Implemented ap_os_default_port() to allow NetWare to resolve the correct
default port based on the request method. This fixes a problem with URL
reconstruction on a redirect.
Jim Jagielski [Sun, 8 Dec 2002 19:09:55 +0000 (19:09 +0000)]
*) Added new ap_register_cleanup_ex() API function which allows
for a "magic" cleanup function to be run at register time
rather than at cleanup time. Also added the
ap_note_cleanups_for_(socket|fd|file)_ex() API functions
which allows for control over whether that magic cleanup
should be called or not. This does not change the default
behavior of the non-"ex" function (eg: ap_register_cleanup).
At present, the magic cleanup is simply code that performs
a CLOSEXEC, but that can be modified (hmmm... maybe an
API issue?)
PR:
Obtained from:
Submitted by:
Reviewed by: Martin
We shouldn't be assigning the output of strtol to an unsigned short. So,
we'll change port to be a long and then do the correct range checking and
downcasting.
Bill Stoddard [Tue, 12 Nov 2002 22:44:06 +0000 (22:44 +0000)]
Update timeout algorithm in free_proc_chain. Try polling the existing subprocess
a few times before going into a 3 second sleep. Often we find that the subprocess
will exit within milliseconds.
Ken Coar [Tue, 12 Nov 2002 19:59:16 +0000 (19:59 +0000)]
Add a SERVER_ADDR keyword to match the CGI environment variable,
to allow conditional setting according to the IP address on
which the server received the request.
Martin Kraemer [Fri, 25 Oct 2002 21:12:23 +0000 (21:12 +0000)]
csd and dupped_csd are sockets, so they ought to handled in ap_note_cleanups_for_socket().
(Not noticed before because ap_note_cleanups_for_socket() and ap_note_cleanups_for_fd() simply close the fd,
except for OSs where closesocket() in different from close())
Martin Kraemer [Mon, 21 Oct 2002 13:41:57 +0000 (13:41 +0000)]
When we detect a child exiting with APEXIT_CHILDFATAL in process_child_status(),
we simply exit(). Remove the pid file too, because it makes no sense after
the parent has terminated.
I assume that a better strategy here would be to kill(getpid(), SIGTERM) to
enforce a regular shutdown sequence, killing the other child processes too.
At the moment, they might be left running and blocking the server socket.
Martin Kraemer [Thu, 10 Oct 2002 16:36:21 +0000 (16:36 +0000)]
Some versions of tr (noticed on a special Solaris8 version) fail to accept
the "tr '[a-z]' '[A-Z]'" syntax. Fall back to some heuristics to create
a workable ap_config_auto.h anyway.
Jim Jagielski [Thu, 3 Oct 2002 20:51:53 +0000 (20:51 +0000)]
Sometimes I'm a dope. No need to allocate a bunch a space... we just
want to see if there's any whitespace past the number.
PR:
Obtained from:
Submitted by:
Reviewed by:
Jeff Trawick [Thu, 3 Oct 2002 19:58:09 +0000 (19:58 +0000)]
PORT: Enable SINGLE_LISTEN_UNSERIALIZED_ACCEPT for AIX 4.3.2
and above. Rewrite configure logic for modern levels of
AIX to support future releases of AIX with no changes to
Apache.
This is basically a housekeeping matter to avoid having separate
stanzas for each AIX release and to add some finer detail to
the -DAIX=xxx value so that we know when to enable
SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
I suspect that this fixes the recognition of AIX on ia64, but
nobody complained when it was broken and I don't know where to
find such a beast.
Scratch another its - this patchs allows me to hugely simply auth modules
which use non 4xx methods for auth (such as cookies, referers ,etc).
Submitted by Sander van Zoest (for a slightly different reason) - see
explanation below.
From: Sander van Zoest
To: dev@httpd.apache.org
It is common practice to set Cookie's to pass along on HTTP
redirects for "login" authentication.
When implementing P3P <http://www.w3.org/P3P/> using
mod_headers.c the Header directive only sets r->headers_out
and does not pass the headers along for non-2XX responses
such as error pages and redirects.
To provide this functionality we added the ErrorHeader
directive which populates r->err_headers_out instead.
Below follows a patch for 1.3.X by Michael Radwin <radwin_at_yahoo-inc.com>.
I have some code that attempts to add Directive to 2.0.X, but
it seems that output_filters are shortcuted on 3XX responses.
While now by setting the Header directive it also passes the headers
along at for all non-2XX responses except 3XX responses.
Cheers,
--
Sander van Zoest
PR: 9181
Obtained from: Michael Radwin
Submitted by: Sander van Zoest
Reviewed by: Dirk-Willem van Gulik
Scratched a major itch - got bitten by config directory globbing sucking
in an editor backup file once too many. Applied the patch as submitted
by Sander van Zoest (Bug id 12712) whichs makes it possible to limit
the scope with simple but effective wild cards.
PR: 12712
Obtained from: Sander van Zoest
Submitted by: Sander van Zoest
Reviewed by: Dirk-Willem van Gulik
Scratched a major itch - got bitten by config directory globbing sucking
in an editor backup file once too many. Applied the patch as submitted
by Sander van Zoest (Bug id 12712) whichs makes it possible to limit
the scope with simple but effective wild cards.
