Checkout Tools
  • last updated 1 hour ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 356279 is being indexed.

Fix moderate security issue CVE-2005-3352 mod_imap cross-site scripting flaw

Submitted by: Mark Cox <mjc>

Reviewed by: jorton, mjc, fielding

PR: 37874

  1. … 2 more files in changeset.
merge mod_version_for_2.0.x branch back to branches/2.0.x

* merge 160788 to 326121 from branches/mod_version_for_2.0.x, but leave out

generated docs files (will cleanly rebuild later)

Reviewed by: Paul Querna, Bill Rowe, (Justin Erenkrantz), me

  1. … 21 more files in changeset.
Commit Greg's patch to fix worker MPM memory leak.

Approved by: Greg, OtherBill, Jeff

  1. … 2 more files in changeset.

Undo fat fingers of commit 292397

Small fix to remove unused 'rv' variable from the excluded code path

Backport TraceEnable option, correcting RFC violation by mod_proxy as this

now drops any proxied TRACE request which tries to pass a body, unless

the user explicitly forces 'TraceEnable extended'.

Per colm; removed \n's from error_notes, docs coming next.

Reviewed by: jimj, colm

  1. … 6 more files in changeset.
from trunk, backport ap_log_cerror(), along with some helpful uses

of it

Reviewed by: stoddard, wrowe

  1. … 4 more files in changeset.
Backport from trunk:

*) Support the suppress-error-charset setting, as with Apache 1.3.x.

PR 31274.

Reviewed by: jorton, nd

  1. … 5 more files in changeset.
Merge r170441, r170573, r170719 from trunk:

* server/log.c (piped_log_spawn): Return the APR error code,

as expected by piped_log_maintenance (and fixing "Unknown

error" messages in error path there).

(ap_open_piped_log): Expect an APR error code.

* server/log.c (ap_open_piped_log): Remove errno handling.

* server/log.c (piped_log_spawn): Don't leak an fd for each


Reviewed by: jorton, trawick, wrowe

  1. … 2 more files in changeset.

core: strip C-L from any request with a T-E header

resolves external origin CAN-2005-2088 issues, does not

address internal origin C-L/T-E discrepancies within proxy_http

Security: CVE CAN-2005-2088

Submitted by: Joe Orton

Reviewed by: Jeff Trawick, Will Rowe

  1. … 2 more files in changeset.

Propupdate to ignore win32 gen_test_char.exe

merge this fix from trunk:

Prevent hangs of child processes when writing to piped loggers at

the time of graceful restart.

PR: 26467

Reviewed by: jorton, pquerna

  1. … 2 more files in changeset.
merge this fix from trunk:

fix minor annoyance on z/OS: __FILE__ is set to

"./foo.c" instead of simply "foo.c", so filter

out all but the basename before logging it with

debug messages

Reviewed by: pquerna, wrowe

Merge from trunk:

Downgrade the log level of a worker MPM apr_proc_mutex_foo error

message when it occurs during restart (as we already do for a couple

of other calls).

Reviewed by: jorton, pquerna

worker mpm: don't take down the whole server for a transient

thread creation failure. PR 34514

  1. … 2 more files in changeset.
merge these fixes from 2.1-dev:

*) worker MPM: Fix a problem which could cause httpd processes to

remain active after shutdown. [Jeff Trawick]

*) Unix MPMs: Shut down the server more quickly when child processes are

slow to exit. [Joe Orton, Jeff Trawick]

Reviewed by: stoddard, striker

  1. … 3 more files in changeset.
backport this from 2.1-dev:

Remove formatting characters from ap_log_error() calls. These

were escaped as fallout from CAN-2003-0020.

Submitted by: Eric Covener <ecovener>

Reviewed by: trawick, jorton, pquerna

  1. … 4 more files in changeset.
core_input_filter: Stop leaking a brigade by moving buckets to an existing brigade instead of calling brigade_split.

PR: 33382

Reviewed By: Justin Erenkrantz, Jeff Trawick

  1. … 3 more files in changeset.
* server/mpm_common.c (ap_mpm_pod_open, dummy_connection): Use

ap_listeners->bind_addr for the dummy connection rather than doing a

name lookup on the first listener's hostname and using one of the

addresses returned.

* server/mpm_common.c (dummy_connection): Log the address if the

connect() fails.

Reviewed by: jorton, trawick, stoddard

  1. … 1 more file in changeset.

There -was- no race on Win32 in httpd-2.0, because the child thread

start function arg was redefined to be racy on httpd-2.1 (now fixed.)

However, things aren't always clear when one goes nuts with casts,

in fact they mask the real behavior. So taking FirstBill's +1, clean

up these ugly casts as we did in httpd-2.1 and make the code and it's

behavior a little more self-evident.

  1. … 1 more file in changeset.
Update copyright year to 2005 and standardize on current copyright owner line.

  1. … 469 more files in changeset.
Fix --with-apr=/usr and/or --with-apr-util=/usr.

MFC: 151255

PR: 297409

Submitted by: Max Bowsher <maxb>

Reviewed by: jerenkrantz, trawick, fielding, pquerna

  1. … 1 more file in changeset.
If thread_num is long, this better be an %ld

MFC: 106653

Reviewed by: wrowe, nd, trawick

  1. … 1 more file in changeset.
Remove upper limit on the LimitRequestFieldSize directive

MFC: 149269

Reviewed by: stoddard, jerenkrantz, jim

  1. … 1 more file in changeset.
Start keeping track of the amount of time taken to process a request again.

Results in the 'Req' field in mod_status no longer being bogus.

MFC: 149550

Reviewed by: jim, stas, geoff

  1. … 3 more files in changeset.
Merge r105111 from trunk:

* server/core.c (default_handler): Fix the test for whether to split a

file into several buckets: it is needed regardless of whether sendfile

is enabled, and APR_HAS_LARGE_FILES is not sufficient to determine

whether sizeof(apr_off_t) is greater than sizeof(apr_off_t).

PR: 28898

Reviewed by: jorton, trawick, stoddard

  1. … 2 more files in changeset.
Merge r105297, r105664 from trunk:

* server/util_filter.c (ap_save_brigade): Handle an ENOTIMPL setaside

function correctly.

* server/util_filter.c (ap_save_brigade): Be more tolerant of a bucket

type which neither implements ->setaside nor morphs on ->read, such as

the mod_perl SV bucket type in mod_perl <1.99_17; defer returning an

error in this case until after calling setaside on each bucket.

PR: 31247

Reviewed by: jorton, trawick, stoddard

  1. … 2 more files in changeset.
Log server version and server built info at startup
Fixing various compiler errors when compiling against the latest version of LibC SDK
  1. … 1 more file in changeset.
drop .cvsignore files

  1. … 32 more files in changeset.