- Oct 27, 2014
-
-
Jim Jagielski authored
Concat string at compile time when possible. Doing so, sometimes also give the opportunity to turn a 'ap_fputstrs' into a 'ap_fputs'. PR 53741 Submitted by: jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634525 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_substitute: Restrict configuration in .htaccess to FileInfo as documented. Submitted by: rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634524 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_substitute: Make maximum line length configurable. Add docs for new directive SubstituteMaxLineLength in mod_substitute. Submitted by: rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634523 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_substitute: Fix memory limitation in case of regexp plus flatten. The maxlen argument of ap_varbuf_regsub() is unsigned. Passing in "AP_SUBST_MAX_LINE_LENGTH - vb.strlen" in case vb.strlen got to big didn't result in the expected error but instead was handled as a very big maxlen. Add CHANGES for r1628104. (mod_substitue: Fix memory limitation in case of regexp plus flatten.) Submitted by: rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634522 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
PR53218 Allow for longer worker names and make truncation a non-fatal error... Correct loglevel. oops... prepend 0 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634520 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_dav: set r->status_line in dav_error_response. It's used as argument in next ap_rvputs call. PR 55426. Submitted by: jkaluza Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634519 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 18, 2014
-
-
Christophe Jaillet authored
mod_proxy_http: Avoid (unlikely) access to freed memory. Submitted by: ylavic Reviewed by: ylavic, jorton, rjung Backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1632736 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 16, 2014
-
-
Christophe Jaillet authored
http_protocol: fix logic in ap_method_list_(add|remove) in order: - to correctly reset bits - not to modify the 'method_mask' bitfield unnecessarily Submitted by: jailletc36 Reviewed by: jailletc36, ylavic, rjung Backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1632440 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
mod_slotmem: Increase log level for some originally debug messages. Submitted by: jim Reviewed by: jim, ylavic, rjung Backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1632437 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 14, 2014
-
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1631685 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 11, 2014
-
-
Eric Covener authored
In 2.4.10, AuthLDAPBindDN might not be used for some LDAP searches, causing LDAP authz failures if AuthLDAPBindDN was able to search through more of LDAP than web users. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1631119 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
mod_macro: Remove APLOG_NOERRNO. Add some APLOGNO. Fix some alignment. Submitted by: jailletc36 Reviewed by: jailletc36, rjung, covener backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1631118 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 26, 2014
-
-
Jim Jagielski authored
SECURITY (CVE-2014-3581): Fix a mod_cache NULL pointer deference in Content-Type handling. mod_cache: Avoid a crash when Content-Type has an empty value. PR56924. Submitted By: Mark Montague <mark catseye.org> Reviewed By: Jan Kaluza Submitted by: jkaluza Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1627749 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
don't let handlers start with r->status = 304 during a failed revalidation PR56881 Fix typo in comment. Submitted by: covener, rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1627745 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_status should honor remote_ip as documented Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1627744 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 19, 2014
-
-
Jan Kaluža authored
to be seen from auth stanzas under virtual hosts. PR 56870. [Eric Covener] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1626203 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 16, 2014
-
-
Jeff Trawick authored
Fix a cmake compatiblity issue related to quoting with cmake 2.8.12 and later. PR: 56615 Submitted by: Chuck Liu <cliu81 gmail.com>, trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1625199 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 05, 2014
-
-
Jim Jagielski authored
PR56832 -- mod_ratelimit reports at ERROR level everytime a lower-level filter encounters an error. Since the core output filter only emits TRACE1, a higher level filter shouldn't log the same condition as ERROR. Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1622708 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 03, 2014
-
-
Stefan Fritsch authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1622359 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 31, 2014
-
-
Jim Jagielski authored
Avoid useless warning message when parsing a section guarded by <IfDefine foo> if $(foo) is used within the section. PR 56503 Submitted by: jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1621603 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy_fcgi: Fix faulty logging of large amounts of stderr from the application. PR: 56858 Submitted by: Manuel Mausz <manuel-asf mausz.at> Reviewed by: trawick Submitted by: trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1621602 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
PR53420: Proxy responses with error status and "ProxyErrorOverride On" hang until proxy timeout. Regression from 2.2. It was introduced by r912063 in order to fix PR41646. Switch preference for headers, Transfer-Encoding first, Content-Length second. Addition to r1615289. Submitted by: rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1621601 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
part of the trailers fix git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1621552 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 22, 2014
-
-
William A. Rowe Jr authored
core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior. Submitted by: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener Backports: r1610814 Reviewed by: covener, wrowe, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1619884 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 18, 2014
-
-
Daniel Gruno authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1611744 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1611595 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 16, 2014
-
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1611194 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 15, 2014
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610760 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610745 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
one-liner down first ;) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610738 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610737 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610670 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610661 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
SECURITY (CVE-2014-3523): Fix a memory consumption denial of service in the WinNT MPM used in all Windows installations. Workaround: AcceptFilter <protocol> {none|connect} Submitted by: trawick Reviewed by: jorton, covener, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610653 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610641 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 14, 2014
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610517 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610516 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610514 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
*) SECURITY: CVE-2014-0231 (cve.mitre.org) mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. [Rainer Jung, Eric Covener, Yann Ylavic] Submitted By: rjung, covener, ylavic Reviewed By: trawick, jorton, covener, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610512 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
*) SECURITY: CVE-2014-0118 (cve.mitre.org) mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of sevice via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst. Thanks to Giancarlo Pellegrino and Davide Balzarotti for reporting the issue. Submitted By: ylavic, covener Reviewed By: jorton, covener, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610503 13f79535-47bb-0310-9956-ffa450edef68
-