Correct mod_autoindex's test of the query string's requested ordering.
This patch is a bit more paranoid than Kestutis's, but this is user
supplied input, so a bit of paranoia is healthy.
dgaudet [Sun, 11 Nov 2001 19:46:41 +0000 (19:46 +0000)]
rev 1.248 of this file removed the default locking mechanism
from unixware 7.0. instead it should have just defined
SINGLE_LISTEN_UNSERIALIZED_ACCEPT (since locking is always required for
multiple sockets).
Same IDE enforcement of InstallBin as the 'default' project from the 2.0
tree, so when the user first confronts Apache sources they have the right
top-level project.
Prevent an Apache module from being loaded or added twice due
to duplicate LoadModule or AddModule directives (or a missing
ClearModuleList directive).
LoadModule dupcheck (for 2.0) by Brian Pane <bpane@pacbell.net>
Ported and added AddModule dupcheck by Will Rowe
Identified by an old collegue of Will's who tripped over this.
Ken Coar [Fri, 26 Oct 2001 18:05:26 +0000 (18:05 +0000)]
Some platforms varf on a setgid(-1) and hence httpd will fall
over immediately after being started. However, since
'Group #-1' is syntactically correct, apachectl won't catch
this and will assume the server started successfully. This
checkgid app will return -1 if any of the Apache-understandable
group values (i.e., name or "#n") are invalid. apachestl still
needs to be enhanced to use this.
Jeff Trawick [Thu, 18 Oct 2001 15:25:26 +0000 (15:25 +0000)]
HP-UX requires DSOs to be executable. "make install" takes care of
this, but binbuild-install.sh does not. This patch tweaks
install-bindist.sh to make the DSOs executable. As with "make
install", the DSOs will be marked executable for all platforms, not
just HP-UX. (Actually, install-sh is invoked by "make install" a
little differently for DSOs on rhapsody/darwin, but there is no
special processing for rhapsody/darwin in install-bindist.sh
currently so they shouldn't be hurt by the change below.)
Bill Stoddard [Wed, 17 Oct 2001 14:45:29 +0000 (14:45 +0000)]
Win32: The Apache Win32 developers generally recommend that
MaxRequestsPerChild be set to 0 to prevent the child process
from ever recycling. However, for those that do require a
non-zero setting, this patch fixes a serious bug that can cause
an apparent 'server-hang' condition where the server stops
responding to requests for a period of time. Prior to this
fix, when the child process handled MaxRequestsPerChild
connnections, the child process would stop accepting new
connections and begin allowing inactive threads to exit. The
problem was that a new process would not be created to begin
handling requests until the old process fully exited. The old
process can take an indeterminate amount of time to exit because
it may be sending large responses to clients connected over slow
links, or it may have threads blocked in read awaiting requests
(eg, one attack mode of the Nimda worm is to establish a
connection to the server but not send an HTTP request. This
connection will be timed out according to the setting of the
Timeout directive, 300 seconds). This fix allows the new process
to be immediately started and begin accepting requests when the
old child process reaches MaxRequestsPerChild.
Jeff Trawick [Tue, 9 Oct 2001 19:29:46 +0000 (19:29 +0000)]
AIX 5L has socklen_t, so use it so we avoid some warnings
AIX 4.3.3 has socklen_t too, but
a) I don't know if all 4.3 (e.g., 4.3.0) has it
b) I don't see the warning on 4.3
c) it isn't a possible 64-bit vs. 32-bit problem, so I'm not
worried about run-time breakage
Parse individual paths listed in the UserDir directive for correctness.
This also addresses the 'quote' problem, where quoted paths would fail
the is absolute redirect or absolute path test on Netware/Win32, given
a "/somepath" designation.
Mark J. Cox [Mon, 8 Oct 2001 19:34:38 +0000 (19:34 +0000)]
Add CVE candidate names to the announcement mail and changes file to allow
them to be cross-referenced with other security publications easily
PR:
Obtained from:
Submitted by:
Reviewed by:
One of 2 fixes to quell a compiler warning. According to fanf@apache.org
> Before C99 the correct way to print a size_t is to use %lu, since
> long was guaranteed to be the widest integral type, so redoing the
> fix on that basis would be better. However with C99 size_t can be
> as wide as unsigned long long so you need to use that format to
> be safe, but then you compromise portability.
So options; simply cast to (int) as I know the value is small; use %lu
without a cast - but get warnings later on >C99. Or kind of the compromize
below; do %lu but cast to be sure.
Martin Kraemer [Mon, 8 Oct 2001 15:49:33 +0000 (15:49 +0000)]
==Port of Apache 1.3.20 to AtheOS==
Rodrigo Parra Novo <rpn@terra.com.br> writes:
I have ported Apache 1.3.20 to AtheOS (A new OS, described on
www.atheos.cx), following the rules described by the PORTING document,
which can be found in Apache's src/ directory.
