Greg Stein [Thu, 19 Jun 2003 21:21:15 +0000 (21:21 +0000)]
Fix a crasher introduced on June 3.
* mod_dav.c (dav_method_propfind): the PROPFIND request might not have
a body. Therefore, we cannot dereference 'doc' unconditionally.
Test it to decide what to pass on to dav_begin_multistatus().
Submitted by: Ben Collins-Sussman <sussman@collab.net>,
David Waite <mass@akuma.org>
Reaction to Jeff Trawick's observations that we are double-initializing
dynalinked OpenSSL Engines and Configs. Move the library teardown code
so that it is torn down in the proper order, corresponding to when the
library itself was initialized. And leave a little reminder that some
memory diagnostics would be good if OpenSSL is built for malloc debugging.
Greg Stein [Tue, 17 Jun 2003 17:38:16 +0000 (17:38 +0000)]
Following the previous commit, adjust the actual parameters of
ap_strcmp_match() and ap_strcasecmp_match() to use 'expected' rather
than 'exp' to avoid shadowing the global exp() function.
Joshua Slive [Thu, 12 Jun 2003 19:50:41 +0000 (19:50 +0000)]
LaTeX:
- Add directive index.
- Number the front-matter pages using roman numerals
- Omit any <br/> that ends a block.
- Improve the rendering of <indent> by using a
list environment rather than a minipage.
- Update the TODO list.
Current draft at:
http://www.apache.org/~slive/manual/
Greg Ames [Wed, 11 Jun 2003 17:46:25 +0000 (17:46 +0000)]
core_output_filter: don't split the brigade after a FLUSH bucket if it's the
last bucket. This prevents creating unneccessary empty brigades which may
not be destroyed until the end of a keepalive connection.
Submitted by: Juan Rivera <Juan.Rivera@NO_SPAM.citrix.com>
Joshua Slive [Tue, 10 Jun 2003 20:17:51 +0000 (20:17 +0000)]
Transform <columnspec><column width=".2">... hints to help latex
size tables properly. Also change the html tranforms to ignore this
and add the elements to the dtd.
Jeff Trawick [Sat, 7 Jun 2003 19:50:01 +0000 (19:50 +0000)]
Unix: Handle permissions settings for flock-based mutexes in
unixd_set_global|proc_mutex_perms(). Allow the functions to be
called for any type of mutex.
This resolves a fatal problem with mod_rewrite on systems where
APR uses flock-based mutex.
It simplifies mod_ssl as well, which had special logic to perform
the chown(). It fixed an init error with mod_ssl on systems where
flock is used when the user had no SSLMutex directive.
The Unix MPMs continue to call unixd_set_global|proc_mutex_perms()
only for SysV sems. There is no permission problem with flock-based
accept mutexes since the child init logic for the MPMs is done
prior to switching identity.
Jeff Trawick [Sat, 7 Jun 2003 13:09:10 +0000 (13:09 +0000)]
mod_rewrite: Perform child initialization on the rewrite log lock.
This fixes a log corruption issue when flock-based serialization
is used (e.g., FreeBSD).
Jeff Trawick [Fri, 6 Jun 2003 02:48:55 +0000 (02:48 +0000)]
Don't respect the Server header field as set by modules and CGIs.
As with 1.3, for proxy requests any such field is from the origin
server; otherwise it will have our server info as controlled by
the ServerTokens directive.
Jeff Trawick [Thu, 5 Jun 2003 18:41:49 +0000 (18:41 +0000)]
steal some code from APR intended to allow you to properly switch
between libtool 1.3 and 1.4+... newer libtool doesn't have ltconfig,
so having a stray ltconfig around will confuse some of our config
logic
This also fixes cp failure on FreeBSD since ltconfig and ltmain.sh
are installed with 0400 perms, and when buildconf is run a second time
the cp of those files would fail.
Greg Stein [Tue, 3 Jun 2003 22:09:24 +0000 (22:09 +0000)]
mod_dav improvement: make dav_method_propfind stream its response,
rather than cache every <response> object and send the whole 207 at once.
Note: this patch doesn't affect the mod_dav provider API at all.
Providers still return property results in text-buffers, but mod_dav
then streams them out immediately.
Submitted by: Ben Collins-Sussman <sussman@collab.net>
Reviewed by: gstein, jerenkrantz, sander
* mod_dav.h (dav_walker_ctx): add a brigade field and a scratchpool field.
* mod_dav.c (dav_send_one_response): new helper function to write a
<DAV:response> into a brigade/filter. this code has been factorized
out of dav_send_multistatus.
(dav_begin_multistatus): new factorized helper func; creates brigade
and sends initial <multistatus> tag.
