null-terminated; fixes '6n+4/6n+5' query string bug

a5 release10 26Sep2000 rcs references: m1.49 l2.13
M  - changed the redirect_reason to be passed to login server as int
     instead of a string.
M  - added currently latent pre session cookie
M  - fixed SecurID cred type not being checked correctly
M  - substituted in more (ap_)snprintf's 
M  - fixed bug where r->connection->ap_auth_type wasn't being always set
H  - set the granting timeout up to 60 seconds from 20secs (pbc_config.h)

a5 release9 13Apr2000 rcs references: m1.48 l2.11
M  - added directive for PubCookieDirDepthforAppID to set the max path length
     for default App IDs.
M  - added directive for PubCookieAppSrvID to specify the App Server ID.
M  - rewrote appid functions for new functionality and general cleanliness.
L  - store and reset value of OpenSSL global des_check_key.

a5 release8 02mar2000 rcs references: m1.43 l2.10
M  - fixed bug where GET args longer then 300some chars would
     get truncated.

a5 release7 27Jan2000 rcs references: m1.42 l2.10
L  - added logic to only use snprintf for GLIB else sprintf
M  - expanded tabs out to spaces in module source code
M  - remove any extra '/' in uris before comparing paths
     (added ap_no2slash call)
M  - moved the remove-get-args-from-uri code to better location

a5 release6 27Jan2000 rcs references: m1.40 l2.9
M  - added super-debugging which can be turned on a directory level
M  - cleaned-up some log lines for consistancy and clarity
M  - made timeout defaults more reasonsable, plus added bounds checking
M  - fixed bug where requests w/o explicit appids and get args would include 
     the get args in the assumed appid, thus failing to compair against
     solely the directory name and causing login server loops.
M  - module uses different apache functions for hostname
M  - more info is sent to the login server via the granting request cookie,
     including: real hostname, redirect reason, misc flag (currently unused),
     upload file location (for file upload), referer uri.
O  - USE_SECURID is default in makefile and Makefile.apxs
L  - WIN32 library changes (JimB)
L  - changed some exits() to returns() to percolate up some error msgs (JimB)

a5 release5 1Sep1999 rcs references: m1.38 l2.7
M  - stopped using apache's base64 functions in apache1.3
M  - removed some duplicated code introduced in a5release4

a5 release4 23Aug1999
L  - accomodates all known versions of OpenSSL/SSLeay greater then 0.9.2b
     without any compile defines.
M  - sets flag to give an error warning about multipart/form-date

a5 release3-l2.5 16Aug1999
L  - changes to PEM_ASN1_read to accomodate openssl0.9.4.   now requires 
     that all older then 0.9.4 installations compile with PRE_OPENSSL_094

a5 release3 6Aug1999
M  - set ap_auth_type in the connection record so we know who did the auth

a5 release2-m1.32 22Jul1999
M  - Apache 1.2.x patches
M  - better cookie blanking done in the module that doesn't require
     the util_scripts.c patch

a5 release2 21Jul1999 rcs reference: m1.31l2.4
M  - changes session cookies to be directory scoped to '/'.  This fixes 
     a problem when multiple apps used the same 'appid' but lived in
     different directory trees.
O  - added util-scripts.c patch to filter out pubcookies from cgi environ.
M  - added support for non-standard port #s.
M  - spiffed up some log messages.
H  - spiffed up some comments and slightly reorganized pbc_config.h

a5 release1 8Jul1999 rcs reference: m1.30l2.4
M  - ammended the logic for identifing POST content or a POST request.
M  - changed some text messages to the user (pbc_config.h).

a5 reebok2m1.29 28Jun1999:
M  - apache1.x doesn't have ap_uuencode so we tried a different uuencode
     (./patch_archive/a5rebook2_patch1_fmf)
M  - but that uuencode it's right so apache1.2 is back to using base64

a5 reebok2 25Jun1999 rcs refernces: m1.28l2.4
M  - support for POST and GET args
M  - better support for Form/Multipart POST content

a4m1.27l2.4 26May1999:
M  - changes to the post page to the login server
M  - changed base64_encodes in the module to ap_uuencodes
L  - changes to accomodate changed des declarations in OpenSSL v0.9.3, these
     are indeed undoing the type changes for OpenSSL v0.9.2b.  to accomodate
     OpenSSL v0.9.2b i've added a define (OPENSSL_0_9_2B).  see the 
     OpenSSL v0.9.3 CHANGES file for more info.
Makefile - added aditional includes path for moved OpenSSL v0.9.3 include 
           files, will someday change the file names in the pubcookie files.

a4m1.26l2.3:  26May1999
M  - some apache1.2 fixes and addition of main_rec/top_rec (fmf)

a4 reebok1 26May1999 rcs refernces: m1.25l2.3
M  - support for POST
M  - added ap_add_version_component
M  - change to using directory of uri instead of file system path of filename 
     for the default app_id.

a4m1.24l2.3:  29Apr1999
M  - start of packaging up POST content
M  - added REDIRECT_IN_HEADER option and made the redirect to the login
     server to be in the body the default
M  - added 'no cache' headers to redirect
M  - changed to JimB style session cookie names

a4m1.23l2.3:  29Apr1999
H  - changed granting cookie timeout from 60 seconds to 20 
     (had been set up for testing on www.washington.edu)
L  - Jim Blankenship WIN32 patches
L  - changed libpbc_debug and libpbc_abend to print to stderr instead of stdout
L  - changes to accomodate changes des declarations in OpenSSL v0.9.2b 
M  - started to add support for non-ssl pubcookie, nothing working yet
M  - turned off old braindead ForceReauth
M  - added a few headers to redirect to login server to make sure the redirect
     won't be cached by the agent
M  - fixed up the cred heirarchy, so if the granting cookie has creds 3 then
     it's o.k. if the pager requires creds 1

a4m1.22:
M  - fixed ordering of version numbers in logged error message for minor version
   mismatch.

a4: release date: 1999Mar4 willey

 - doesn't send a new session cookie every time if Session Inactivity
 Timeout is disabled (NOTE: the magic number to turn off the inactivity 
 timeout is -1 not 0)
 - fixed passing of args through the login circuit
 - changed where default timeouts are set 
 - granting request now transits to the login server via a cookie
 - cookie blanking and get_cookie fixed to deal with only the spec. cookie.
 - the directory merge function was returned to the code
 - removed used Login Description directive
 - made default login server weblogin.washington.edu
 - some code clean-up and renaming

Pubcookie Library Third Developers Release: July 31, 1998
 - module fixes.

Pubcookie Library Second Developers Release: July 24, 1998
 - first appearance of the apache module.

Pubcookie Library First Developers Release: July 20, 1998
 - library and auxillary programs.