I'm sending the (rather simple) patch attached. It would be nice if
someone from the Apache team could take a look at the patch, and tell me
if anything is still missing. It would be also nice if (hopefully) this
patch could be added to the current Apache 1.3 branch, on CVS.
I (and others) have been running Apache on AtheOS for some time now,
and everything seems to work correctly, with the following exceptions:
1. AtheOS does not use mmap() and shmget(), so we are using the
ScoreBoard on disk, for now;
2. AtheOS does not support DSO for the moment, as shared libraries
are treated a bit differently from the way they are treated on UNIX.
Submitted by: Rodrigo Parra Novo <rpn@terra.com.br>
Reviewed by: Martin Kraemer
Jim Jagielski [Mon, 8 Oct 2001 14:29:30 +0000 (14:29 +0000)]
Fix the EXPAT logic to the new meaning... Before, it was simply there to
check that expat-lite existed, which was kind of bogus... Now, we
allow it to choose which Expat we want. We prefer the system's Expat
if available but will use expat-lite as a backup. We can also bypass
that as well.
Martin Kraemer [Sat, 6 Oct 2001 22:01:10 +0000 (22:01 +0000)]
Per Ken's veto, the default setting for the manual dir was reverted to the
pre-1.3.21 value of @@ServerRoot@@/htdocs/manual.
However, using the config.layout mechanism, or using the --manualdir= switch
of configure allows you to override this default, and "make install" will
not only install into the defined location, but will also fix the config
file for you (the Alias and <Directory > paths are fixed).
On non-unix platforms, this may be problematic, as the sed pattern
replaces @@ServerRoot@@/htdocs/manual by the setting of $(manualdir).
If that does not work for you, then please adapt whatever you used to
"make install" (probably not Apache's Makefile.tmpl which contains
this sed regex).
Right this change to conform to my minimal interpretation of Ken Coar's
veto over creating /manual/ under ServerRoot. It's possible he also
ment to veto the Alias, I'm not clear. If that's the case, these alias
sections can be removed entirely. I personally believe they are goodness.
Jeff Trawick [Fri, 5 Oct 2001 14:20:53 +0000 (14:20 +0000)]
Here is the http_main.c change to fix the compilation error on TPF.
This change is within an "#if defined(HAVE_TPF_CORE_SERIALIZED_ACCEPT)"
block of code so it should not affect any other platforms.
Submitted by: David McCreedy
Reviewed by: Jeff Trawick
Ken Coar [Fri, 5 Oct 2001 00:53:14 +0000 (00:53 +0000)]
Fix the file-owner and file-group processing; I inadvertently
added them as 'and' operations, so if they were specified but
not matched, nothing else could match either. Fixed..
Justified fixed courier is the single hardest format in the world to
read. Having generated in excess of a billion documents in my former
life, I will play authority on that ;)
LoadModule isn't sufficient. Quick testing of foo.pdf.gz files
(with a mime types declaration of app/x-pdf rather than app/pdf)
still returns app/pdf - so mime_magic is run first. Other modules
may have been similarly misordered.
This patch creates an absolute reference of all modules to Add.
If I've misworded anything, feel free to correct me. The module
order itself is straight from www.apache.org's conf.
Fix the compilation error on TPF.
This change is within an "#if defined(HAVE_TPF_CORE_SERIALIZED_ACCEPT)"
block of code so it should not affect any other platforms.
[David McCreedy <McCreedy@us.ibm.com>]
I have no idea if the load order is correct here, I suspect it's close.
Would some 1.3 module ordering guru please double check ... the built
in modules are detailed in apache-1.3/src/os/modules.c.
Bill Stoddard [Wed, 3 Oct 2001 22:35:19 +0000 (22:35 +0000)]
Fix a mismatching issue, where index.html.foo.en had recognized .html and
.en components, and exceptions index and foo. This patch will ignore the
'missing' exception html from the request, and go on to test the exception
foo in the list.
This does -not- imply that a request for index.foo will succeed, in the
example above. The pattern match tests index.foo[.*] so we wouldn't find
index.html.foo.anything. The pattern matching proposed at one time by
Francis Daly would allow index.foo to succeed as well [although many to
many matching is dangerous, see comments in this patch.]
Accept service names modified by the user in the Win/2000 Service Control
Panel applet. Allow the admin to specify -W dependency, where the given
service will become a dependency for Apache when configured with the
-k install and config options. Finally, document -w and -W.
Mark J. Cox [Wed, 3 Oct 2001 17:46:57 +0000 (17:46 +0000)]
Add a guide to Apache 1.3.21 changes, taken from the commit logs so not
to miss things in CHANGES and sorted into categories, with minor changes
lumped together and some explanations changed to be more readable.
PR:
Obtained from:
Submitted by: Mark Cox
Reviewed by: Several Red Hat Apache Week team members
projects / thirdparty / apache / httpd.git / log
