Change default FileETag to be "size mtime", i.e. remove the inode. Adjust the (ba86234a) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

CHANGES

+3 −0

Original line number	Diff line number	Diff line
		@@ -16,6 +16,9 @@ Changes with Apache 2.3.15
		core: Fix integer overflow in ap_pregsub. This can be triggered e.g.
		with mod_setenvif via a malicious .htaccess. [Stefan Fritsch]

		*) core, mod_dav_fs: Change default ETag to be "size mtime", i.e. remove
		the inode. PR 49623. [Stefan Fritsch]

		*) mod_lua: Expose SSL variables via r:ssl_var_lookup(). [Eric Covener]

		*) mod_lua: LuaHook{AccessChecker,AuthChecker,CheckUserID,TranslateName}

+4 −2

Original line number	Diff line number	Diff line
		@@ -1532,11 +1532,13 @@ request</description>
		<description>File attributes used to create the ETag
		HTTP response header for static files</description>
		<syntax>FileETag <var>component</var> ...</syntax>
		<default>FileETag INode MTime Size</default>
		<default>FileETag MTime Size</default>
		<contextlist><context>server config</context><context>virtual host</context>
		<context>directory</context><context>.htaccess</context>
		</contextlist>
		<override>FileInfo</override>
		<compatibility>The default used to be "INode MTime Size" in 2.3.14 and
		earlier.</compatibility>

		<usage>
		<p>
		@@ -1579,7 +1581,7 @@ HTTP response header for static files</description>
		<note type="warning"><title>Warning</title>
		Do not change the default for directories or locations that have WebDAV
		enabled and use <module>mod_dav_fs</module> as a storage provider.
		<module>mod_dav_fs</module> uses <code>INode MTime Size</code>
		<module>mod_dav_fs</module> uses <code>MTime Size</code>
		as a fixed format for <code>ETag</code> comparisons on conditional requests.
		These conditional requests will break if the <code>ETag</code> format is
		changed via <directive>FileETag</directive>.

+3 −0

Original line number	Diff line number	Diff line
		@@ -188,6 +188,9 @@
		<li><directive module="core">EnableSendfile</directive> now
		defaults to Off.</li>

		<li><directive module="core">FileETag</directive> now
		defaults to "MTime Size" (without INode).</li>

		<li><module>mod_log_config</module>: <a
		href="modules/mod_log_config.html#formats">${cookie}C</a>
		matches whole cookie names. Previously any substring would

+2 −1

Original line number	Diff line number	Diff line
		@@ -461,8 +461,9 @@ typedef unsigned long etag_components_t;
		#define ETAG_MTIME (1 << 1)
		#define ETAG_INODE (1 << 2)
		#define ETAG_SIZE (1 << 3)
		#define ETAG_BACKWARD (ETAG_MTIME \| ETAG_INODE \| ETAG_SIZE)
		#define ETAG_ALL (ETAG_MTIME \| ETAG_INODE \| ETAG_SIZE)
		/* This is the default value used */
		#define ETAG_BACKWARD (ETAG_MTIME \| ETAG_SIZE)

		/**
		* @brief Server Signature Enumeration

+2 −2

Original line number	Diff line number	Diff line
		@@ -1859,14 +1859,14 @@ static dav_error * dav_fs_walk(const dav_walk_params *params, int depth,
		static const char dav_fs_getetag(const dav_resource resource)
		{
		dav_resource_private *ctx = resource->info;
		/* XXX: This should really honor the FileETag setting */

		if (!resource->exists)
		return apr_pstrdup(ctx->pool, "");

		if (ctx->finfo.filetype != APR_NOFILE) {
		return apr_psprintf(ctx->pool, "\"%" APR_UINT64_T_HEX_FMT "-%"
		APR_UINT64_T_HEX_FMT "-%" APR_UINT64_T_HEX_FMT "\"",
		(apr_uint64_t) ctx->finfo.inode,
		APR_UINT64_T_HEX_FMT "\"",
		(apr_uint64_t) ctx->finfo.size,
		(apr_uint64_t) ctx->finfo.mtime);
		}