httpd

Checkout Tools
  • last updated 2 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 966352 is being indexed.

Roll on to 2.2.17-dev

Tag 2.2.16

Prepare for 2.2.16 release

CVE-2010-1452: Fix handling of missing path segments in the parsed URI structure.

If a specially crafted request was sent, it is possible to crash mod_dav or

mod_cache, as they accessed a field that is set to NULL by the URI parser,

assuming that it always put in a valid string.

PR: 49246

Submitted by: Mark Drayton

Patch by: Jeff Trawick

CVE-2010-1452: Fix handling of missing path segments in the parsed URI structure.

If a specially crafted request was sent, it is possible to crash mod_dav,

mod_cache or mod_session, as they accessed a field that is set to NULL

by the URI parser, assuming that it always put in a valid string.

PR: 49246

Submitted by: Mark Drayton

Patch by: Jeff Trawick

Rebuild new example.

Fixes a non-working example in the int RewriteMap section.

Run filter "init" functions exactly once per request. No longer run

init functions for connection filters (doing an "init" once per

handler invocation makes no sense for a connection filter). No longer

run init functions multiple times per request if a subrequest is used.

* include/util_filter.h (ap_filter_rec_t): Clarify use of the init

function pointer.

* server/config.c (invoke_filter_init): Drop ap_ prefix for private

function; take a request_rec pointer and only invoke filters with

matching request.

(ap_invoke_handler): Adjust accordingly.

PR: 49328

Reviewed by: rpluem

Vote late, vote quickly.

Update SSL cipher suite and add example for SSLHonorCipherOrder.

Unite divided backport proposal.

Propose backport.

This one-line patch fixes a bug introduced since 2.2.15,

so it would be a particularly good idea to backport before $next-release.

Fix omission in r894036 noted by rpluem.

* STATUS: simple config change to help out IE6 users on SSL.

Fix up some SSL configuration, per issue #49484. IE6 had a hotfix released

for this problem quite a while back (see kb 921090), so restrict the

modified behavior to the old/unsupported browsers.

* docs/conf/extra/http-ssl.conf.in:

(): tighten up the regex to only select old MSIE browsers for the

downgrade in http behavior. this allows IE6 to run much faster.

veto change to ap_rgetline_core(); should be reverted on truck as well
Another backport proposal

backport proposal

Fix processing of long chunk extensions

PR 49474

Replace "back-slash" with "backslash" in docs.

I kept "back slash" when explicitely used in

comparison with "forward slash".

Backport of r965792 from trunk and of r965799

from 2.2.x.

Fix typo in rewrite docs (slash -> backslash).

Thanks to Denis Howe for the hint.

PR49620.

Backport of r965798 from 2.2.x.

Replace "back-slash" with "backslash" in docs.

I kept "back slash" when explicitely used in

comparison with "forward slash".

Backport of r965792 from trunk.

Fix typo in rewrite docs (slash -> backslash).

Thanks to Denis Howe for the hint.

PR49620.

Replace "back-slash" with "backslash" in docs.

I kept "back slash" when explicitely used in

comparison with "forward slash".

Trivial spelling fix so I can close

PR 44195

backport proposal

Don't risk segfault in authz if r->user is not set

PR 42995

Propose backport

Enable SetEnv to set PATH

PR 43906

mod_include: recognise "text/html; parameters" as text/html

PR 49616

diagnosed by Andrey Chernov