accompanying ap_version_t structure (minor MMN bump).
[André Malo]
- *) Fix cases where the byterange filter would buffer responses
+ *) Add ap_log_cerror() for logging messages associated with particular
+ client connections. [Jeff Trawick]
+
+ *) Correct mod_cgid's argv[0] so that the full path can be delved by the
+ invoked cgi application, to conform to the behavior of mod_cgi.
+ [Pradeep Kumar S <pradeep.smani gmail.com>]
+
+ *) mod_include: Fix possible environment variable corruption when
+ using nested includes. PR 12655. [Joe Orton]
+
+ *) Support the suppress-error-charset setting, as with Apache 1.3.x.
+ PR 31274. [Jeff Trawick]
+
+ *) EBCDIC: Handle chunked input from client or, with proxy, origin
+ server. [Jeff Trawick]
+
+ *) Fix bad globbing comparison which could result in getting
+ a directory listing when a file was requested. PR 34512.
+ [sean <infamous41md hotmail.com>]
+
+ *) Fix core dump if mod_auth_ldap's mod_auth_ldap_auth_checker()
+ was called even if mod_auth_ldap_check_user_id() was not
+ (or if it didn't succeed) for non-authoritative cases.
+ [Jim Jagielski]
+
+ *) SECURITY: CAN-2005-2728 (cve.mitre.org)
+ Fix cases where the byterange filter would buffer responses
into memory. PR 29962. [Joe Orton]
*) mod_proxy: Fix over-eager handling of '%' for reverse proxies.
*) mod_ssl: Fix build with OpenSSL 0.9.8. PR 35757. [William Rowe]
- *) SECURITY: CAN-2005-2088
+ *) SECURITY: CAN-2005-2088 (cve.mitre.org)
core: If a request contains both Transfer-Encoding and Content-Length
headers, remove the Content-Length, mitigating some HTTP Request
Splitting/Spoofing attacks. [Paul Querna, Joe Orton]
is causing a potential problem with the LDAP shared memory cache.
PR 31431 [Graham Leggett]
- *) mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz]
+ *) SECURITY: CAN-2004-1834 (cve.mitre.org)
+ mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz]
*) Fix the re-linking issue when purging elements from the LDAP cache
PR 24801. [Jess Holle <jessh ptc.com>]
names faulted the running OS2 worker process. The fix is
actually in APR 0.9.4. [Brian Havard]
- *) Forward port: Escape special characters (especially control
+ *) SECURITY: CAN-2003-0083 (cve.mitre.org)
+ Forward port: Escape special characters (especially control
characters) in mod_log_config to make a clear distinction between
client-supplied strings (with special characters) and server-side
strings. This was already introduced in version 1.3.25.
httpd/branches/2.0.x/... preserving the detail of all of the individually
backported changes.
- +1: wrowe, jim
+ +1: wrowe, jim, minfrin
-1:
For a complete history of individual unit changes, see r230703 - r230744 in
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
- [ please append new backports at the end of this list not the top. ]
-
- *) several changes to improve logging of connection-oriented errors, including
- ap_log_cerror() API (needs minor bump in addition to changes below)
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/core.c?r1=1.289&r2=1.291
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/log.c?r1=1.150&r2=1.151
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/include/http_log.h?r1=1.46&r2=1.48
- +1: trawick, stoddard, wrowe
- [wrowe notes that his previous objection is moot, based on security fixes
- applied between .44 and .54 - but -please- doxygen the version of Apache
- required in the API header note, for users who adopt this alternative.]
+ [ start all new proposals below, under PATCHES PROPOSED. ]
*) mod_cgi: Added API call and overload of detached field in
cgi_exec_info_t structure to support loading in current or new address
nd: I'm going to reverse the default
jerenkrantz, striker: I'm confused as to the status of this backport.
- * support/check_forensic: Fix tempfile usage
- svn rev 125495, 126224
- jerenkrantz says: r126224 fixes brokenness with r125495 on Solaris.
- +1: thommay, jerenkrantz, trawick
- trawick: "which" isn't portable; I've suggested a work-around on dev@
- (not standing in way of backport)
- jorton said: NetBSD's which isn't sufficient either.
- jerenkrantz: Since it's not in the critical path (and depends on
- mod_log_forensic), I think it's still worth it to backport
- it as-is. For the one or two platforms that don't like
- which, they can write their own version of the script.
-
- * Win32: Move call to mpm_service_install to the rewrite_args hook
- from the post_config hook.
- http://svn.apache.org/viewcvs?view=rev&rev=154319
- +1: stoddard, striker, wrowe (as corrected in subsequent patches)
-
- * mod_version: New Module, Backport from trunk. Requires Minor MMN Bump.
- http://svn.apache.org/repos/asf/httpd/httpd/branches/mod_version_for_2.0.x
- +1: pquerna, nd
- Votes from before the integration branch:
- +1: jerenkrantz, wrowe (trivial, would even be cool in 1.3)
-
- *) proxy FTP: Fix confusion about globbing characters which could lead
- to getting a directory listing when a file was requested. PR 34512.
- 2.1 patch was http://svn.apache.org/viewcvs?rev=179704&view=rev
- 2.0 version: http://people.apache.org/~trawick/179704-20.txt
- +1: trawick, jorton, wrowe
-
- *) Prevent bad dereferencing of non-existent req struct in
- mod_auth_ldap's mod_auth_ldap_auth_checker() if
- mod_auth_ldap_check_user_id() was never (fully) called.
- Similar behavior to that in 2.1/2.2.
- http://people.apache.org/~jim/mod_auth_ldap-2.0.patch
- +1: jim, minfrin, bnicholes
-
- *) Add httxt2dbm for creating RewriteMap DBM Files.
- http://svn.apache.org/viewcvs.cgi?rev=209539&view=rev
- +1: pquerna, jorton, trawick
+ *) support/check_forensic: Fix tempfile usage
+ svn rev 125495, 126224
+ jerenkrantz says: r126224 fixes brokenness with r125495 on Solaris.
+ +1: thommay, jerenkrantz, trawick
+ trawick: "which" isn't portable; I've suggested a work-around on dev@
+ (not standing in way of backport)
+ jorton said: NetBSD's which isn't sufficient either.
+ jerenkrantz: Since it's not in the critical path (and depends on
+ mod_log_forensic), I think it's still worth it to backport
+ it as-is. For the one or two platforms that don't like
+ which, they can write their own version of the script.
+ (jorton agrees)
+
+ *) Win32: Move call to mpm_service_install to the rewrite_args hook
+ from the post_config hook.
+ http://svn.apache.org/viewcvs?view=rev&rev=154319
+ +1: stoddard, striker, wrowe (as corrected in subsequent patches)
+
+ *) Add httxt2dbm for creating RewriteMap DBM Files.
+ http://svn.apache.org/viewcvs.cgi?rev=209539&view=rev
+ +1: pquerna, jorton, trawick
-PATCHES PROPOSED TO BACKPORT FROM TRUNK:
- [ please place SVN revisions from trunk here, so it is easy to
- identify exactly what the proposed changes are! ]
+ *) Remove the base href tag from mod_proxy_ftp, as it breaks relative
+ links for clients not using an Authorization header.
+ modules/proxy/mod_proxy_ftp.c: r231044
+ +1: minfrin, jim, nd
+
+ *) mod_version: New Module, Backport from trunk. Requires Minor MMN Bump.