(dav_send_multistatus): create brigade, call dav_begin_multistatus,
and switch all ap_rputs calls to ap_fputs instead. call
dav_send_one_response when looping over response list. use a
subpool when iterating.
(dav_method_propfind): initialize walker ctx's brigade. initialize
ctx's scratchpool as a subpool of r->pool. Send a <multistatus> tag
before calling the provider's walk() function, and a </multistatus>
tag afterwards.
(dav_stream_response): new function, originally based on
dav_add_repsonse. don't build linked list of responses in memory;
just spew each response object into the brigade via
dav_send_one_response(). take an incoming pool argument to do the
temporary allocation and streaming.
(dav_propfind_walker): pass ctx->scratchpool to dav_stream_response,
and clear the pool when finished.
Mark J. Cox [Tue, 3 Jun 2003 10:51:47 +0000 (10:51 +0000)]
Be more consistant in how we label security issues
Promote the issues that have been allocated a full CVE name (to replace CAN)
PR:
Obtained from:
Submitted by:
Reviewed by:
The right patch (thanks to Eric for identifying the wrong patch) to move
SSL_library_init() into the register hooks phase. OpenSSL_add_ssl_algorithms
devolves to SSL_library_init, which is the same for most toolkits (and would
be accomodated in ssl_toolkit_config.h if not.)
Erik Abele [Sun, 1 Jun 2003 21:11:06 +0000 (21:11 +0000)]
"Comment out .gz etc. AddEncoding lines in our default configuration.
Current browsers have a tendency to decompress the data when no one really
wants it to do that. If you want the old behavior that leads to transparent
decompression by modern browsers, uncomment these lines. But, this
shouldn't be our default." (see httpd-std.conf.in r1.32, jerenkrantz)
Erik Abele [Sun, 1 Jun 2003 20:48:54 +0000 (20:48 +0000)]
Added a note, a vote and a section about some necessary doco
improvements.
Removed a section about building the man pages from XML source.
Also removed a section about possible cross references between the
different languages. Both was fixed by Andre recently.
Ken Coar [Sun, 1 Jun 2003 15:10:30 +0000 (15:10 +0000)]
Allow ExpiresByType to accept and understand minor-type wildcards
(e.g., text/*). They'll be used if an exact type match isn't
found; if there's no wildcard match, the expiry falls back to any
ExpiresDefault setting as usual.
Rich Bowen [Sat, 31 May 2003 22:00:27 +0000 (22:00 +0000)]
As per repeated discussion on this point, I don't think that anybody
wants to do the maintenance work necessary to keep the FAQ correct if a
million monkeys are submitting content. So, to keep it from coming up
Yet Again, removing the remark.
OpenSSL_add_all_algorithms is simply an alias for SSL_load_library.
Note that the entire schema of what-we-load-how follows from
OpenSSL 0.9.7's own apps/ example applications. More review
is greatly desired, but that's where I believed I should
start looking for the 'correct' order of operations.
Provide a far more useful explanation when SSLCryptoDevice fails to
find a device. Still would be nice to implement dynamic:{options}
but this gets us to display the usual, builtin devices.
We now load builtin engines up front, in the pre_config phase, because
this and any other config cmd processor must have an already valid
library config. So loading builtin engines becomes redundant in this
cmd handler.
Solve a pretty horrific bug in SSLCryptoDevice and other places where
the config cmd processors should be examining the SSL context. We must
initialize the SSL library before we can actually obtain any useful
information from the SSL library.
Based on list discussion between myself and Geoff, it seems prudent
to check for both the existence of the openssl/engine.h header file
and some 'expected function' such as ENGINE_init() (better suggestions
are welcome.) Also clear up some confusion; so long as we have
ENGINE_load_builtin_engines() we should attempt to preload those.
This patch protects all ENGINE-based code within the tests for the
engine header and function, and changes a version test into a
function test.
André Malo [Thu, 29 May 2003 15:49:49 +0000 (15:49 +0000)]
- add rel="alternate" attribute
- use rel and hreflang attribute only if the link points to another language
- add newlines for better diffs (the next will be a huge one ...)
As Geoff Thorpe <geoff@geoffthorpe.net> points out, we must perform our
compilation tests for the SSL_has_foo functions while we have completely
populated the config with 'standard' libraries from our apr configuration.
This allows us to compile more complex dependencies such as the test for
ENGINE_init(), which also requires -lsockets etc on Solaris for any
static build of OpenSSL. If this fails, we will have to research using
the pkgconfig/openssl.pc configuration to perform these precompile tests.
This restores the various HAVE_SSL_{FOO} macros for SSL-C and introduced
the proper test for HAVE_ENGINE_INIT.
projects / apache / log