I know Stoddard fixed this other bullet - would someone with a long
memory (Jim? Marc?) be willing to get rid of a few more now-dead items?
I'm not certain on the others, but there are several bullets that look
like they've been addressed, or are no longer relevant.
Fix a very irritating nit - this was the 1.3.20 code - there was no
call for changing the formatting when the patch to add another platform
in the #if case was modified.
Revert the code causing lost path_info/query_args.
The potentially correct solution is to test the URI with recombined
path_info and args, but I'd rather see this reverted for 1.3 and
corrected in 2.0 with appropriate optimizations and user testing.
Bill Stoddard [Fri, 30 Nov 2001 14:08:44 +0000 (14:08 +0000)]
Modify buff.h and buff.c to enable modules to intercept the
output byte stream for dynamic page caching. A pointer to a
'filter callback' function is added to the end of buff.h.
This function, if registered by a module, is called
at the top of buff_write() and writev_it_all().
MMN Minor bumped.
Obtained from: [Kevin Mallory <kmallory@spidercache.com>
Reviewed by: Bill Stoddard
Correct mod_autoindex's test of the query string's requested ordering.
This patch is a bit more paranoid than Kestutis's, but this is user
supplied input, so a bit of paranoia is healthy.
dgaudet [Sun, 11 Nov 2001 19:46:41 +0000 (19:46 +0000)]
rev 1.248 of this file removed the default locking mechanism
from unixware 7.0. instead it should have just defined
SINGLE_LISTEN_UNSERIALIZED_ACCEPT (since locking is always required for
multiple sockets).
Same IDE enforcement of InstallBin as the 'default' project from the 2.0
tree, so when the user first confronts Apache sources they have the right
top-level project.
Prevent an Apache module from being loaded or added twice due
to duplicate LoadModule or AddModule directives (or a missing
ClearModuleList directive).
LoadModule dupcheck (for 2.0) by Brian Pane <bpane@pacbell.net>
Ported and added AddModule dupcheck by Will Rowe
Identified by an old collegue of Will's who tripped over this.
Ken Coar [Fri, 26 Oct 2001 18:05:26 +0000 (18:05 +0000)]
Some platforms varf on a setgid(-1) and hence httpd will fall
over immediately after being started. However, since
'Group #-1' is syntactically correct, apachectl won't catch
this and will assume the server started successfully. This
checkgid app will return -1 if any of the Apache-understandable
group values (i.e., name or "#n") are invalid. apachestl still
needs to be enhanced to use this.
Jeff Trawick [Thu, 18 Oct 2001 15:25:26 +0000 (15:25 +0000)]
HP-UX requires DSOs to be executable. "make install" takes care of
this, but binbuild-install.sh does not. This patch tweaks
install-bindist.sh to make the DSOs executable. As with "make
install", the DSOs will be marked executable for all platforms, not
just HP-UX. (Actually, install-sh is invoked by "make install" a
little differently for DSOs on rhapsody/darwin, but there is no
special processing for rhapsody/darwin in install-bindist.sh
currently so they shouldn't be hurt by the change below.)
Bill Stoddard [Wed, 17 Oct 2001 14:45:29 +0000 (14:45 +0000)]
Win32: The Apache Win32 developers generally recommend that
MaxRequestsPerChild be set to 0 to prevent the child process
from ever recycling. However, for those that do require a
non-zero setting, this patch fixes a serious bug that can cause
an apparent 'server-hang' condition where the server stops
responding to requests for a period of time. Prior to this
fix, when the child process handled MaxRequestsPerChild
connnections, the child process would stop accepting new
connections and begin allowing inactive threads to exit. The
problem was that a new process would not be created to begin
handling requests until the old process fully exited. The old
process can take an indeterminate amount of time to exit because
it may be sending large responses to clients connected over slow
links, or it may have threads blocked in read awaiting requests
(eg, one attack mode of the Nimda worm is to establish a
connection to the server but not send an HTTP request. This
connection will be timed out according to the setting of the
Timeout directive, 300 seconds). This fix allows the new process
to be immediately started and begin accepting requests when the
old child process reaches MaxRequestsPerChild.
Jeff Trawick [Tue, 9 Oct 2001 19:29:46 +0000 (19:29 +0000)]
AIX 5L has socklen_t, so use it so we avoid some warnings
AIX 4.3.3 has socklen_t too, but
a) I don't know if all 4.3 (e.g., 4.3.0) has it
b) I don't see the warning on 4.3
c) it isn't a possible 64-bit vs. 32-bit problem, so I'm not
worried about run-time breakage
Parse individual paths listed in the UserDir directive for correctness.
This also addresses the 'quote' problem, where quoted paths would fail
the is absolute redirect or absolute path test on Netware/Win32, given
a "/somepath" designation.