+ http://svn.apache.org/repos/asf/httpd/httpd/branches/mod_version_for_2.0.x
+ +1: pquerna, nd, wrowe
+ Votes from before the integration branch: +1: jerenkrantz
*) Fix CAN-2005-2491, integer overflow in pcre.
http://svn.apache.org/viewcvs?rev=233493&view=rev
rediff for 2.0: http://people.apache.org/~jorton/CAN-2005-2491.patch
test case: perl-framework/t/security/CAN-2005-2491.t
- +1: jorton, nd
+ +1: jorton, nd, wrowe
- *) Remove the base href tag from mod_proxy_ftp, as it breaks relative
- links for clients not using an Authorization header.
- modules/proxy/mod_proxy_ftp.c: r231044
- +1: minfrin, jim, nd
+PATCHES PROPOSED TO BACKPORT FROM TRUNK:
+ [ please place SVN revisions from trunk here, so it is easy to
+ identify exactly what the proposed changes are! Add all new
+ proposals to the end of this list. ]
+
+ *) Fix CAN-2005-2700, mod_ssl SSLVerifyClient bug
+ http://svn.apache.org/viewcvs?rev=264800&view=rev
+ test case: perl-framework/t/security/CAN-2005-2700.t
+ +1: jorton, wrowe
+ wrowe cautions to backport to 2.2.x branch as well.
*) Correct RFC 2616 non-compliance by refusing to proxy a request body
in a TRACE request, unless TraceEnable extended is configured.
full control of TRACE request handling. RFC 2616 does NOT require
TRACE (although to disable remains silly). Current patch at;
http://people.apache.org/~wrowe/httpd-2.0-trace.patch
- +1 wrowe, jimjag
+ +1 wrowe, jimjag, colm
+ colm notes: There are some \n's in apr_table_setn calls that are
+ not consistent with other calls to apr_table_setn.
+ There is no documentation for TraceEnable in trunk to
+ backport, shouldn't release while still undocumented.
*) mod_headers: Support {...}s tag for SSL variable lookup.
http://www.apache.org/~jorton/mod_headers-2.0-ssl.diff
rediffed for 2.0.x as:
http://issues.apache.org/bugzilla/attachment.cgi?id=14804
PR: 34452
- +1: jorton
-
- *) EBCDIC: Handle chunked input from client or, with proxy, origin
- server.
- http://svn.apache.org/viewcvs?rev=178262&view=rev
- (With 2.0.x it is the same code in the same function, but in
- a different source file.)
- +1: trawick, wrowe, nd
-
- *) Support the suppress-error-charset setting, as with Apache 1.3.x.
- PR 31274. (current docs say it works with Apache from 2.0.40 ;) )
- http://svn.apache.org/viewcvs?rev=170354&view=rev
- +1: trawick, jorton, nd
-
- *) mod_mime_magic: Handle CRLF-format magic files so that it works with
- the default installation on Windows.
+ +1: jorton, trawick
+
+ *) mod_mime_magic: Handle CRLF-format^H^H^H^H^H^H^H magic files
+ with any trailing whitespace so that it works with the
+ default installation on Windows.
http://svn.apache.org/viewcvs?rev=179622&view=rev
+ http://svn.apache.org/viewcvs?rev=280114&view=rev
+1: trawick, wrowe
- wrowe asks: is it possible to simply strip trailing whitespace instead
- of special handling for the end of line characters?
- Seems more portable.
- trawick says: makes sense; searching for bandwidth
+ backported 280114 to 2.2.x branch already
*) mod_cache: Fix handling of 'Vary: *". PR 16125.
Trunk: r180341
2.0.x Patch: http://issues.apache.org/bugzilla/attachment.cgi?id=15297
- +1: pquerna
+ +1: pquerna, jerenkrantz, colm
+ jerenkrantz notes: I do prefer the version from r190033 (own if check).
*) mod_ssl: Fix buffering in SSL output filter.
http://svn.apache.org/viewcvs?rev=189971&view=rev
PR: 35279
- +1: jorton
-
- *) mod_include: Fix possible variable corruption with nested
- includes.
- http://svn.apache.org/viewcvs?rev=179763&view=rev
- 2.0.x patch: http://people.apache.org/~jorton/ap_pr12655.patch
- test case in perl-framework/t/modules/include.t
- PR: 12655
- +1: jorton, nd
-
- *) mod_auth_digest: Fix hostinfo validation for CONNECT requests.
- http://svn.apache.org/viewcvs.cgi?rev=193127&view=rev
- +1: jorton, nd
+ +1: jorton, jerenkrantz
*) Reverse Proxy fixes: <Location> bug and Cookie support
Patch is at
and is in production with Clients.
+1: niq, nd
niq: I'm seeing *a lot* of demand for this.
+ jerenkrantz: Didn't a variant of this get committed to trunk?
+ If so, what revision? And, is there a clean patch for
+ 2.0? (The patch in that message isn't clean.)
+
+ *) Block mod_cgid usage on Solaris 10 due to OS bugs. PR 34264.
+ http://svn.apache.org/viewcvs?view=rev&rev=264866
+ +1: jerenkrantz, colm
+
+ *) mod_cgid: Fix PR 36410. Invoke the set_suexec_identity hook from
+ the non-cgid side of the handler, where the full per-server/dir/etc
+ configuration is available instead of using two mod_suexec and
+ mod_userdir specific hacks. See mod_vhost_ldap for an example
+ third-party get_suexec_identity implementation.
+ http://people.apache.org/~colm/2.0.x-suexec-cgid.patch
+ +1: colm
+
+ *) Add ReceiveBufferSize directive to control the TCP receive buffer.
+ code: http://svn.apache.org/viewcvs?view=rev&rev=157583
+ http://svn.apache.org/viewcvs?rev=280401&view=rev
+ docs: http://svn.apache.org/viewcvs?rev=280384&view=rev
+ +1: stas
+ -0: colm
+ colm: It's a useful feature, but TCP window size selection
+ algorithims can be pretty "interesting", probably more
+ 2.2.
+
+ *) mod_ldap: Fix PR 36563. Keep track of the number of attributes
+ retrieved from LDAP so that all of the values can be properly
+ cached even if the value is NULL.
+ http://issues.apache.org/bugzilla/attachment.cgi?id=16429
+ or
+ http://svn.apache.org/viewcvs.cgi?rev=156587&view=rev
+ +1: bnicholes
PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON:
2.0, just let 'em in
-1: wrowe (as nd suggests, leave the dead horse in peace.)
- * Replace some of the mutex locking in the worker MPM with
- atomic operations for higher concurrency.
- server/mpm/worker/fdqueue.c 1.24, 1.25
- +1: brianp, ianh, jjclar
- trawick: Doesn't this make Apache 2.0.next slower except
- when the right atomic operations are available/
- implemented? (Due to under-the-covers mutex
- operations when the dummy atomics are used?)
- pquerna: Has anyone tested the performance differences
- for different platforms? At this point I would
- favour waiting for 2.2.
- -0: stoddard (at least until the performance implications are clarified)
-
- * Allow mod_dav to do weak entity comparison functions.
- modules/dav/main/util.c: r1.45
- [ This one is under review. Don't merge. ]
- +1:
-
- * mod_negotiation: parse quality values independent from
- the current locale and level values as integers. PR 17564.
- (essentially: get a rid of atof()) (2.0 + 1.3)
- modules/mappers/mod_negotiation.c: r1.114
- +1: nd
+ *) Replace some of the mutex locking in the worker MPM with
+ atomic operations for higher concurrency.
+ server/mpm/worker/fdqueue.c 1.24, 1.25
+ +1: brianp, ianh, jjclar
+ trawick: Doesn't this make Apache 2.0.next slower except
+ when the right atomic operations are available/
+ implemented? (Due to under-the-covers mutex
+ operations when the dummy atomics are used?)
