Skip to content
  1. Sep 12, 2005
  3. Sep 11, 2005
  5. Sep 10, 2005
  7. Sep 09, 2005
  9. Sep 01, 2005
  11. Aug 31, 2005
  13. Aug 30, 2005
    • Colm MacCarthaigh's avatar
      · f68f2b8a
      Colm MacCarthaigh authored 
      Make my PR references consistent with everyone elses.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264881 13f79535-47bb-0310-9956-ffa450edef68
      f68f2b8a
    • Justin Erenkrantz's avatar
      mod_cgid: Refuse to work on Solaris 10 due to OS bugs. · 5aee5df8
      Justin Erenkrantz authored 
      PR: 34264


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264866 13f79535-47bb-0310-9956-ffa450edef68
      5aee5df8
    • Joe Orton's avatar
      Fix CVE CAN-2005-2700: · a344c639
      Joe Orton authored 
      * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that
renegotiation is performed for a transition from "SSLVerifyClient
optional" to "SSLVerifyClient require".

The boolean "verify_old & SSL_VERIFY_PEER_STRICT" is true if the old
context merely has optional verification configured, since the
definition of SSL_VERIFY_PEER_STRICT is
(SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_PEER).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264800 13f79535-47bb-0310-9956-ffa450edef68
      a344c639
    • Colm MacCarthaigh's avatar
      · 390c36d0
      Colm MacCarthaigh authored 
      Fix PR36410; Change how the get_suexec_identity hook is handled by CGID.
Instead of using mod_userdir and mod_suexec specific hacks, we now run the hook
on the httpd side of the handler. 

If this is NULL, we pass on a magic empty_ugid constant, otherwise pass on the
real ugid.

On the cgid side of the equation, we add our own hook, with REALLY_FIRST, and
then order the hooks. This ensures that cgid's doer runs before any other
registered get_suexec_identity doers.

We use cgid's request config to store the ugid. If ugid == empty_ugid, we DON'T
call ap_os_create_privileged_process, because our doer would return the magic
empty_ugid constant. Having the doer return NULL is no good, because then
userdir and mod_suexec's doers would be called. Instead, we call plain old
apr_proc_create(). 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264759 13f79535-47bb-0310-9956-ffa450edef68
      390c36d0
  15. Aug 29, 2005
  17. Aug 28, 2005
  19. Aug 27, 2005
  21. Aug 26, 2005
    • Colm MacCarthaigh's avatar
      · c69524da
      Colm MacCarthaigh authored 
      Implement a "graceful-stop" for the prefork MPM (might aswell do the hard one
first). 

General approach is to send SIGUSR1 to all children (which will de-listen, and
exit when finished), and to gather all children as they exit. 

We don't use a sleep(timeout) for the timeout implementation, because this
would lead to a rut of defunct children until the timeout had expired.

set_graceful_shutdown stolen from Ken Coar. See <3E84B1EC.3050007@Golux.Com>
(28 Mar 2003).



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240270 13f79535-47bb-0310-9956-ffa450edef68
      c69524da
  23. Aug 25, 2005
  25. Aug 24, 2005
  27. Aug 23, 2005
  29. Aug 20, 2005
  31. Aug 19, 2005
  33. Aug 12, 2005
  35. Aug 11, 2005
  37. Aug 10, 2005
  39. Aug 09, 2005
  41. Jul 21, 2005
  43. Jul 20, 2005
  45. Jul 19, 2005
  47. Jul 18, 2005
  49. Jul 17, 2005
    • Ian Holsman's avatar
      This patch adds a new hook (request_status) that gets ran in proxy_handler · dd39e89f
      Ian Holsman authored 
      just before the final return.  This gives modules an opportunity to do
something based on the proxy status.

A couple of examples where this is useful:

-You are using a caching module and would rather return stale content rather
than an error to the client if the origin is down.

-you proxy some subrequests (using SSI - mod_include) and do not want SSI
errors when the backend is down. If you would normally return
HTTP_BAD_GATEWAY, you may have a module that serves some other content.


new hook -- so mmn bump.. i made it a major one, hope thats ok 

Patch From Brian Akins <Brian.Akins turner.com>




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@219372 13f79535-47bb-0310-9956-ffa450edef68
      dd39e89f
  51. Jul 15, 2005
  53. Jul 14, 2005
    • William A. Rowe Jr's avatar
      · 07a78f67
      William A. Rowe Jr authored 
        How can I fix thee?  let me count the ways...

  * pass a chunked body always (no-body requests don't go chunked).

  * validate that the C-L counted body length doesn't change.

  * follow RFC 2616 for C-L / T-E in the request body C-L / T-E
    election logic.

  * do not forward HTTP/1.0 requests as HTTP/1.1, unless the admin
    configures force-proxy-request-1.1

  * conn was illegible, use 2.0's p_conn.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@218978 13f79535-47bb-0310-9956-ffa450edef68
      07a78f67