core: Fix integer overflow in ap_pregsub. This can be triggered e.g.
with mod_setenvif via a malicious .htaccess. [Stefan Fritsch]
+ *) core, mod_dav_fs: Change default ETag to be "size mtime", i.e. remove
+ the inode. PR 49623. [Stefan Fritsch]
+
*) mod_lua: Expose SSL variables via r:ssl_var_lookup(). [Eric Covener]
*) mod_lua: LuaHook{AccessChecker,AuthChecker,CheckUserID,TranslateName}
<description>File attributes used to create the ETag
HTTP response header for static files</description>
<syntax>FileETag <var>component</var> ...</syntax>
-<default>FileETag INode MTime Size</default>
+<default>FileETag MTime Size</default>
<contextlist><context>server config</context><context>virtual host</context>
<context>directory</context><context>.htaccess</context>
</contextlist>
<override>FileInfo</override>
+<compatibility>The default used to be "INode MTime Size" in 2.3.14 and
+earlier.</compatibility>
<usage>
<p>
<note type="warning"><title>Warning</title>
Do not change the default for directories or locations that have WebDAV
enabled and use <module>mod_dav_fs</module> as a storage provider.
- <module>mod_dav_fs</module> uses <code>INode MTime Size</code>
+ <module>mod_dav_fs</module> uses <code>MTime Size</code>
as a fixed format for <code>ETag</code> comparisons on conditional requests.
These conditional requests will break if the <code>ETag</code> format is
changed via <directive>FileETag</directive>.
<li><directive module="core">EnableSendfile</directive> now
defaults to Off.</li>
+ <li><directive module="core">FileETag</directive> now
+ defaults to "MTime Size" (without INode).</li>
+
<li><module>mod_log_config</module>: <a
href="modules/mod_log_config.html#formats">${cookie}C</a>
matches whole cookie names. Previously any substring would
#define ETAG_MTIME (1 << 1)
#define ETAG_INODE (1 << 2)
#define ETAG_SIZE (1 << 3)
-#define ETAG_BACKWARD (ETAG_MTIME | ETAG_INODE | ETAG_SIZE)
#define ETAG_ALL (ETAG_MTIME | ETAG_INODE | ETAG_SIZE)
+/* This is the default value used */
+#define ETAG_BACKWARD (ETAG_MTIME | ETAG_SIZE)
/**
* @brief Server Signature Enumeration
static const char *dav_fs_getetag(const dav_resource *resource)
{
dav_resource_private *ctx = resource->info;
+ /* XXX: This should really honor the FileETag setting */
if (!resource->exists)
return apr_pstrdup(ctx->pool, "");
if (ctx->finfo.filetype != APR_NOFILE) {
return apr_psprintf(ctx->pool, "\"%" APR_UINT64_T_HEX_FMT "-%"
- APR_UINT64_T_HEX_FMT "-%" APR_UINT64_T_HEX_FMT "\"",
- (apr_uint64_t) ctx->finfo.inode,
+ APR_UINT64_T_HEX_FMT "\"",
(apr_uint64_t) ctx->finfo.size,
(apr_uint64_t) ctx->finfo.mtime);
}
projects / apache / commitdiff