+ pquerna: Has anyone tested the performance differences
+ for different platforms? At this point I would
+ favour waiting for 2.2.
+ -0: stoddard (at least until the performance implications are clarified)
+
+ *) Allow mod_dav to do weak entity comparison functions.
+ modules/dav/main/util.c: r1.45
+ [ This one is under review. Don't merge. ]
+ +1:
+
+ *) mod_negotiation: parse quality values independent from
+ the current locale and level values as integers. PR 17564.
+ (essentially: get a rid of atof()) (2.0 + 1.3)
+ modules/mappers/mod_negotiation.c: r1.114
+ +1: nd
We need to decide what happens with unparsable qvalues. RFC 2616
states that q defaults to 1. (see 14.1 - 14.4). So should wrong
qvalues be returned as 1.0 or 0.0 (as atof() did)?
1.0: nd
0.0: jim (a default != an "errored" value)
- * Keep the same SSLMutex for the lifetime of the parent process
- (instead of having children using different mutexes and failing
- to lock the session cache across restarts.)
- New patch forthcoming - JimJag's changes make the merge ugly.
- +1: wrowe
- +1 (concept): jim (final vote when the patch is available)
-
- * Fix the SSLMutex config parser so that all 'mechanisms' can take
- a filename, even if ignored, and they are rooted to the full path
- to the server (except for posixsem locks). This allows a very
- cross-platform default:logs/ssl_mutex to be used everywhere. Also
- eliminates the '.pid' suffix so that the name given is the name.
- Allows Win32 and other non-unicies to use named locks.
- New patch forthcoming - JimJag's changes make the merge ugly.
- +1: wrowe
- +1 (concept): jim (final vote when the patch is available)
-
- * mod_ssl: Drop SSL_EXPERIMENTAL_ENGINE test in favor of testing for the
- ENGINE_init() function in config.m4, and use HAVE_ENGINE_INIT instead.
- wrowe notes that this feature is a noop until configured with SSLEngine.
- http://www.apache.org/~wrowe/have_engine_init.patch for a clean 2.0 patch.
- modules/ssl/README 1.40
- modules/ssl/config.m4 1.14
- modules/ssl/mod_ssl.c 1.79
- modules/ssl/mod_ssl.h 1.135
- modules/ssl/ssl_engine_config.c 1.78
- modules/ssl/ssl_engine_init.c 1.113
- modules/ssl/ssl_toolkit_compat.c 1.33
- +0: wrowe {Pending research into how to get AC to use -lsockets et. al.,
- shows breakage on Solaris which can't -lcrypto -lssl without
- the extra pkgconfig/openssl.pc Libs: * foo }
-
- * mod_ssl: fix a link failure when the openssl-engine libraries are
- present but the engine headers are missing.
- modules/ssl/mod_ssl.c: r1.87
- modules/ssl/mod_ssl.h: r1.139
- modules/ssl/ssl_engine_config.c: r1.82
- PREREQ: Blow away of SSL_EXPERIMENTAL_ENGINE (see above)
- +1: jwoolley, trawick, jim, jerenkrantz
-
- * When UseCanonicalName is set to OFF, allow ap_get_server_port to
- check r->connection->local_addr->port before defaulting to
- server->port or ap_default_port()
- server/core.c r1.247
- +1: bnicholes, jim, wrowe
+ *) Keep the same SSLMutex for the lifetime of the parent process
+ (instead of having children using different mutexes and failing
+ to lock the session cache across restarts.)
+ New patch forthcoming - JimJag's changes make the merge ugly.
+ +1: wrowe
+ +1 (concept): jim (final vote when the patch is available)
+
+ *) Fix the SSLMutex config parser so that all 'mechanisms' can take
+ a filename, even if ignored, and they are rooted to the full path
+ to the server (except for posixsem locks). This allows a very
+ cross-platform default:logs/ssl_mutex to be used everywhere. Also
+ eliminates the '.pid' suffix so that the name given is the name.
+ Allows Win32 and other non-unicies to use named locks.
+ New patch forthcoming - JimJag's changes make the merge ugly.
+ +1: wrowe
+ +1 (concept): jim (final vote when the patch is available)
+
+ *) mod_ssl: Drop SSL_EXPERIMENTAL_ENGINE test in favor of testing for the
+ ENGINE_init() function in config.m4, and use HAVE_ENGINE_INIT instead.
+ wrowe notes that this feature is a noop until configured with SSLEngine.
+ http://www.apache.org/~wrowe/have_engine_init.patch for a clean 2.0 patch.
+ modules/ssl/README 1.40
+ modules/ssl/config.m4 1.14
+ modules/ssl/mod_ssl.c 1.79
+ modules/ssl/mod_ssl.h 1.135
+ modules/ssl/ssl_engine_config.c 1.78
+ modules/ssl/ssl_engine_init.c 1.113
+ modules/ssl/ssl_toolkit_compat.c 1.33
+ +0: wrowe {Pending research into how to get AC to use -lsockets et. al.,
+ shows breakage on Solaris which can't -lcrypto -lssl without
+ the extra pkgconfig/openssl.pc Libs: * foo }
+
+ *) mod_ssl: fix a link failure when the openssl-engine libraries are
+ present but the engine headers are missing.
+ modules/ssl/mod_ssl.c: r1.87
+ modules/ssl/mod_ssl.h: r1.139
+ modules/ssl/ssl_engine_config.c: r1.82
+ PREREQ: Blow away of SSL_EXPERIMENTAL_ENGINE (see above)
+ +1: jwoolley, trawick, jim, jerenkrantz
+
+ *) When UseCanonicalName is set to OFF, allow ap_get_server_port to
+ check r->connection->local_addr->port before defaulting to
+ server->port or ap_default_port()
+ server/core.c r1.247
+ +1: bnicholes, jim, wrowe
0: nd, jerenkrantz
- nd: can the local_addr->port ever be 0?
- bnicholes response: I couldn't tell you for sure if local_addr->port
- could be 0. But it makes sense that if it were then Apache
- wouldn't be listening on any port so it wouldn't matter anyway.
- nd replies: But if it can't be 0 the alternatives thereafter make no
- sense anymore, right?
- jim proposes: UseCanonicalName Client directive
- which implements this, keeping UseCanonicalName Off
- "as is".
-
- * ThreadStackSize for Win32 and threaded MPMs
- trawick will eventually put together a patch for httpd 2.0.next
- +1 concept: trawick, nd, stoddard, wrowe
+ nd: can the local_addr->port ever be 0?
+ bnicholes response: I couldn't tell you for sure if local_addr->port
+ could be 0. But it makes sense that if it were then Apache
+ wouldn't be listening on any port so it wouldn't matter anyway.
+ nd replies: But if it can't be 0 the alternatives thereafter make no
+ sense anymore, right?
+ jim proposes: UseCanonicalName Client directive
+ which implements this, keeping UseCanonicalName Off
+ "as is".
+
+ *) ThreadStackSize for Win32 and threaded MPMs
+ trawick will eventually put together a patch for httpd 2.0.next
+ +1 concept: trawick, nd, stoddard, wrowe
- * don't propagate input headers describing a body to a GET subrequest
- with no body
- http://svn.apache.org/viewcvs?view=rev&rev=158798
- http://svn.apache.org/viewcvs?view=rev&rev=159410
- http://svn.apache.org/viewcvs?view=rev&rev=160573
- +1: gregames
- -1: jerenkrantz (read_length isn't a sufficient check to see if a body
+ *) don't propagate input headers describing a body to a GET subrequest
+ with no body
+ http://svn.apache.org/viewcvs?view=rev&rev=158798
+ http://svn.apache.org/viewcvs?view=rev&rev=159410
+ http://svn.apache.org/viewcvs?view=rev&rev=160573
+ +1: gregames
+ -1: jerenkrantz (read_length isn't a sufficient check to see if a body
is present in the request; presence of T-E and C-L in
the headers is the correct flag.)
