Note that changes in the default httpd.conf do not violate our
backward-compatibility policy. We assume that people preserve their
own config files, rather than going back to the default each time.
Jeff Trawick [Wed, 9 Apr 2003 16:58:30 +0000 (16:58 +0000)]
consolidate code related to sig_coredump
a note on perchild:
perchild exception handling was busted before this and is still busted
the problem I noticed was that a client that exposes a segfault never
gets its connection dropped and the parent never notices that the
child process that segfaulted hasexited
Chris Pepper [Wed, 9 Apr 2003 04:08:21 +0000 (04:08 +0000)]
Clarify some wording.
Note this change (as previously written, it implied that 1.3.5
had this vulnerability, which is not true). I'm not sure if
"httpd 2.0" is the preferred name.
- <p>Note that in versions previous to 2.0.46 no escaping has been performed
+ <p>Note that in httpd 2.0 versions prior to 2.0.46, no escaping was performed
on the strings from <code>%...r</code>, <code>%...i</code> and
<code>%...o</code>. This was mainly to comply with the requirements of
the Common Log Format. This implied that clients could insert control
characters into the log, so you had to be quite careful when dealing
with raw log files.</p>
- <p>For security reasons starting with 2.0.46 non-printable and
+ <p>For security reasons, starting with 2.0.46, non-printable and
other special characters are escaped mostly by using
<code>\x<var>hh</var></code> sequences, where <var>hh</var> stands for
the hexadecimal representation of the raw byte. Exceptions from this
rule are <code>"</code> and <code>\</code> which are escaped by prepending
- a backslash, and all whitespace characters that are written in their
- C-notation (<code>\n</code>, <code>\t</code> etc).</p>
+ a backslash, and all whitespace characters which are written in their
+ C-style notation (<code>\n</code>, <code>\t</code> etc).</p>
Solve SSL-C breakage introduced in mod_ssl.h rev 1.129 and
ssl_engine_kernel.c rev 1.88. SSL* is not const under SSL-C.
I've confirmed Jeff's comment that the original patch doesn't harm
earlier OpenSSL versions which declared no arguments at all.
I suspect now that we could fold
#define MODSSL_BIO_CB_ARG_TYPE const char
#define MODSSL_CRYPTO_CB_ARG_TYPE const char
#define MODSSL_INFO_CB_ARG_TYPE const SSL*
into a single MODSSL_CB_ARG_CONST define, but this works for now.
Move the dropped '--enable-layout' subdir logic into APR_SUBDIR_CONFIG macro
as a third parameter rather than manually computing it ourselves.
Add the ' prefix'd --enable-layout so that this can work with an autoconf-2.54+
generated configure. (Previously, the option would not be dropped with 2.54
or 2.57 since it unconditionally adds single-quotes which our case statement
would not catch.)
Try to shorten long invocations of APR_SUBDIR_CONFIG where possible.
Graham Leggett [Sat, 5 Apr 2003 20:17:25 +0000 (20:17 +0000)]
Update the RPM spec file (in line with changes to v2.0):
- Moved mime.types back to the default location.
- Added mod_ldap and friends, mod_cache and friends.
- Added openldap dependancy.
Reapply the fix *intended* by rev 1.79 in a safer manner. Prior to
all assignments and the final SSL_free(), free ssl_conn->client_cert
to avoid leaks of this refcounted X509*. Prereleasing refcounted
objects is unsafe programming; fix applied to both branches.
EVP_PKEY_free() is refcounted on OpenSSL, but NOT under RSA SSL-C.
Eliminate a number of test failures by conditionally reverting rev 1.79
pubkey handling in ssl_engine_kernel.c, except under OpenSSL.
Also revert a rev 1.79 bogisity for all toolkits; it's entirely bogus
to release a refcount after setting aside the results in a persistant
structure, in this case sslconn->client_cert from SSL_get_peer_certificate()
mustn't be freed while sslconn is still in play. The proper patch (not
written yet) is to invoke the X509_free(sslconn->client_cert) when we
cleanup the sslconn structure.
A cosmetic change to 1.79 - a real X509 *cert is in play, don't use
that same variable to retrieve/release the quick lookup and discard
of the peercert.
