Graham Leggett [Tue, 15 Apr 2003 17:39:43 +0000 (17:39 +0000)]
If a Date response header was already set in the headers array,
this value was ignored in favour of the current time. This meant
that Date headers on proxied requests where rewritten when they
should not have been.
PR: 14376
Obtained from:
Submitted by:
Reviewed by:
Graham Leggett [Tue, 15 Apr 2003 16:01:02 +0000 (16:01 +0000)]
Fixed a segfault when multiple ProxyBlock directives were used.
PR: 19023
Obtained from:
Submitted by: Sami Tikka <sami.tikka@f-secure.com>
Reviewed by:
André Malo [Mon, 14 Apr 2003 17:50:50 +0000 (17:50 +0000)]
filter no-break-spaces in text output. In some environments (e.g. mine)
they are not transformed correctly.
This change defines the output to be exactly " " (without quotes)
Graham Leggett [Sat, 12 Apr 2003 17:28:55 +0000 (17:28 +0000)]
Add code to buildconf that produces an httpd.spec file from
httpd.spec.in, using build/get-version.sh from APR.
PR:
Obtained from:
Submitted by:
Reviewed by:
André Malo [Fri, 11 Apr 2003 21:17:44 +0000 (21:17 +0000)]
re-introduce mod/allmodules.xml*
The change is mainly intended to save some memory during the build process.
Additionally we may get a bit more clearness in our document structure ...
André Malo [Fri, 11 Apr 2003 19:47:31 +0000 (19:47 +0000)]
add metafiles. These files contain information that is relevant for one
document but all variants of it (i.e. one basename), such as avail. languages,
formats etc.
Note that changes in the default httpd.conf do not violate our
backward-compatibility policy. We assume that people preserve their
own config files, rather than going back to the default each time.
Jeff Trawick [Wed, 9 Apr 2003 16:58:30 +0000 (16:58 +0000)]
consolidate code related to sig_coredump
a note on perchild:
perchild exception handling was busted before this and is still busted
the problem I noticed was that a client that exposes a segfault never
gets its connection dropped and the parent never notices that the
child process that segfaulted hasexited
Chris Pepper [Wed, 9 Apr 2003 04:08:21 +0000 (04:08 +0000)]
Clarify some wording.
Note this change (as previously written, it implied that 1.3.5
had this vulnerability, which is not true). I'm not sure if
"httpd 2.0" is the preferred name.
- <p>Note that in versions previous to 2.0.46 no escaping has been performed
+ <p>Note that in httpd 2.0 versions prior to 2.0.46, no escaping was performed
on the strings from <code>%...r</code>, <code>%...i</code> and
<code>%...o</code>. This was mainly to comply with the requirements of
the Common Log Format. This implied that clients could insert control
characters into the log, so you had to be quite careful when dealing
with raw log files.</p>
- <p>For security reasons starting with 2.0.46 non-printable and
+ <p>For security reasons, starting with 2.0.46, non-printable and
other special characters are escaped mostly by using
<code>\x<var>hh</var></code> sequences, where <var>hh</var> stands for
the hexadecimal representation of the raw byte. Exceptions from this
rule are <code>"</code> and <code>\</code> which are escaped by prepending
- a backslash, and all whitespace characters that are written in their
- C-notation (<code>\n</code>, <code>\t</code> etc).</p>
+ a backslash, and all whitespace characters which are written in their
+ C-style notation (<code>\n</code>, <code>\t</code> etc).</p>
Solve SSL-C breakage introduced in mod_ssl.h rev 1.129 and
ssl_engine_kernel.c rev 1.88. SSL* is not const under SSL-C.
I've confirmed Jeff's comment that the original patch doesn't harm
earlier OpenSSL versions which declared no arguments at all.
I suspect now that we could fold
#define MODSSL_BIO_CB_ARG_TYPE const char
#define MODSSL_CRYPTO_CB_ARG_TYPE const char
#define MODSSL_INFO_CB_ARG_TYPE const SSL*
into a single MODSSL_CB_ARG_CONST define, but this works for now.
Move the dropped '--enable-layout' subdir logic into APR_SUBDIR_CONFIG macro
as a third parameter rather than manually computing it ourselves.
