Checkout Tools
  • last updated 6 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1180030 is being indexed.

Merge r1179239 from trunk:

SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some

reverse proxy configurations by strictly validating the request-URI:

* server/protocol.c (read_request_line): Send a 400 response if the

request-URI does not match the grammar from RFC 2616. This ensures

the input string for RewriteRule et al really is an absolute path.

Reviewed by: jim, rjung, jorton

  1. … 1 more file in changeset.
Rename macro to a better name and sync with trunk.

Reviewed by wrowe, rjung.

  1. … 1 more file in changeset.
enabled building gen_test_char for running on build when cross-compiling;

this does not change code for any platform unless CROSS_COMPILE is defined.

Backport of r795971 - reviewed by trawick, rjung.

  1. … 1 more file in changeset.
backport r791454 from 2.2.x branch:

SECURITY: CVE-2009-1891 (cve.mitre.org)

Fix a potential Denial-of-Service attack against mod_deflate or other

modules, by forcing the server to consume CPU time in compressing a

large file after a client disconnects. [Joe Orton, Ruediger Pluem]

Submitted by: jorton, rpluem

Reviewed by: pgollucci, poirier, rjung

  1. … 2 more files in changeset.
Removed a tab and trailing spaces; no code change.

Applied accepted backport 164538.

  1. … 3 more files in changeset.
merge from trunk and 2.2.x:

SECURITY: CVE-2010-0434 (cve.mitre.org)

Ensure each subrequest has a shallow copy of headers_in so that the

parent request headers are not corrupted. Elimiates a problematic

optimization in the case of no request body.

PR: 48359

Submitted by: Jake Scott, William Rowe, Ruediger Pluem

Reviewed by: wrowe, trawick, rpluem

  1. … 2 more files in changeset.
Yes, reverting prematurely applied backport
Add CVE-2010-0434 fix for consideration
  1. … 1 more file in changeset.
httpd-2.2 and -2.0 specific patch to revert to 2.0.55/2.2.0 handling of the

stdout channel; do not close stdout in the parent process or reassign it to

\\Device\Null, but keep it open so that the console signal handler continues

to interact with the running "daemonized" httpd process.

Not committed to httpd-2.x; there is disagreement as to whether this is good

behavior for a daemon, and the proper 2.4(3.0) behavior on Win32 may be to

daemonize but properly handle -k stop by the PID file contents. Many have

asked for this feature who run a minimal httpd.exe, especially from some

removeable media such as CD, and wish to be able to halt it as a console.

PR: 44800 (part 3/3)

Submitted by: tdonovan

Backports: r663704

The environment may be manipulated by modules such as mod_perl, so regenerate

the passed env argument on each CreateProcess call.

PR: 44800 (part 2/3)

Submitted by: tdonovan

Backports: r663699

For winnt_mpm console mode, always reset our console handler to be the first,

even on a restart, because some modules (e.g. mod_perl) might have set a console

handler to terminate the process.

PR: 44800 (part 1/3)

Submitted by: tdonovan

Backports: r663669

winnt_mpm: Resolve modperl issues by redirecting console mode stdout

to /Device/Nul as the server is starting up, mirroring unix MPM's.

PR: 43534

Submitted by: Tom Donovan <Tom.Donovan acm.org> and William Rowe

Backports: r609354, r609366

  1. … 1 more file in changeset.
winnt_mpm: Restore Win32DisableAcceptEx On directive and Win9x platform

by recreating the bucket allocator each time the trans pool is cleared.

PR: 11427 #16 (follow-on)

Submitted by: Tom Donovan <Tom.Donovan acm.org>

Backport: r609181

  1. … 1 more file in changeset.
Close the child_exit_event which lives only for the scope

of master_main and was orphaned on each soft or fatal restart.

PR: 40932

Submitted by: Jeff Robbins <jeffr livedata.com>

Backport: r607677

On win32, we must never, never close the parent's copy of the

child's read end for a reliable piped logger. The child runs

and manages it's own logs, and even if the parent did instead,

the mpm would be adjusted to pass down the child write ends

without read ends to the pipes, so this forever makes no sense.

Backport: r607666

Fix winnt bucket_alloc to borrow memory from the transaction

pool, instead of exhausting pchild memory over a number of

connections.

PR: 11427

Submitted by: Alex Varju <alex varju.ca>

Backport: r607393

Backport a patch similar to r580433, but similar to the apr-1.2

specific server/log.c r602467, take into account the fact that

apr's flags could not be adjusted.

Backports: 2.2.x branch r607311

Refactor releasing the child processes by eliminating the

time lookup, eliminating the bogus/misimplemented function,

and introducing fairness to release any dead threads before

getting hung up on releasing longer lived threads.

Also pick up the time-to-wait from the server global timeout.

And finally, axe a completely bogus internal helper function.

Backports: r573103, r573105

  1. … 3 more files in changeset.
Correct the approach to std file handles by simplifying the approach

and taking better advantage of apr's now-proper support.

Already verified by Randy Kobes and Tom Donovan

Sync to trunk r580433

Remove existing showstopper

  1. … 1 more file in changeset.
Merge r580437 from trunk:

Share a single write-pipe handle for piped stderr logging, this

prevents an extra logging process from hanging around after the

initial config-phase.

Reviewed by: rpluem, wrowe

Submitted by: wrowe

Reviewed by: jim

  1. … 1 more file in changeset.
Backport applied

  1. … 2 more files in changeset.
server/log.c (log_error_core): For APLOG_DEBUG on Unix, if __FILE__

is an absolute path (as in a VPATH build), just log the basename.

Submitted by: jorton

Backport: r105258

Reviewed by: wrowe, trawick, rpluem

  1. … 1 more file in changeset.
Finish commit r570307, with some play-by-play commentary to

match trunk.

main core: Emit errors during the initial apr_app_initialize()

or apr_pool_create() (when apr-based error reporting is not ready).

[William Rowe, Jeff Trawick]

Backport: 568779, 569934

  1. … 2 more files in changeset.
log core: Fix issue which could cause piped loggers to be orphaned

and never terminate after a graceful restart. PR 40651. [Joe Orton,

Ruediger Pluem]

log core: fix the new piped logger case where we couldn't connect

the replacement stderr logger's stderr to the NULL stdout stream.

Continue in this case, since the previous alternative of no error

logging at all (/dev/null) is far worse. [William Rowe]

disambiguate an error message to diagnose future error reports

Backport: 452431, 568326, 568322

  1. … 2 more files in changeset.
mpm_winnt: Prevent the parent-child pipe from leaking into other

spawned processes, and ensure we have a /Device/null handle for

stdout when running as-a-service.

Backport: 568446

  1. … 2 more files in changeset.
Backport of 2.0.x PID table problem fix
  1. … 2 more files in changeset.
update license header text
  1. … 300 more files in changeset.