diff options
author | André Malo <nd@apache.org> | 2005-09-19 18:05:49 +0000 |
---|---|---|
committer | André Malo <nd@apache.org> | 2005-09-19 18:05:49 +0000 |
commit | 0eca20652f9990c781775ef9dfef3ed3e67aaf49 (patch) | |
tree | 948bf5c775c1da166c6ba6f1f0b8ebf524149e3f | |
parent | 64f60175ae107e8360786e7525421b4c1860a771 (diff) | |
download | httpd-0eca20652f9990c781775ef9dfef3ed3e67aaf49.tar.gz |
mod_version_for_2.0.x branch:
* Merge 239611 to 290201 from branches/2.0.x
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/mod_version_for_2.0.x@290223 13f79535-47bb-0310-9956-ffa450edef68
36 files changed, 517 insertions, 357 deletions
@@ -8,7 +8,33 @@ Changes with Apache 2.0.55 accompanying ap_version_t structure (minor MMN bump). [André Malo] - *) Fix cases where the byterange filter would buffer responses + *) Add ap_log_cerror() for logging messages associated with particular + client connections. [Jeff Trawick] + + *) Correct mod_cgid's argv[0] so that the full path can be delved by the + invoked cgi application, to conform to the behavior of mod_cgi. + [Pradeep Kumar S <pradeep.smani gmail.com>] + + *) mod_include: Fix possible environment variable corruption when + using nested includes. PR 12655. [Joe Orton] + + *) Support the suppress-error-charset setting, as with Apache 1.3.x. + PR 31274. [Jeff Trawick] + + *) EBCDIC: Handle chunked input from client or, with proxy, origin + server. [Jeff Trawick] + + *) Fix bad globbing comparison which could result in getting + a directory listing when a file was requested. PR 34512. + [sean <infamous41md hotmail.com>] + + *) Fix core dump if mod_auth_ldap's mod_auth_ldap_auth_checker() + was called even if mod_auth_ldap_check_user_id() was not + (or if it didn't succeed) for non-authoritative cases. + [Jim Jagielski] + + *) SECURITY: CAN-2005-2728 (cve.mitre.org) + Fix cases where the byterange filter would buffer responses into memory. PR 29962. [Joe Orton] *) mod_proxy: Fix over-eager handling of '%' for reverse proxies. @@ -25,7 +51,7 @@ Changes with Apache 2.0.55 *) mod_ssl: Fix build with OpenSSL 0.9.8. PR 35757. [William Rowe] - *) SECURITY: CAN-2005-2088 + *) SECURITY: CAN-2005-2088 (cve.mitre.org) core: If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks. [Paul Querna, Joe Orton] @@ -213,7 +239,8 @@ Changes with Apache 2.0.53 is causing a potential problem with the LDAP shared memory cache. PR 31431 [Graham Leggett] - *) mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz] + *) SECURITY: CAN-2004-1834 (cve.mitre.org) + mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz] *) Fix the re-linking issue when purging elements from the LDAP cache PR 24801. [Jess Holle <jessh ptc.com>] @@ -1239,7 +1266,8 @@ Changes with Apache 2.0.46 names faulted the running OS2 worker process. The fix is actually in APR 0.9.4. [Brian Havard] - *) Forward port: Escape special characters (especially control + *) SECURITY: CAN-2003-0083 (cve.mitre.org) + Forward port: Escape special characters (especially control characters) in mod_log_config to make a clear distinction between client-supplied strings (with special characters) and server-side strings. This was already introduced in version 1.3.25. @@ -110,7 +110,7 @@ RELEASE SHOWSTOPPERS: httpd/branches/2.0.x/... preserving the detail of all of the individually backported changes. - +1: wrowe, jim + +1: wrowe, jim, minfrin -1: For a complete history of individual unit changes, see r230703 - r230744 in @@ -129,17 +129,7 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: - [ please append new backports at the end of this list not the top. ] - - *) several changes to improve logging of connection-oriented errors, including - ap_log_cerror() API (needs minor bump in addition to changes below) - http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/core.c?r1=1.289&r2=1.291 - http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/log.c?r1=1.150&r2=1.151 - http://cvs.apache.org/viewcvs.cgi/httpd-2.0/include/http_log.h?r1=1.46&r2=1.48 - +1: trawick, stoddard, wrowe - [wrowe notes that his previous objection is moot, based on security fixes - applied between .44 and .54 - but -please- doxygen the version of Apache - required in the API header note, for users who adopt this alternative.] + [ start all new proposals below, under PATCHES PROPOSED. ] *) mod_cgi: Added API