- gregames: done in rev 160573
- ±0: wrowe (this has a negative impact on modules who wish to 'inspect'
- the headers, e.g. an xml transformation affected by the query
- string or request POST args. The right solution is adopt apreq,
- providing an API for filters to participate in POST bodies.)
- gregames: this does not affect POSTs. the affected function helps
- create a GET subrequest with no body and is unprepared to deal with
- subrequest bodies. any modules or applications wishing to
- inspect headers will in fact work better because the headers will
- reflect reality.
+ gregames: done in rev 160573
+ ±0: wrowe (this has a negative impact on modules who wish to 'inspect'
+ the headers, e.g. an xml transformation affected by the query
+ string or request POST args. The right solution is adopt apreq,
+ providing an API for filters to participate in POST bodies.)
+ gregames: this does not affect POSTs. the affected function helps
+ create a GET subrequest with no body and is unprepared to deal with
+ subrequest bodies. any modules or applications wishing to
+ inspect headers will in fact work better because the headers will
+ reflect reality.
CURRENT VOTES:
- * Promote mod_ldap and mod_auth_ldap from experimental to
- non experimental status.
- +1: bnicholes, wrowe
- +0: minfrin (wait till the last cache bugs are ironed out)
- -1: jerenkrantz
+ *) Promote mod_ldap and mod_auth_ldap from experimental to
+ non experimental status.
+ +1: bnicholes, wrowe
+ +0: minfrin (wait till the last cache bugs are ironed out)
+ -1: jerenkrantz
- * httpd-std.conf and friends;
+ *) httpd-std.conf and friends;
a) httpd-std.conf should be tailored by install (from src or
binbuild) even if user has existing httpd.conf
include the updated directives and inline comments
that explain the changes and make the 'diff' more useful.
- * If the parent process dies, should the remaining child processes
- "gracefully" self-terminate. Or maybe we should make it a runtime
- option, or have a concept of 2 parent processes (one being a
- "hot spare").
- See: Message-ID: <3C58232C.FE91F19F@Golux.Com>
+ *) If the parent process dies, should the remaining child processes
+ "gracefully" self-terminate. Or maybe we should make it a runtime
+ option, or have a concept of 2 parent processes (one being a
+ "hot spare").
+ See: Message-ID: <3C58232C.FE91F19F@Golux.Com>
- Self-destruct: Ken, Martin
- Not self-destruct: BrianP, Ian, Cliff, BillS
- Make it runtime configurable: Aaron, Justin, wrowe, rederpj, jim, nd
+ Self-destruct: Ken, Martin
+ Not self-destruct: BrianP, Ian, Cliff, BillS
+ Make it runtime configurable: Aaron, Justin, wrowe, rederpj, jim, nd
- /* The below was a concept on *how* to handle the problem */
- Have 2 parents: +1: jim
- -1: Justin, wrowe, rederpj, nd
- +0: Martin (while standing by, could it do
+ /* The below was a concept on *how* to handle the problem */
+ Have 2 parents: +1: jim
+ -1: Justin, wrowe, rederpj, nd
+ +0: Martin (while standing by, could it do
something useful?)
- * Make the worker MPM the default MPM for threaded Unix boxes.
- +1: Justin, Ian, Cliff, BillS, striker
- +0: BrianP, Aaron (mutex contention is looking better with the
- latest code, let's continue tuning and testing), rederpj, jim
- -0: Lars, wrowe (let's make this defacto for the 2.2 release.),
- nd (for 2.0)
+ *) Make the worker MPM the default MPM for threaded Unix boxes.
+ +1: Justin, Ian, Cliff, BillS, striker
+ +0: BrianP, Aaron (mutex contention is looking better with the
+ latest code, let's continue tuning and testing), rederpj, jim
+ -0: Lars, wrowe (let's make this defacto for the 2.2 release.),
+ nd (for 2.0)
RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
test -d docs/conf||$mkdir_p docs/conf
dnl Ensure that the httpd version is included
-HTTPD_VERSION=`build/get-version.sh all include/ap_release.h AP_SERVER`
+HTTPD_VERSION=`$srcdir/build/get-version.sh all $srcdir/include/ap_release.h AP_SERVER`
AC_SUBST(HTTPD_VERSION)
AC_OUTPUT($APACHE_OUTPUT_FILES docs/conf/httpd-std.conf docs/conf/ssl-std.conf include/ap_config_layout.h support/apxs support/apachectl support/dbmmanage support/envvars-std support/log_server_status support/logresolve.pl support/phf_abuse_log.cgi support/split-logfile build/rules.mk build/pkg/pkginfo,[true],[
<h3><a name="suppress-error-charset" id="suppress-error-charset">suppress-error-charset</a></h3>
- <p><em>Available in versions after 2.0.40</em></p>
+ <p><em>Available in versions after 2.0.54</em></p>
<p>When Apache issues a redirect in response to a client request,
the response includes some actual text to be displayed in case
<a href="./ja/env.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
<a href="./ko/env.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
</div>
+<div class="outofdate">Esta traducción podría estar
+ obsoleta. Consulte la versión en inglés de la
+ documentación para comprobar si se han producido cambios
+ recientemente.</div>
<p>El servidor HTTP Apache HTTP ofrece un mecanismo para almacenar
información en variables especiales que se llaman
<a href="./ja/env.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
<a href="./ko/env.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Consultez la version
+ Anglaise pour les changements récents.</div>
<p>Le serveur HTTP Apache permet de conserver et d'utiliser
certaines informations dans des variables appelées <em>variables
<section id="suppress-error-charset">
<title>suppress-error-charset</title>
- <p><em>Available in versions after 2.0.40</em></p>
+ <p><em>Available in versions after 2.0.54</em></p>
<p>When Apache issues a redirect in response to a client request,
the response includes some actual text to be displayed in case
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.es.xsl"?>
-<!-- English Revision: 151405 -->
+<!-- English Revision: 151405:240425 (outdated) -->
<!--
Copyright 2002-2005 The Apache Software Foundation or its licensors,
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.fr.xsl"?>
-<!-- English Revision: 151405 -->
+<!-- English Revision: 151405:240425 (outdated) -->
<!-- French Translation by Vincent Deffontaines, review by alain B -->
<!--
<?xml version="1.0" encoding="iso-2022-jp" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.ja.xsl"?>
-<!-- English Revision: 106090:151405 (outdated) -->
+<!-- English Revision: 106090:240425 (outdated) -->
<!--
Copyright 2002-2004 The Apache Software Foundation
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.ko.xsl"?>
-<!-- English Revision: 106090:151405 (outdated) -->
+<!-- English Revision: 106090:240425 (outdated) -->
<!--
Copyright 2003-2004 The Apache Software Foundation
<variants>
<variant>en</variant>
- <variant>es</variant>
- <variant>fr</variant>
+ <variant outdated="yes">es</variant>
+ <variant outdated="yes">fr</variant>
<variant outdated="yes">ja</variant>
<variant outdated="yes">ko</variant>
</variants>
<a href="./ko/install.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="./ru/install.html" hreflang="ru" rel="alternate" title="Russian"> ru </a></p>
</div>
-<div class="outofdate">Diese Übersetzung ist möglicherweise
- nicht mehr aktuell. Bitte prüfen Sie die englische Version auf
- die neuesten Änderungen.</div>
<p>Dieses Dokument umfaßt nur die Kompilierung und Installation des
Apache auf Unix und Unix-ähnlichen Systemen. Für die
<dd>Für einige Hilfsskripte wie <code class="program"><a href="./programs/apxs.html">apxs</a></code>
oder <code class="program"><a href="./programs/dbmmanage.html">dbmmanage</a></code> (die in Perl
geschrieben sind) wird der Perl 5 Interpreter benötigt (die
- Versionen ab 5.003 sind ausreichend). Wenn kein derartiger Interpreter
- vom <code class="program"><a href="./programs/configure.html">configure</a></code>-Skript gefunden werden kann, macht das
- jedoch nichts. Selbstverständlich können Sie den Apache 2.0
- auch so generieren und installieren. Lediglich diese Pflegeskripte
- können dann nicht verwendet werden. Wenn Sie mehrere Perl
- Interpreter installiert haben (vielleicht Perl 4 durch Ihren
- Händler und Perl 5 durch Sie selbst), dann ist die Verwendung der
- <code>--with-perl</code> Option (siehe unten) empfehlenswert, um
+ Versionen ab 5.003 sind ausreichend). Wenn Sie mehrere Perl
+ Interpreter haben (beispielsweise eine systemweite Installation von
+ Perl 4 und Ihre eigene Perl 5-Installation), dann sollten Sie die
+ <code>--with-perl</code>-Option (siehe unten) verwenden, um
sicherzustellen, dass der richtige Interpreter von
- <code class="program"><a href="./programs/./configure.html">./configure</a></code> ausgewählt wird.</dd>
- </dl>
+ <code class="program"><a href="./programs/configure.html">configure</a></code> ausgewählt wird.
