Skip to content
GitLab
  1. 10 Sep, 2005 1 commit
  3. 09 Sep, 2005 1 commit
  5. 01 Sep, 2005 1 commit
  7. 31 Aug, 2005 1 commit
  9. 30 Aug, 2005 4 commits
    • Colm MacCarthaigh's avatar
      · f68f2b8a
      Colm MacCarthaigh authored 
      Make my PR references consistent with everyone elses.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264881 13f79535-47bb-0310-9956-ffa450edef68
      f68f2b8a
    • Justin Erenkrantz's avatar
      mod_cgid: Refuse to work on Solaris 10 due to OS bugs. · 5aee5df8
      Justin Erenkrantz authored 
      PR: 34264


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264866 13f79535-47bb-0310-9956-ffa450edef68
      5aee5df8
    • Joe Orton's avatar
      Fix CVE CAN-2005-2700: · a344c639
      Joe Orton authored 
      * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that
renegotiation is performed for a transition from "SSLVerifyClient
optional" to "SSLVerifyClient require".

The boolean "verify_old & SSL_VERIFY_PEER_STRICT" is true if the old
context merely has optional verification configured, since the
definition of SSL_VERIFY_PEER_STRICT is
(SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_PEER).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264800 13f79535-47bb-0310-9956-ffa450edef68
      a344c639
    • Colm MacCarthaigh's avatar
      · 390c36d0
      Colm MacCarthaigh authored 
      Fix PR36410; Change how the get_suexec_identity hook is handled by CGID.
Instead of using mod_userdir and mod_suexec specific hacks, we now run the hook
on the httpd side of the handler. 

If this is NULL, we pass on a magic empty_ugid constant, otherwise pass on the
real ugid.

On the cgid side of the equation, we add our own hook, with REALLY_FIRST, and
then order the hooks. This ensures that cgid's doer runs before any other
registered get_suexec_identity doers.

We use cgid's request config to store the ugid. If ugid == empty_ugid, we DON'T
call ap_os_create_privileged_process, because our doer would return the magic
empty_ugid constant. Having the doer return NULL is no good, because then
userdir and mod_suexec's doers would be called. Instead, we call plain old
apr_proc_create(). 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264759 13f79535-47bb-0310-9956-ffa450edef68
      390c36d0
  11. 29 Aug, 2005 2 commits
  13. 28 Aug, 2005 1 commit
  15. 27 Aug, 2005 1 commit
  17. 26 Aug, 2005 1 commit
    • Colm MacCarthaigh's avatar
      · c69524da
      Colm MacCarthaigh authored 
      Implement a "graceful-stop" for the prefork MPM (might aswell do the hard one
first). 

General approach is to send SIGUSR1 to all children (which will de-listen, and
exit when finished), and to gather all children as they exit. 

We don't use a sleep(timeout) for the timeout implementation, because this
would lead to a rut of defunct children until the timeout had expired.

set_graceful_shutdown stolen from Ken Coar. See <3E84B1EC.3050007@Golux.Com>
(28 Mar 2003).



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240270 13f79535-47bb-0310-9956-ffa450edef68
      c69524da
  19. 25 Aug, 2005 2 commits
    • Jeff Trawick's avatar
      spell check · b18fa038
      Jeff Trawick authored 
      
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240101 13f79535-47bb-0310-9956-ffa450edef68
      b18fa038
    • Colm MacCarthaigh's avatar
      · 3fac3e17
      Colm MacCarthaigh authored 
      Append the .PID to the ScriptSock filename. This change ensures that multiple
running instances of httpd will not clobber each others script sockets. 

Because a different socket will be created for each instance, this change also
unlinks the script-socket on exit, to prevent pollution. 

unlink() happens from within the parent process, since the change in userid's
means the cgid process likely won't have the correct permissions.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240044 13f79535-47bb-0310-9956-ffa450edef68
      3fac3e17
  21. 24 Aug, 2005 1 commit
  23. 23 Aug, 2005 2 commits
  25. 20 Aug, 2005 2 commits
  27. 19 Aug, 2005 1 commit
  29. 12 Aug, 2005 1 commit
  31. 11 Aug, 2005 3 commits
  33. 10 Aug, 2005 1 commit
  35. 09 Aug, 2005 1 commit
  37. 21 Jul, 2005 2 commits
  39. 20 Jul, 2005 4 commits
  41. 19 Jul, 2005 1 commit
  43. 18 Jul, 2005 1 commit
  45. 17 Jul, 2005 1 commit
    • Ian Holsman's avatar
      This patch adds a new hook (request_status) that gets ran in proxy_handler · dd39e89f
      Ian Holsman authored 
      just before the final return.  This gives modules an opportunity to do
something based on the proxy status.

A couple of examples where this is useful:

-You are using a caching module and would rather return stale content rather
than an error to the client if the origin is down.

-you proxy some subrequests (using SSI - mod_include) and do not want SSI
errors when the backend is down. If you would normally return
HTTP_BAD_GATEWAY, you may have a module that serves some other content.


new hook -- so mmn bump.. i made it a major one, hope thats ok 

Patch From Brian Akins <Brian.Akins turner.com>




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@219372 13f79535-47bb-0310-9956-ffa450edef68
      dd39e89f
  47. 15 Jul, 2005 1 commit
  49. 14 Jul, 2005 1 commit
    • William A. Rowe Jr's avatar
      · 07a78f67
      William A. Rowe Jr authored 
        How can I fix thee?  let me count the ways...

  * pass a chunked body always (no-body requests don't go chunked).

  * validate that the C-L counted body length doesn't change.

  * follow RFC 2616 for C-L / T-E in the request body C-L / T-E
    election logic.

  * do not forward HTTP/1.0 requests as HTTP/1.1, unless the admin
    configures force-proxy-request-1.1

  * conn was illegible, use 2.0's p_conn.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@218978 13f79535-47bb-0310-9956-ffa450edef68
      07a78f67
  51. 08 Jul, 2005 2 commits