Mark J. Cox [Mon, 8 Oct 2001 19:34:38 +0000 (19:34 +0000)]
Add CVE candidate names to the announcement mail and changes file to allow
them to be cross-referenced with other security publications easily
PR:
Obtained from:
Submitted by:
Reviewed by:
One of 2 fixes to quell a compiler warning. According to fanf@apache.org
> Before C99 the correct way to print a size_t is to use %lu, since
> long was guaranteed to be the widest integral type, so redoing the
> fix on that basis would be better. However with C99 size_t can be
> as wide as unsigned long long so you need to use that format to
> be safe, but then you compromise portability.
So options; simply cast to (int) as I know the value is small; use %lu
without a cast - but get warnings later on >C99. Or kind of the compromize
below; do %lu but cast to be sure.
Martin Kraemer [Mon, 8 Oct 2001 15:49:33 +0000 (15:49 +0000)]
==Port of Apache 1.3.20 to AtheOS==
Rodrigo Parra Novo <rpn@terra.com.br> writes:
I have ported Apache 1.3.20 to AtheOS (A new OS, described on
www.atheos.cx), following the rules described by the PORTING document,
which can be found in Apache's src/ directory.
I'm sending the (rather simple) patch attached. It would be nice if
someone from the Apache team could take a look at the patch, and tell me
if anything is still missing. It would be also nice if (hopefully) this
patch could be added to the current Apache 1.3 branch, on CVS.
I (and others) have been running Apache on AtheOS for some time now,
and everything seems to work correctly, with the following exceptions:
1. AtheOS does not use mmap() and shmget(), so we are using the
ScoreBoard on disk, for now;
2. AtheOS does not support DSO for the moment, as shared libraries
are treated a bit differently from the way they are treated on UNIX.
Submitted by: Rodrigo Parra Novo <rpn@terra.com.br>
Reviewed by: Martin Kraemer
Jim Jagielski [Mon, 8 Oct 2001 14:29:30 +0000 (14:29 +0000)]
Fix the EXPAT logic to the new meaning... Before, it was simply there to
check that expat-lite existed, which was kind of bogus... Now, we
allow it to choose which Expat we want. We prefer the system's Expat
if available but will use expat-lite as a backup. We can also bypass
that as well.
Martin Kraemer [Sat, 6 Oct 2001 22:01:10 +0000 (22:01 +0000)]
Per Ken's veto, the default setting for the manual dir was reverted to the
pre-1.3.21 value of @@ServerRoot@@/htdocs/manual.
However, using the config.layout mechanism, or using the --manualdir= switch
of configure allows you to override this default, and "make install" will
not only install into the defined location, but will also fix the config
file for you (the Alias and <Directory > paths are fixed).
On non-unix platforms, this may be problematic, as the sed pattern
replaces @@ServerRoot@@/htdocs/manual by the setting of $(manualdir).
If that does not work for you, then please adapt whatever you used to
"make install" (probably not Apache's Makefile.tmpl which contains
this sed regex).
Right this change to conform to my minimal interpretation of Ken Coar's
veto over creating /manual/ under ServerRoot. It's possible he also
ment to veto the Alias, I'm not clear. If that's the case, these alias
sections can be removed entirely. I personally believe they are goodness.
Jeff Trawick [Fri, 5 Oct 2001 14:20:53 +0000 (14:20 +0000)]
Here is the http_main.c change to fix the compilation error on TPF.
This change is within an "#if defined(HAVE_TPF_CORE_SERIALIZED_ACCEPT)"
block of code so it should not affect any other platforms.
Submitted by: David McCreedy
Reviewed by: Jeff Trawick
Ken Coar [Fri, 5 Oct 2001 00:53:14 +0000 (00:53 +0000)]
Fix the file-owner and file-group processing; I inadvertently
added them as 'and' operations, so if they were specified but
not matched, nothing else could match either. Fixed..
Justified fixed courier is the single hardest format in the world to
read. Having generated in excess of a billion documents in my former
life, I will play authority on that ;)
LoadModule isn't sufficient. Quick testing of foo.pdf.gz files
(with a mime types declaration of app/x-pdf rather than app/pdf)
still returns app/pdf - so mime_magic is run first. Other modules
may have been similarly misordered.
This patch creates an absolute reference of all modules to Add.
If I've misworded anything, feel free to correct me. The module
order itself is straight from www.apache.org's conf.
Fix the compilation error on TPF.
This change is within an "#if defined(HAVE_TPF_CORE_SERIALIZED_ACCEPT)"
block of code so it should not affect any other platforms.
[David McCreedy <McCreedy@us.ibm.com>]
projects / thirdparty / apache / httpd.git / log