+ Wenn kein Perl 5-Interpreter vom <code class="program"><a href="./programs/configure.html">configure</a></code>-Skript
+ gefunden werden kann, können Sie die betroffenen Hilfsskripte nicht
+ verwenden, sind jedoch selbstverständlich nach wie vor in der Lage,
+ den Apache 2.0 zu bauen und zu installieren.</dd>
+ </dl>
</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
<div class="section">
<h2><a name="download" id="download">Download</a></h2>
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.de.xsl"?>
-<!-- English Revision: 178522:239259 (outdated) -->
+<!-- English Revision: 239259 -->
<!--
- Copyright 2002-2004 The Apache Software Foundation
+ Copyright 2002-2005 The Apache Software Foundation or its licensors,
+ as applicable
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
<dd>Für einige Hilfsskripte wie <program>apxs</program>
oder <program>dbmmanage</program> (die in Perl
geschrieben sind) wird der Perl 5 Interpreter benötigt (die
- Versionen ab 5.003 sind ausreichend). Wenn kein derartiger Interpreter
- vom <program>configure</program>-Skript gefunden werden kann, macht das
- jedoch nichts. Selbstverständlich können Sie den Apache 2.0
- auch so generieren und installieren. Lediglich diese Pflegeskripte
- können dann nicht verwendet werden. Wenn Sie mehrere Perl
- Interpreter installiert haben (vielleicht Perl 4 durch Ihren
- Händler und Perl 5 durch Sie selbst), dann ist die Verwendung der
- <code>--with-perl</code> Option (siehe unten) empfehlenswert, um
+ Versionen ab 5.003 sind ausreichend). Wenn Sie mehrere Perl
+ Interpreter haben (beispielsweise eine systemweite Installation von
+ Perl 4 und Ihre eigene Perl 5-Installation), dann sollten Sie die
+ <code>--with-perl</code>-Option (siehe unten) verwenden, um
sicherzustellen, dass der richtige Interpreter von
- <program>./configure</program> ausgewählt wird.</dd>
- </dl>
+ <program>configure</program> ausgewählt wird.
+ Wenn kein Perl 5-Interpreter vom <program>configure</program>-Skript
+ gefunden werden kann, können Sie die betroffenen Hilfsskripte nicht
+ verwenden, sind jedoch selbstverständlich nach wie vor in der Lage,
+ den Apache 2.0 zu bauen und zu installieren.</dd>
+ </dl>
</section>
<section id="download"><title>Download</title>
<relpath>.</relpath>
<variants>
- <variant outdated="yes">de</variant>
+ <variant>de</variant>
<variant>en</variant>
<variant outdated="yes">es</variant>
<variant outdated="yes">ja</variant>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Modul:</a></th><td>core</td></tr>
</table>
- <p>Die Direktive gibt die Anzahl der <var>Bytes</var> zwischen 0
- und dem Wert der zur Kompilierungszeit definierten Konstante
- <code>DEFAULT_LIMIT_REQUEST_FIELDSIZE</code> (<code>8190</code> bei
- der Auslieferung) an, die in einem HTTP-Header erlaubt sind.</p>
+ <p>Die Direktive gibt die Anzahl der <var>Bytes</var> an, die in einem
+ HTTP-Header erlaubt sind.</p>
<p>Die Direktive <code class="directive">LimitRequestFieldsize</code> erlaubt es
dem Serveradministrator, die maximale Größe eines
- HTTP-Request-Headers auf einen Wert unterhalb der normalen, im Server
- einkompilierten Größe des Eingabepuffers zu verringern.
- Für den Server muss der Wert groß genug sein, um eine beliebige
- Headerzeile einer normalen Client-Anfrage vorzuhalten. Die
- Größe variiert stark zwischen den verschiedenen
- Client-Ausführungen, oft abhängig vom Ausmaß, mit dem
- der Anwender die genaue Content-Negotiation-Unterstützung seines
- Browsers konfiguriert hat.</p>
+ HTTP-Request-Headers zu verringern oder erhöhen. Für den Server
+ muss der Wert groß genug sein, um eine beliebige Headerzeile einer
+ normalen Client-Anfrage vorzuhalten. Die Größe variiert stark
+ zwischen den verschiedenen Client-Ausführungen, oft abhängig vom
+ Ausmaß, mit dem der Anwender die genaue
+ Content-Negotiation-Unterstützung seines Browsers konfiguriert hat.
+ SPNEGO-Authentisierungs-Header können bis zu 12392 Bytes lang
+ sein.</p>
<p>Die Direktive gibt dem Serveradministrator eine größere
Kontrolle gegenüber abnormalem Verhalten von Clients, was bei der
<div class="note">Unter normalen Umständen sollte die Voreinstellung nicht
verändert werden.</div>
+ <div class="note">Sie benötigen mindestens Apache 2.0.53, um das Limit
+ über den einkompilierten Wert von DEFAULT_LIMIT_REQUEST_FIELDSIZE
+ hinaus zu setzen (8190 bei der Auslieferung).</div>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="LimitRequestLine" id="LimitRequestLine">LimitRequestLine</a>-<a name="limitrequestline" id="limitrequestline">Direktive</a></h2>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
</table>
- <p>This directive specifies the number of <var>bytes</var> from 0
- to the value of the compile-time constant
- <code>DEFAULT_LIMIT_REQUEST_FIELDSIZE</code> (8190 as
- distributed) that will be allowed in an HTTP request
- header.</p>
+ <p>This directive specifies the number of <var>bytes</var>
+ that will be allowed in an HTTP request header.</p>
<p>The <code class="directive">LimitRequestFieldSize</code> directive
- allows the server administrator to reduce the limit on the allowed
- size of an HTTP request header field below the normal input buffer
- size compiled with the server. A server needs this value to be
- large enough to hold any one header field from a normal client
- request. The size of a normal request header field will vary
- greatly among different client implementations, often depending
- upon the extent to which a user has configured their browser to
- support detailed content negotiation.</p>
+ allows the server administrator to reduce or increase the limit
+ on the allowed size of an HTTP request header field. A server
+ needs this value to be large enough to hold any one header field
+ from a normal client request. The size of a normal request header
+ field will vary greatly among different client implementations,
+ often depending upon the extent to which a user has configured
+ their browser to support detailed content negotiation. SPNEGO
+ authentication headers can be up to 12392 bytes.</p>
<p>This directive gives the server administrator greater
control over abnormal client request behavior, which may be
<div class="note">Under normal conditions, the value should not be changed from
the default.</div>
+ <div class="note">Apache 2.0.53 or higher is required for increasing the
+ limit above the compiled-in value of DEFAULT_LIMIT_REQUEST_FIELDSIZE
+ (8190 as distributed).
