Checkout Tools
  • last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Backport mod_status refresh parameter saniziting patch.

  1. … 2 more files in changeset.
Fix CVE-2007-5000:

* src/modules/standard/mod_imap.c (menu_header): Fix cross-site

scripting issue by escaping the URI, and ensure that a charset

parameter is sent in the content-type to prevent autodetection by

broken browsers.

Reported by: JPCERT

  1. … 1 more file in changeset.
SECURITY: CVE-2006-5752 (cve.mitre.org)

mod_status: Fix a possible XSS attack against a site with a public

server-status page and ExtendedStatus enabled, for browsers which

perform charset "detection". Reported by Stefan Esser. [Joe Orton]

Joe's patch was tweaked ever so slightly by me, then reviewed

by Joe and Sander T.

  1. … 1 more file in changeset.
Add '*.a' to svn:ignore to ignore library archives.

  1. … 7 more files in changeset.
SECURITY: CVE-2006-3747 (cve.mitre.org)

mod_rewrite: Fix an off-by-one security problem in the ldap scheme

handling. For some RewriteRules this could lead to a pointer being

written out of bounds. Reported by Mark Dowd of McAfee.

Reviewed by: trawick, lars, jorton, wrowe, benl

  1. … 1 more file in changeset.
update license header text
  1. … 221 more files in changeset.
Revert copyright date change patch. Wait until we have

a universal policy and procedure... we cannot willy

nilly change the dates unless significant or

material changes are made.

  1. … 193 more files in changeset.
Update to 2006

  1. … 193 more files in changeset.
Use ap_assert instead of assert in mod_log_forensic.

This fixes issue #38177.

* src/modules/standard/mod_log_forensic.c

(log_escape, log_before): s/assert/ap_assert/

Noticed by: Wilson Cheung <wcheung ucsd.edu>

Patch by: Jim Jagielski

Approved by: Jeff Trawick, André Malo

Fix moderate security issue CVE-2005-3352 mod_imap cross-site scripting flaw

Submitted by: Mark Cox <mjc apache.org>

Reviewed by: jorton, mjc, fielding

PR: 37874

  1. … 2 more files in changeset.
Minor make file changes to allow the clib prelude to be replaced

Submitted by: Guenter Knauf

  1. … 5 more files in changeset.
Remove CGI block on OPTIONS method so that scripts can

respond to OPTIONS directly rather than via server default.

PR: 15242

Reviewed-by: Paul Querna, Andre Malo, William A. Rowe, Jr.

  1. … 1 more file in changeset.

Correct transposed :tid: case, needs to be in the #ifdef MULTITHREAD

scenario, not visa versa.

Submitted by: Brian Havard

Win32-enable, unix threaded-enable the mod_log_forensic module.

* adds a get_forensic_id() function, differing between win32,

threaded, and non-threaded platforms (threaded and win32

platforms get instead an pid:tid:time:seq identifier.)

* stop the module config abuse, and simply use r->notes (this

requires the 169534 svn patch already applied.)

Fix an irritating bug. The forensic-id is captured in two places, as

an r->notes entry, and in the (supposedly constant) server config(!)

This patch retrieves the r->notes copy instead at final logging phase.

fix warning on systems where pid_t is long

reviewed by: nd, jim

drop .cvsignore files

  1. … 25 more files in changeset.
general property cleanup

  1. … 833 more files in changeset.
Remove Showstopper. Now waiting a few hours before tag and roll...

PR:

Obtained from:

Submitted by:

Reviewed by:

  1. … 1 more file in changeset.
len is size_t so adjust as safe

PR:

Obtained from:

Submitted by: Joe O.

Reviewed by:

Apply the CAN-2004-0940 patch.

PR:

Obtained from:

Submitted by:

Reviewed by:

  1. … 2 more files in changeset.
mod_rewrite:Fix query string handling for proxied URLs.

PR: 14518

Obtained from:

Submitted by:

Reviewed by: nd, minfrin, jim

  1. … 2 more files in changeset.
Add in most-likely last patch before 1.3.32

  1. … 2 more files in changeset.
Various TPF platform-specific changes:

provide cleaner shutdown on fatal child exit,

expand address size handling, and clean up some warnings

  1. … 18 more files in changeset.
Trigger an error when a LoadModule directive attempts to

load a module which is built-in. This is a common error when

switching from a DSO build to a static build.

  1. … 1 more file in changeset.
* modules/standard/mod_digest.c (check_nonce): Fix length check.

Fix mod_log_forensic bug by applying patch. reported *was* author

of patch, right??

PR:

Obtained from:

Submitted by:

Reviewed by:

  1. … 1 more file in changeset.
Fix memory leak.

PR: 27862

Submitted by: shengperson yahoo.com (chunyan sheng)

Reviewed by: Joe Orton, Jeff Trawick

  1. … 1 more file in changeset.
Fix confused map cache (with maps in different VHs using

the same name).

PR: 26462

Reviewed by: Jeff Trawick, Joe Orton

  1. … 1 more file in changeset.
remove "support" for Remote_User variable, which never worked at all.

PR: 25725

Reviewed by: Justin Erenkrantz, Paul Querna