Checkout Tools
  • last updated 5 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Commit fix for CVE-2010-0010, an integer overflow on platforms where

sizeof(int) < sizeof(long) due to inappapriate casting;

* Change "MIN( (int) a, (int) b)" to "(int) MIN(a, b)". As 'a' is the buffer

size, it will be smaller than any long which overflows an int.

* More generally - change ap_bread and ap_bwrite to defend against a negative

length argument in general. Return -1 if one is passed.

  1. … 2 more files in changeset.
Apply Jeff's patch...

When setting status to SERVER_DEAD, reset pid as well.

Move to a more efficient pid-table impl. Note that the

change in common_init() will mean that mod_ssl won't cleanly

patch, so before we release, we'll need to make sure they

are aware.

  1. … 1 more file in changeset.
Add '*.a' to svn:ignore to ignore library archives.

  1. … 7 more files in changeset.
* It does not matter if this pid is still in the scoreboard or not. We need to

remove it from our pid table in any case.

Only remove from pid table when we've reaped a child,

that is, when we know it's gone.

Use ap_snprintf()

Some comments... Yes, a 64 char array is overkill, but so

what :) Also, in this section we later on unset as well,

but also encapsulate the logic here as well.

more cleanus of pid_table for killed/waited-for kiddies

Add in parent process PID table, to provide for

a check against the pid values located in the


Properly null-terminate the tpf_server_name string (in TPF-only code).

moved XLFLAGS to the .opt file so that external libs can be added;

added new var XDCDATA and removed xdcdata setting from mis-used XLFLAGS;

moved some copyright from .opt to .def file since -copy option doesnt accept commas.

  1. … 2 more files in changeset.
update license header text
  1. … 221 more files in changeset.
Back out 396294. This keeps HEAD in a non-regression state

and allows us to re-add/fix the functionality "later on"

  1. … 2 more files in changeset.
* Backport the include directive patch for 1.3

* Add a changelog entry for same

* reorder the changelog to put security first.

  1. … 3 more files in changeset.
Revert copyright date change patch. Wait until we have

a universal policy and procedure... we cannot willy

nilly change the dates unless significant or

material changes are made.

  1. … 193 more files in changeset.
Update to 2006

  1. … 193 more files in changeset.
Fix escaping of Expect error message

+1: mjc, trawick, wrowe

  1. … 2 more files in changeset.
TPF platform-specific changes:

Ensure children close their sockets upon shutdown.

Fix KeepAliveTimeOut and TimeOut processing.

Implement SIGUSR1 (graceful restart) and SIGHUP (restart now).

  1. … 3 more files in changeset.
Fix moderate security issue CVE-2005-3352 mod_imap cross-site scripting flaw

Submitted by: Mark Cox <mjc>

Reviewed by: jorton, mjc, fielding

PR: 37874

  1. … 2 more files in changeset.
Minor make file changes to allow the clib prelude to be replaced

Submitted by: Guenter Knauf

  1. … 5 more files in changeset.

Backport the 2.x C-L/T-E core protocol patch;

Reviewed for 1.3 by: wrowe, jimj, graham

  1. … 1 more file in changeset.

Fix a fat-fingered typo.

Minor cleanup - use NOERRNO logging, more proper body test and

log origin server TRACE denied.

  1. … 1 more file in changeset.

Introduce TraceEnable [on|off|extended], fixes non-compliance

in mod_proxy which accepted request bodies with TRACE requests.

  1. … 6 more files in changeset.

These failure cases are all essentially bogus submissions to httpd,

do not persist the connection if the client can't formulate any

respectible request (e.g. likely to be exploit testing).

[None of the modified failure cases occur prior to request processing.]

comment is slightly more accurate

mod_digest: Fix another nonce string calculation issue.

Submitted by: Eric Covener

Reviewed by: trawick, jorton, jim

  1. … 2 more files in changeset.
drop .cvsignore files

  1. … 25 more files in changeset.