Jim Jagielski [Sat, 21 Sep 2002 17:18:34 +0000 (17:18 +0000)]
Add the ShmemUIDisUser directive and logic. Apache does not require
that the SysV shared memory segment be reset to the uid/gid of
User/Group. In fact, it's not wise that it do so. However, there are
some 3rd party "add ons" that require/expect this behavior...
So allow admins to do so, assuming they know the impacts.
PR:
Obtained from:
Submitted by:
Reviewed by:
Jim Jagielski [Thu, 5 Sep 2002 19:53:35 +0000 (19:53 +0000)]
Hmm... We need to also address the fact that the response may have
no Content-Length at all, but the cached info does (think 304). We
also need to update the cache file if we update/use the old c-l
value (the previously stored values are bogus).
PR:
Obtained from:
Submitted by:
Reviewed by:
Jim Jagielski [Thu, 5 Sep 2002 14:19:19 +0000 (14:19 +0000)]
When the cache would validate 304 responses from back-end server, it would
incorrectly set the content-length value to 0 (from the 304 response)
instead of keeping the original value.
PR: Bugz 10128
Obtained from:
Submitted by: Paul Terry <paul.terry@gmx.net> and ast@domdv.de
Reviewed by:
Graham Leggett [Tue, 3 Sep 2002 07:12:46 +0000 (07:12 +0000)]
Fix a problem in proxy where headers from other modules were
added to the response headers when this was already done in the
core already. This resulted in header (and therefore cookie)
duplication.
PR:
Obtained from:
Submitted by: Martijn Schoemaker <martijn@osp.nl>
Reviewed by: Graham Leggett
- Fix segfault on strlen computation on the empty string in vlv case
- If the etag is "", don't set the ETag header to be "" - leave the
header NULL instead.
Andrew's patch would change ap_meets_condition to accept "", but Justin
thinks it would be better just to sidestep it all together and not set
ETag when it would be "".
(Backport of patch applied to httpd-2.0 as original 1.3 code has the
same flaws.)
PR: 12202
Submitted by: Andrew Ho <andrew@tellme.com>
Ken Coar [Mon, 12 Aug 2002 19:19:03 +0000 (19:19 +0000)]
Add a new environment variable to keep the charset from being
included on canned error documents. (Having it there make
some browsers apply it to the redirect target document.)
Reviewed by: Bill Stoddard, Jim Jagielski, Justin Erenkrantz, Cliff Woolley
Mark J. Cox [Tue, 30 Jul 2002 13:08:04 +0000 (13:08 +0000)]
Add 3 new CVE names for old (circa 2000) security issues; rearrange
security changes so they are consistant
PR:
Obtained from:
Submitted by:
Reviewed by:
Martin Kraemer [Mon, 22 Jul 2002 16:26:03 +0000 (16:26 +0000)]
Tomcat with mod_jk2 sometimes omits the Reason-Phrase from the
response line ("HTTP/1.1 200 \r\n"). It looks like RFC2616 allows this,
but ap_getline() strips the trailing blank, and that lead to
an error in ap_proxy_read_response_line() for proxy-requests to
Tomcat+mod_jk2 servers. (It replaced the NIL after the "200" by
a space, and so the resulting response line had an extra NL appended).
Now the SP character which was deleted by ap_getline() is reappended,
avoiding the erroneous '\0'->' ' change, and preserving RFC2616's
requirement
Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF
Reason-Phrase = *<TEXT, excluding CR, LF>
(thus there is now always a SP after the Status-Code).
Scratching an old itch. Rather than cause a WARNING: in the log
with the value at startup - have a method to find the value without
actually really running it (or binding ot ports, touching logs, etc).
Jim Jagielski [Tue, 9 Jul 2002 14:47:24 +0000 (14:47 +0000)]
Allow for null/all-whitespace C-L fields as we did pre-1.3.26. However,
we do not allow for the total bogusness of values for C-L, just this
one special case. IMO a C-L field of "iloveyou" is bogus as is one
of "123yabbadabbado", which older versions appear to have allowed
(and in the 1st case, assume 0 and in the 2nd assume 123). Didn't
make sense to make this runtime, but a documented special case
instead.
PR:
Obtained from:
Submitted by:
Reviewed by:
Jim Jagielski [Mon, 8 Jul 2002 18:06:55 +0000 (18:06 +0000)]
Add ProtocolReqCheck directive, which determines if Apache will
check for a valid protocol string in the request (eg: HTTP/1.1)
and return HTTP_BAD_REQUEST if not valid. Versions of Apache
prior to 1.3.26 would silently ignore bad protocol strings, but
1.3.26 included a more strict check. This makes it runtime
configurable. The default is On. This also removes the requirement
on an ANSI sscanf() implementation.
Mark J. Cox [Thu, 27 Jun 2002 11:01:57 +0000 (11:01 +0000)]
Be consistant when highlighting security changes, check the CVE names
and add some missing ones (I applied a while ago for the remaining
CVE names for older issues, but since these are pre-2000 they are low
priority)
PR:
Obtained from:
Submitted by:
Reviewed by:
projects / thirdparty / apache / httpd.git / log