+ </div>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<contextlist><context>server config</context></contextlist>
<usage>
- <p>This directive specifies the number of <var>bytes</var> from 0
- to the value of the compile-time constant
- <code>DEFAULT_LIMIT_REQUEST_FIELDSIZE</code> (8190 as
- distributed) that will be allowed in an HTTP request
- header.</p>
+ <p>This directive specifies the number of <var>bytes</var>
+ that will be allowed in an HTTP request header.</p>
<p>The <directive>LimitRequestFieldSize</directive> directive
- allows the server administrator to reduce the limit on the allowed
- size of an HTTP request header field below the normal input buffer
- size compiled with the server. A server needs this value to be
- large enough to hold any one header field from a normal client
- request. The size of a normal request header field will vary
- greatly among different client implementations, often depending
- upon the extent to which a user has configured their browser to
- support detailed content negotiation.</p>
+ allows the server administrator to reduce or increase the limit
+ on the allowed size of an HTTP request header field. A server
+ needs this value to be large enough to hold any one header field
+ from a normal client request. The size of a normal request header
+ field will vary greatly among different client implementations,
+ often depending upon the extent to which a user has configured
+ their browser to support detailed content negotiation. SPNEGO
+ authentication headers can be up to 12392 bytes.</p>
<p>This directive gives the server administrator greater
control over abnormal client request behavior, which may be
<note>Under normal conditions, the value should not be changed from
the default.</note>
+ <note>Apache 2.0.53 or higher is required for increasing the
+ limit above the compiled-in value of DEFAULT_LIMIT_REQUEST_FIELDSIZE
+ (8190 as distributed).
+ </note>
+
</usage>
</directivesynopsis>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.de.xsl"?>
-<!-- English Revision: 167961 -->
+<!-- English Revision: 279024 -->
<!--
Copyright 2003-2004 The Apache Software Foundation
<contextlist><context>server config</context></contextlist>
<usage>
- <p>Die Direktive gibt die Anzahl der <var>Bytes</var> zwischen 0
- und dem Wert der zur Kompilierungszeit definierten Konstante
- <code>DEFAULT_LIMIT_REQUEST_FIELDSIZE</code> (<code>8190</code> bei
- der Auslieferung) an, die in einem HTTP-Header erlaubt sind.</p>
+ <p>Die Direktive gibt die Anzahl der <var>Bytes</var> an, die in einem
+ HTTP-Header erlaubt sind.</p>
<p>Die Direktive <directive>LimitRequestFieldsize</directive> erlaubt es
dem Serveradministrator, die maximale Größe eines
- HTTP-Request-Headers auf einen Wert unterhalb der normalen, im Server
- einkompilierten Größe des Eingabepuffers zu verringern.
- Für den Server muss der Wert groß genug sein, um eine beliebige
- Headerzeile einer normalen Client-Anfrage vorzuhalten. Die
- Größe variiert stark zwischen den verschiedenen
- Client-Ausführungen, oft abhängig vom Ausmaß, mit dem
- der Anwender die genaue Content-Negotiation-Unterstützung seines
- Browsers konfiguriert hat.</p>
+ HTTP-Request-Headers zu verringern oder erhöhen. Für den Server
+ muss der Wert groß genug sein, um eine beliebige Headerzeile einer
+ normalen Client-Anfrage vorzuhalten. Die Größe variiert stark
+ zwischen den verschiedenen Client-Ausführungen, oft abhängig vom
+ Ausmaß, mit dem der Anwender die genaue
+ Content-Negotiation-Unterstützung seines Browsers konfiguriert hat.
+ SPNEGO-Authentisierungs-Header können bis zu 12392 Bytes lang
+ sein.</p>
<p>Die Direktive gibt dem Serveradministrator eine größere
Kontrolle gegenüber abnormalem Verhalten von Clients, was bei der
<note>Unter normalen Umständen sollte die Voreinstellung nicht
verändert werden.</note>
+
+ <note>Sie benötigen mindestens Apache 2.0.53, um das Limit
+ über den einkompilierten Wert von DEFAULT_LIMIT_REQUEST_FIELDSIZE
+ hinaus zu setzen (8190 bei der Auslieferung).</note>
</usage>
</directivesynopsis>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.es.xsl"?>
-<!-- English Revision: 151420:167961 (outdated) -->
+<!-- English Revision: 151420:279024 (outdated) -->
<!--
Copyright 2005 The Apache Software Foundation or it licensors,
<?xml version="1.0" encoding="iso-2022-jp"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 106090:167961 (outdated) -->
+<!-- English Revision: 106090:279024 (outdated) -->
<!--
Copyright 2003-2004 The Apache Software Foundation
<a href="./ko/stopping.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="./ru/stopping.html" hreflang="ru" rel="alternate" title="Russian"> ru </a></p>
</div>
-<div class="outofdate">Diese Übersetzung ist möglicherweise
- nicht mehr aktuell. Bitte prüfen Sie die englische Version auf
- die neuesten Änderungen.</div>
<p>Dieses Dokument umfasst das Beenden und Neustarten des
Apache auf Unix-ähnlichen Systemen. Anwender von Windows NT, 2000
beschleunigen, entsprechend weitere erstellt. Auf diese Weise versucht
der Code sowohl die Anzahl der Kinder entsprechend der Serverlast
anzupassen als auch Ihre Wünsche hinsichtlich des Parameters
- <code class="directive">StartServers</code> zu berücksichtigen.</p>
+ <code class="directive"><a href="./mod/mpm_common.html#startservers">StartServers</a></code> zu
+ berücksichtigen.</p>
<p>Benutzer von <code class="module"><a href="./mod/mod_status.html">mod_status</a></code> werden feststellen,
dass die Serverstatistiken <strong>nicht</strong> auf Null
<p>Vor der Version 1.2b9 des Apache existierten verschiedene
<em>Wettkampfsituationen</em> (race conditions), die den Neustart und
- die Signale beeinflußt haben. (Eine einfache Beschreibung einer
- Wettkampfsituation lautet: es ist ein zeitabhängiges Problem; wenn
- etwas zum falschen Zeitpunkt erfolgt, wird es sich nicht wie erwartet
- verhalten.) Bei Architekturen mit dem "richtigen" Funktionsumfang
+ die Signale beeinflußt haben. (Einfach erklärt ist eine
+ Wettkampfsituation ein zeitabhängiges Problem - wenn
+ etwas zum falschen Zeitpunkt erfolgt oder Dinge in der falschen
+ Reihenfolge passieren, ist unerwartetes Verhalten die Folge. Wenn die
+ gleichen Dinge zur richtigen Zeit geschehen, funktioniert alles korrekt.)
