Checkout Tools
  • last updated 14 mins ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 83288 is being indexed.

This patch removes the processing of `mxb' parameters in Accept

headers in mod_negotiation. A second patch updates the manual to

reflect this (mxb is not documented directly in the manual but support

for it is implied in one place).

Reasons for removing this feature:

1) As currently implemented, the 'mxb' feature makes possible certain

denial-of-service attacks on negotiated content. These attacks are

posssible for user communities which access an Apache server from

behind a HTTP/1.1 proxy which implements `Vary' related optimisations.

Plugging this denial of service hole without removing `mxb' is fairly

expensive in terms of degrading caching efficiency.

2) `mxb' is not in HTTP/1.0 or HTTP/1.1 or any other standard

3) Nobody seems to make use of 'mxb'. (Balachander Krishnamurthy

kindly offered to grep some of his web traffic traces -- he did not

find a single Accept with mxb in a whole day of recent traffic, nor in

older traces)

4) Removing a feature makes a nice change from adding features.

Submitted by: Koen Holtman <>

still sunny

a sunny day here

The old stand-alone MM patch is obsolete. The MM glue code is now part of

EAPI. And whether we include the MM source tree into src/lib/mm/ is a question

which has to be voted on seperately...

Update the patch list.

{Sigh} "%Y" isn't universally accepted, so hack around it with

"%y" and some Y2K math.

Add another patch for consideration.

Minor fixes

Code to force linking of Expat shouldn't be in the shared core loader.

    • -1
    • +1
Hmmm... forgot to add this

Add another patch to the list of those available.

*** empty log message ***

Change to use four digits for the year.

PR: 4523

Submitted by: Simon Burr <>

Reviewed by: Ken Coar

Document the length restrictions on the username and password for

src/support/htpasswd. Also gritch about illegal characters in

the username (':' is the field separator).

    • -4
    • +7
    • -62
    • +15
put the (void) in the existing prototype, rather than add a new one.

(pointed out by James Clark)

Trap (with an errorlog entry) malformed redirects from modules;

i.e., that fail to set a Location field.

Fix a bug with the --without-support configure option that was

introduced in revision 1.61. It caused an infinite make loop when

--without-support was used.


Obtained from:

Submitted by:

Reviewed by:

we really only need CHECK_FD_SETSIZE, not CHECK_CSD_SETSIZE

    • -2
    • +2
    • -4
    • +0
oops I committed that SIGUSR2 change by mistake ages ago... rev 1.433

    • -2
    • +1
missing ap_unblock_alarms

Get rid of remaining "missing prototype" warnings...

One more generated Makefile.

    • -0
    • +1
Ignore generated Makefile...

    • -0
    • +1
Various cleanups to the unclean expat sources to

make them at least compile without warnings...

Fix recent commit of an ap_regerror() function. Hmmm... we should force

us all to compile with egcc -Wall before something is comitted...

    • -0
    • +2
Try to fix TestCompile after Martin's changes: a default was missing.

Dean, you should now no longer get the nasty Make target display

    • -0
    • +1
Piped error logs could cause a segfault if an error occured

during configuration after a restart.

PR: 4456

Submitted by: Aidan Cully <>

    • -7
    • +13
Fix WIN32 compile. ULONG_MAX (defined in limits.h) was not being picked up. Compiles on AIX (4.3.2) and NT.

    • -2
    • +1

Use the ap_getpass() wrapper rather than reinventing it.

Reviewed by:

    • -20
    • +11
    • -12
    • +68

Oops. Too much Perl coding at the time, I guess. :-*

    • -2
    • +2