André Malo [Sat, 5 Apr 2003 18:13:21 +0000 (18:13 +0000)]
- new developer/index.xml
- add references from the subdocuments to the index file (<parentdocument>)
- fix German sitemap reference revision # to be up-to-date
Jeff Trawick [Fri, 4 Apr 2003 19:04:21 +0000 (19:04 +0000)]
run libtool from the apr install directory (in case that is different
from the apache install directory)
further changes are needed to automatically pick up apr and apr-util
include directories; for now, "-Wc,-I/path" needs to be added to the
apxs -c invocation to work around that problem
Jeff Trawick [Fri, 4 Apr 2003 18:55:49 +0000 (18:55 +0000)]
Fix the inability to log errors like exec failure in
mod_ext_filter/mod_cgi script children (e.g., exec failure). This
was broken after such children stopped inheriting the error log
handle.
(For this to work with mod_ext_filter, that module's LogStderr option
has to be on.)
Jeff Trawick [Fri, 4 Apr 2003 03:57:10 +0000 (03:57 +0000)]
Fix a compile failure with recent OpenSSL and picky compilers
(e.g., OpenSSL 0.9.7a and xlc_r on AIX).
The OpenSSL info callback field changed recently from a generic
function pointer to a specific one, and ssl_callback_LogTracingState
wasn't quite right.
Jeff Trawick [Thu, 3 Apr 2003 11:52:08 +0000 (11:52 +0000)]
Fix a build problem with passing unsupported --enable-layout
args to apr and apr-util. This broke binbuild.sh as well as
user-specified layout parameters.
PR: 18649
Original concept code submitted by: Justin Erenkrantz
Mangled by: Jeff Trawick
Introduce a number of SSLC hints to mod_ssl, including the following
type overrides;
MODSSL_CLIENT_CERT_CB_ARG_TYPE
MODSSL_PCHAR_CAST (for a host of non-void/const sslc values)
modssl_read_bio_cb_fn (for several callbacks with same prototypes)
Declare callback functions appropriately.
And protect us from indetermineant toolkits with
#error "Unrecognized SSL Toolkit!"
Jim Jagielski [Mon, 31 Mar 2003 14:38:51 +0000 (14:38 +0000)]
Match what we do with the ssl_scache_dbm
chown junk, which we know is safe and works, and more directly
handles the issue with chown (agreed that a macro is needed
eventually)
Solve segfaults from unusual error exceptions in cgid. The daemon
has no 'real' request_rec, so we can't use ap_log_rerror() anywhere
within the cgid_server() code.
Also, one of the two log messages was echoed to the child, no point
when the actual request logic should take care of that notification.
André Malo [Sat, 29 Mar 2003 04:39:08 +0000 (04:39 +0000)]
Fix mod_ssl.dsp and abs.dsp to use also the openssl-0.9.7-defines for
NO_MD5, NO_IDEA and NO_MDC2 (won't compile otherwise with 0.9.7+ and
restricted crypto algorithms)
Jim Jagielski [Sat, 29 Mar 2003 02:18:43 +0000 (02:18 +0000)]
Because SSL's child init is run *after* we change uid/gid. So we need to ensure that file-based
locks have the correct perms so that the child process
can access them
Fix a serious bug where the 'next' generation of the server would open
a brand new mutex. This patch creates a single mutex in the first config
phase that survives for the life of the server (server->process->pool).
Now one server generation to the next will respect the same mutex between
one another, while the previous generation is still mopping up.
Allow any mutex to accept a 'filename' ... and always root it to the
server root unless we are using posixsem, which can't handle big paths.
This reorganization should make the code much more readable because
all of the common code is at the beginning and end of the function,
simplifing the long conditional test case block.
This patch allows SSLMutex default:logs/ssl_mutex syntax. It also
removes the mod_ssl historical '.pid' suffixes - that isn't how Apache2
specifies files.
Greg Ames [Thu, 27 Mar 2003 20:34:56 +0000 (20:34 +0000)]
ap_rgetline_core: set the number of bytes read & copied into the caller's
buffer when returning APR_ENOSPC. This prevents seg faults in
ap_get_mime_headers_core in an error path which handles headers that are too
long.