+ Bei Architekturen mit dem "richtigen" Funktionsumfang
haben wir so viele eliminiert wie wir nur konnten. Dennoch
sollte beachtet werden, dass noch immer Wettkampfsituationen auf
bestimmten Architekturen existieren.</p>
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.de.xsl"?>
-<!-- English Revision: 151405:239259 (outdated) -->
+<!-- English Revision: 239259 -->
<!--
- Copyright 2002-2004 The Apache Software Foundation
+ Copyright 2002-2005 The Apache Software Foundation or its licensors,
+ as applicable
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
beschleunigen, entsprechend weitere erstellt. Auf diese Weise versucht
der Code sowohl die Anzahl der Kinder entsprechend der Serverlast
anzupassen als auch Ihre Wünsche hinsichtlich des Parameters
- <directive>StartServers</directive> zu berücksichtigen.</p>
+ <directive module="mpm_common">StartServers</directive> zu
+ berücksichtigen.</p>
<p>Benutzer von <module>mod_status</module> werden feststellen,
dass die Serverstatistiken <strong>nicht</strong> auf Null
<p>Vor der Version 1.2b9 des Apache existierten verschiedene
<em>Wettkampfsituationen</em> (race conditions), die den Neustart und
- die Signale beeinflußt haben. (Eine einfache Beschreibung einer
- Wettkampfsituation lautet: es ist ein zeitabhängiges Problem; wenn
- etwas zum falschen Zeitpunkt erfolgt, wird es sich nicht wie erwartet
- verhalten.) Bei Architekturen mit dem "richtigen" Funktionsumfang
+ die Signale beeinflußt haben. (Einfach erklärt ist eine
+ Wettkampfsituation ein zeitabhängiges Problem - wenn
+ etwas zum falschen Zeitpunkt erfolgt oder Dinge in der falschen
+ Reihenfolge passieren, ist unerwartetes Verhalten die Folge. Wenn die
+ gleichen Dinge zur richtigen Zeit geschehen, funktioniert alles korrekt.)
+ Bei Architekturen mit dem "richtigen" Funktionsumfang
haben wir so viele eliminiert wie wir nur konnten. Dennoch
sollte beachtet werden, dass noch immer Wettkampfsituationen auf
bestimmten Architekturen existieren.</p>
<relpath>.</relpath>
<variants>
- <variant outdated="yes">de</variant>
+ <variant>de</variant>
<variant>en</variant>
<variant outdated="yes">es</variant>
<variant outdated="yes">ja</variant>
* 20020903.9 (2.0.51-dev) create pcommands and initialize arrays before
* calling ap_setup_prelinked_modules
* 20020903.10 (2.0.55-dev) added ap_get_server_revision / ap_version_t
+ * add ap_log_cerror()
*/
#define MODULE_MAGIC_COOKIE 0x41503230UL /* "AP20" */
char **response_code_strings; /* from ap_custom_response(), not from
* ErrorDocument
*/
+ /* Should addition of charset= be suppressed for this request?
+ */
+ int suppress_charset;
} core_request_config;
/* Standard entries that are guaranteed to be accessible via
#endif /* CORE_PRIVATE */
/*
- * The three primary logging functions, ap_log_error, ap_log_rerror, and
- * ap_log_perror use a printf style format string to build the log message.
+ * The primary logging functions, ap_log_error, ap_log_rerror, ap_log_cerror,
+ * and ap_log_perror use a printf style format string to build the log message.
* It is VERY IMPORTANT that you not include any raw data from the network,
* such as the request-URI or request header fields, within the format
* string. Doing so makes the server vulnerable to a denial-of-service
*/
/**
- * One of the primary logging routines in Apache. This uses a printf-like
- * format to log messages to the error_log.
+ * ap_log_error() - log messages which are not related to a particular
+ * request or connection. This uses a printf-like format to log messages
+ * to the error_log.
* @param file The file in which this function is called
* @param line The line number on which this function is called
* @param level The level of this error message
* @param fmt The format string
* @param ... The arguments to use to fill out fmt.
* @tip Use APLOG_MARK to fill out file and line
+ * @tip If a request_rec is available, use that with ap_log_rerror()
+ * in preference to calling this function. Otherwise, if a conn_rec is
+ * available, use that with ap_log_cerror() in preference to calling
+ * this function.
* @warning It is VERY IMPORTANT that you not include any raw data from
* the network, such as the request-URI or request header fields, within
* the format string. Doing so makes the server vulnerable to a
__attribute__((format(printf,6,7)));
/**
- * The second of the primary logging routines in Apache. This uses
- * a printf-like format to log messages to the error_log.
+ * ap_log_perror() - log messages which are not related to a particular
+ * request, connection, or virtual server. This uses a printf-like
+ * format to log messages to the error_log.
* @param file The file in which this function is called
* @param line The line number on which this function is called
* @param level The level of this error message
__attribute__((format(printf,6,7)));
/**
- * The last of the primary logging routines in Apache. This uses
- * a printf-like format to log messages to the error_log.
+ * ap_log_rerror() - log messages which are related to a particular
+ * request. This uses a a printf-like format to log messages to the
+ * error_log.
* @param file The file in which this function is called
* @param line The line number on which this function is called
* @param level The level of this error message
* @param status The status code from the previous command
- * @param s The request which we are logging for
+ * @param r The request which we are logging for
* @param fmt The format string
* @param ... The arguments to use to fill out fmt.
* @tip Use APLOG_MARK to fill out file and line
* denial-of-service attack and other messy behavior. Instead, use a
* simple format string like "%s", followed by the string containing the
* untrusted data.
- * @deffunc void ap_log_rerror(const char *file, int line, int level, apr_status_t status, request_rec *r, const char *fmt, ...)
+ * @deffunc void ap_log_rerror(const char *file, int line, int level, apr_status_t status, const request_rec *r, const char *fmt, ...)
*/
AP_DECLARE(void) ap_log_rerror(const char *file, int line, int level,
apr_status_t status, const request_rec *r,
const char *fmt, ...)
__attribute__((format(printf,6,7)));
+/**
+ * ap_log_cerror() - log messages which are related to a particular
+ * connection. This uses a a printf-like format to log messages to the
+ * error_log.
+ * @param file The file in which this function is called
+ * @param line The line number on which this function is called
+ * @param level The level of this error message
+ * @param status The status code from the previous command
+ * @param c The connection which we are logging for
+ * @param fmt The format string
+ * @param ... The arguments to use to fill out fmt.
+ * @tip Use APLOG_MARK to fill out file and line
+ * @tip If a request_rec is available, use that with ap_log_rerror()
+ * in preference to calling this function.
+ * @warning It is VERY IMPORTANT that you not include any raw data from
+ * the network, such as the request-URI or request header fields, within
+ * the format string. Doing so makes the server vulnerable to a
+ * denial-of-service attack and other messy behavior. Instead, use a
+ * simple format string like "%s", followed by the string containing the
+ * untrusted data.
+ * @note ap_log_cerror() is available starting with Apache 2.0.55.
+ * @deffunc void ap_log_cerror(const char *file, int line, int level, apr_status_t status, const conn_rec *c, const char *fmt, ...)
+ */
+AP_DECLARE(void) ap_log_cerror(const char *file, int line, int level,
+ apr_status_t status, const conn_rec *c,
+ const char *fmt, ...)
+ __attribute__((format(printf,6,7)));
+
/**
* Convert stderr to the error log
* @param s The current server
else {
dst->query = src->query;
}
+
+ dst->hostinfo = src->hostinfo;
}
/* These functions return 0 if client is OK, and proper error status
}
if (r->method_number == M_CONNECT) {
- if (strcmp(resp->uri, r_uri.hostinfo)) {
+ if (!r_uri.hostinfo || strcmp(resp->uri, r_uri.hostinfo)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Digest: uri mismatch - <%s> does not match "
"request-uri <%s>", resp->uri, r_uri.hostinfo);
return DECLINED;
}
+ /*
+ * It is possible that we've skipped mod_auth_ldap's
+ * check_user_id hook, but still get here. In that
+ * case, the req request_config struct hasn't been initialized
+ * causing problems when we try to use req->dn and/or req->name
+ * below. So we simply create one.