Add the ' prefix'd --enable-layout so that this can work with an autoconf-2.54+
generated configure. (Previously, the option would not be dropped with 2.54
or 2.57 since it unconditionally adds single-quotes which our case statement
would not catch.)
Try to shorten long invocations of APR_SUBDIR_CONFIG where possible.
Graham Leggett [Sat, 5 Apr 2003 20:17:25 +0000 (20:17 +0000)]
Update the RPM spec file (in line with changes to v2.0):
- Moved mime.types back to the default location.
- Added mod_ldap and friends, mod_cache and friends.
- Added openldap dependancy.
Reapply the fix *intended* by rev 1.79 in a safer manner. Prior to
all assignments and the final SSL_free(), free ssl_conn->client_cert
to avoid leaks of this refcounted X509*. Prereleasing refcounted
objects is unsafe programming; fix applied to both branches.
EVP_PKEY_free() is refcounted on OpenSSL, but NOT under RSA SSL-C.
Eliminate a number of test failures by conditionally reverting rev 1.79
pubkey handling in ssl_engine_kernel.c, except under OpenSSL.
Also revert a rev 1.79 bogisity for all toolkits; it's entirely bogus
to release a refcount after setting aside the results in a persistant
structure, in this case sslconn->client_cert from SSL_get_peer_certificate()
mustn't be freed while sslconn is still in play. The proper patch (not
written yet) is to invoke the X509_free(sslconn->client_cert) when we
cleanup the sslconn structure.
A cosmetic change to 1.79 - a real X509 *cert is in play, don't use
that same variable to retrieve/release the quick lookup and discard
of the peercert.
André Malo [Sat, 5 Apr 2003 18:13:21 +0000 (18:13 +0000)]
- new developer/index.xml
- add references from the subdocuments to the index file (<parentdocument>)
- fix German sitemap reference revision # to be up-to-date
Jeff Trawick [Fri, 4 Apr 2003 19:04:21 +0000 (19:04 +0000)]
run libtool from the apr install directory (in case that is different
from the apache install directory)
further changes are needed to automatically pick up apr and apr-util
include directories; for now, "-Wc,-I/path" needs to be added to the
apxs -c invocation to work around that problem
Jeff Trawick [Fri, 4 Apr 2003 18:55:49 +0000 (18:55 +0000)]
Fix the inability to log errors like exec failure in
mod_ext_filter/mod_cgi script children (e.g., exec failure). This
was broken after such children stopped inheriting the error log
handle.
(For this to work with mod_ext_filter, that module's LogStderr option
has to be on.)
Jeff Trawick [Fri, 4 Apr 2003 03:57:10 +0000 (03:57 +0000)]
Fix a compile failure with recent OpenSSL and picky compilers
(e.g., OpenSSL 0.9.7a and xlc_r on AIX).
The OpenSSL info callback field changed recently from a generic
function pointer to a specific one, and ssl_callback_LogTracingState
wasn't quite right.
Jeff Trawick [Thu, 3 Apr 2003 11:52:08 +0000 (11:52 +0000)]
Fix a build problem with passing unsupported --enable-layout
args to apr and apr-util. This broke binbuild.sh as well as
user-specified layout parameters.
PR: 18649
Original concept code submitted by: Justin Erenkrantz
Mangled by: Jeff Trawick
Introduce a number of SSLC hints to mod_ssl, including the following
type overrides;
MODSSL_CLIENT_CERT_CB_ARG_TYPE
MODSSL_PCHAR_CAST (for a host of non-void/const sslc values)
modssl_read_bio_cb_fn (for several callbacks with same prototypes)
Declare callback functions appropriately.
And protect us from indetermineant toolkits with
#error "Unrecognized SSL Toolkit!"
Jim Jagielski [Mon, 31 Mar 2003 14:38:51 +0000 (14:38 +0000)]
Match what we do with the ssl_scache_dbm
chown junk, which we know is safe and works, and more directly
handles the issue with chown (agreed that a macro is needed
eventually)
Solve segfaults from unusual error exceptions in cgid. The daemon
has no 'real' request_rec, so we can't use ap_log_rerror() anywhere
within the cgid_server() code.
Also, one of the two log messages was echoed to the child, no point
when the actual request logic should take care of that notification.
projects / apache / log