+ *
+ * Unlike 2.2, we don't try to search or populate it.
+ */
+ if (!req) {
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
+ "[%d] auth_ldap authorise: "
+ "no req struct - skipped mod_auth_ldap_check_user_id?",
+ getpid());
+
+ req = (mod_auth_ldap_request_t *)apr_pcalloc(r->pool,
+ sizeof(mod_auth_ldap_request_t));
+ ap_set_module_config(r->request_config, &auth_ldap_module, req);
+ }
+
if (sec->host) {
ldc = util_ldap_connection_find(r, sec->host, sec->port,
sec->binddn, sec->bindpw, sec->deref,
}
}
else if (strcmp(w, "ldap-attribute") == 0) {
+ if (req->dn == NULL || strlen(req->dn) == 0) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
+ "[%d] auth_ldap authorise: "
+ "require ldap-attribute: user's DN has not been defined; failing authorisation",
+ getpid());
+ return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
+ }
while (t[0]) {
w = ap_getword(r->pool, &t, '=');
value = ap_getword_conf(r->pool, &t);
CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr,
*inserted_head);
}
-
- /* destroy the sub request */
- if (rr != NULL) {
- ap_destroy_sub_req(rr);
- }
+
+ /* Do *not* destroy the subrequest here; it may have allocated
+ * variables in this r->subprocess_env in the subrequest's
+ * r->pool, so that pool must survive as long as this request.
+ * Yes, this is a memory leak. */
}
else {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
nph = !(strncmp(argv0, "nph-", 4));
- if ((argv0 = strrchr(r->filename, '/')) != NULL)
- argv0++;
- else
- argv0 = r->filename;
+ argv0 = r->filename;
if (!(ap_allow_options(r) & OPT_EXECCGI) && !is_scriptaliased(r))
return log_scripterror(r, conf, HTTP_FORBIDDEN, 0,
long chunksize = 0;
size_t chunkbits = sizeof(long) * 8;
+ ap_xlate_proto_from_ascii(b, strlen(b));
+
/* Skip leading zeros */
while (*b == '0') {
++b;
r->content_languages = NULL;
r->content_encoding = NULL;
r->clength = 0;
- ap_set_content_type(r, "text/html; charset=iso-8859-1");
+
+ if (apr_table_get(r->subprocess_env,
+ "suppress-error-charset") != NULL) {
+ core_request_config *request_conf =
+ ap_get_module_config(r->request_config, &core_module);
+ request_conf->suppress_charset = 1; /* avoid adding default
+ * charset later
+ */
+ ap_set_content_type(r, "text/html");
+ }
+ else {
+ ap_set_content_type(r, "text/html; charset=iso-8859-1");
+ }
if ((status == HTTP_METHOD_NOT_ALLOWED)
|| (status == HTTP_NOT_IMPLEMENTED)) {
for ( ; *path; ++path) {
if (*path == '\\')
++path;
- if (path != '\0' && strchr(FTP_GLOBBING_CHARS, *path) != NULL)
+ if (*path != '\0' && strchr(FTP_GLOBBING_CHARS, *path) != NULL)
return TRUE;
}
return FALSE;
rv = apr_bucket_read(bucket, &buf, &len,
APR_BLOCK_READ);
if (rv != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv,
- c->base_server, "core_output_filter:"
- " Error reading from bucket.");
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, rv,
+ c, "core_output_filter:"
+ " Error reading from bucket.");
return HTTP_INTERNAL_SERVER_ERROR;
}
}
}
if (rv != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server,
- "core_output_filter: writing data to the network");
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, rv, c,
+ "core_output_filter: writing data to the network");
if (more)
apr_brigade_destroy(more);
static int core_pre_connection(conn_rec *c, void *csd)
{
core_net_rec *net = apr_palloc(c->pool, sizeof(*net));
+ apr_status_t rv;
#ifdef AP_MPM_DISABLE_NAGLE_ACCEPTED_SOCK
/* BillS says perhaps this should be moved to the MPMs. Some OSes
* accept sockets which means this call only needs to be made
* once on the listener
*/
- ap_sock_disable_nagle(csd);
+ /* The Nagle algorithm says that we should delay sending partial
+ * packets in hopes of getting more data. We don't want to do
+ * this; we are not telnet. There are bad interactions between
+ * persistent connections and Nagle's algorithm that have very severe
+ * performance penalties. (Failing to disable Nagle is not much of a
+ * problem with simple HTTP.)
+ */
+ rv = apr_socket_opt_set(csd, APR_TCP_NODELAY, 1);
+ if (rv != APR_SUCCESS && rv != APR_ENOTIMPL) {
+ /* expected cause is that the client disconnected already,
+ * hence the debug level
+ */
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
+ "apr_socket_opt_set(APR_TCP_NODELAY)");
+ }
#endif
net->c = c;
net->in_ctx = NULL;
static void log_error_core(const char *file, int line, int level,
apr_status_t status, const server_rec *s,
+ const conn_rec *c,
const request_rec *r, apr_pool_t *pool,
const char *fmt, va_list args)
{
const char *referer;
int level_and_mask = level & APLOG_LEVELMASK;
+ if (r && r->connection) {
+ c = r->connection;
+ }
+
if (s == NULL) {
/*
* If we are doing stderr logging (startup), don't log messages that are
}
#endif /* TPF */
- if (r && r->connection) {
+ if (c) {
/* XXX: TODO: add a method of selecting whether logged client
* addresses are in dotted quad or resolved form... dotted
* quad is the most secure, which is why I'm implementing it
* first. -djg
*/
len += apr_snprintf(errstr + len, MAX_STRING_LEN - len,
- "[client %s] ", r->connection->remote_ip);
+ "[client %s] ", c->remote_ip);
}
if (status != 0) {
if (status < APR_OS_START_EAIERR) {
va_list args;
va_start(args, fmt);
- log_error_core(file, line, level, status, s, NULL, NULL, fmt, args);
+ log_error_core(file, line, level, status, s, NULL, NULL, NULL, fmt, args);
va_end(args);
}
va_list args;
va_start(args, fmt);
- log_error_core(file, line, level, status, NULL, NULL, p, fmt, args);
+ log_error_core(file, line, level, status, NULL, NULL, NULL, p, fmt, args);
va_end(args);
}
va_list args;
va_start(args, fmt);
- log_error_core(file, line, level, status, r->server, r, NULL, fmt, args);
+ log_error_core(file, line, level, status, r->server, NULL, r, NULL, fmt,
+ args);
/*
* IF APLOG_TOCLIENT is set,
va_end(args);
}
+AP_DECLARE(void) ap_log_cerror(const char *file, int line, int level,
+ apr_status_t status, const conn_rec *c,
+ const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ log_error_core(file, line, level, status, c->base_server, c, NULL, NULL,
+ fmt, args);
+ va_end(args);
+}
+
AP_DECLARE(void) ap_log_pid(apr_pool_t *p, const char *filename)
{
apr_file_t *pid_file = NULL;
core_dir_config *conf =
(core_dir_config *)ap_get_module_config(r->per_dir_config,
&core_module);
+ core_request_config *request_conf;
apr_size_t type_len;
if (!type) {
return type;
}
+ request_conf =
+ ap_get_module_config(r->request_config, &core_module);
+ if (request_conf->suppress_charset) {
+ return type;
+ }
+
type_len = strlen(type);
if (apr_strmatch(charset_pattern, type, type_len) != NULL) {
projects / thirdparty / apache / httpd.git / commitdiff