call and overload of detached field in cgi_exec_info_t structure to support loading in current or new address @@ -172,60 +162,54 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: nd: I'm going to reverse the default jerenkrantz, striker: I'm confused as to the status of this backport. - * support/check_forensic: Fix tempfile usage - svn rev 125495, 126224 - jerenkrantz says: r126224 fixes brokenness with r125495 on Solaris. - +1: thommay, jerenkrantz, trawick - trawick: "which" isn't portable; I've suggested a work-around on dev@ - (not standing in way of backport) - jorton said: NetBSD's which isn't sufficient either. - jerenkrantz: Since it's not in the critical path (and depends on - mod_log_forensic), I think it's still worth it to backport - it as-is. For the one or two platforms that don't like - which, they can write their own version of the script. - - * Win32: Move call to mpm_service_install to the rewrite_args hook - from the post_config hook. - http://svn.apache.org/viewcvs?view=rev&rev=154319 - +1: stoddard, striker, wrowe (as corrected in subsequent patches) - - * mod_version: New Module, Backport from trunk. Requires Minor MMN Bump. - http://svn.apache.org/repos/asf/httpd/httpd/branches/mod_version_for_2.0.x - +1: pquerna, nd - Votes from before the integration branch: - +1: jerenkrantz, wrowe (trivial, would even be cool in 1.3) - - *) proxy FTP: Fix confusion about globbing characters which could lead - to getting a directory listing when a file was requested. PR 34512. - 2.1 patch was http://svn.apache.org/viewcvs?rev=179704&view=rev - 2.0 version: http://people.apache.org/~trawick/179704-20.txt - +1: trawick, jorton, wrowe - - *) Prevent bad dereferencing of non-existent req struct in - mod_auth_ldap's mod_auth_ldap_auth_checker() if - mod_auth_ldap_check_user_id() was never (fully) called. - Similar behavior to that in 2.1/2.2. - http://people.apache.org/~jim/mod_auth_ldap-2.0.patch - +1: jim, minfrin, bnicholes - - *) Add httxt2dbm for creating RewriteMap DBM Files. - http://svn.apache.org/viewcvs.cgi?rev=209539&view=rev - +1: pquerna, jorton, trawick + *) support/check_forensic: Fix tempfile usage + svn rev 125495, 126224 + jerenkrantz says: r126224 fixes brokenness with r125495 on Solaris. + +1: thommay, jerenkrantz, trawick + trawick: "which" isn't portable; I've suggested a work-around on dev@ + (not standing in way of backport) + jorton said: NetBSD's which isn't sufficient either. + jerenkrantz: Since it's not in the critical path (and depends on + mod_log_forensic), I think it's still worth it to backport + it as-is. For the one or two platforms that don't like + which, they can write their own version of the script. + (jorton agrees) + + *) Win32: Move call to mpm_service_install to the rewrite_args hook + from the post_config hook. + http://svn.apache.org/viewcvs?view=rev&rev=154319 + +1: stoddard, striker, wrowe (as corrected in subsequent patches) + + *) Add httxt2dbm for creating RewriteMap DBM Files. + http://svn.apache.org/viewcvs.cgi?rev=209539&view=rev + +1: pquerna, jorton, trawick -PATCHES PROPOSED TO BACKPORT FROM TRUNK: - [ please place SVN revisions from trunk here, so it is easy to - identify exactly what the proposed changes are! ] + *) Remove the base href tag from mod_proxy_ftp, as it breaks relative + links for clients not using an Authorization header. + modules/proxy/mod_proxy_ftp.c: r231044 + +1: minfrin, jim, nd + + *) mod_version: New Module, Backport from trunk. Requires Minor MMN Bump. + http://svn.apache.org/repos/asf/httpd/httpd/branches/mod_version_for_2.0.x + +1: pquerna, nd, wrowe + Votes from before the integration branch: +1: jerenkrantz *) Fix CAN-2005-2491, integer overflow in pcre. http://svn.apache.org/viewcvs?rev=233493&view=rev rediff for 2.0: http://people.apache.org/~jorton/CAN-2005-2491.patch test case: perl-framework/t/security/CAN-2005-2491.t - +1: jorton, nd + +1: jorton, nd, wrowe - *) Remove the base href tag from mod_proxy_ftp, as it breaks relative - links for clients not using an Authorization header. - modules/proxy/mod_proxy_ftp.c: r231044 - +1: minfrin, jim, nd +PATCHES PROPOSED TO BACKPORT FROM TRUNK: + [ please place SVN revisions from trunk here, so it is easy to + identify exactly what the proposed changes are! Add all new + proposals to the end of this list. ] + + *) Fix CAN-2005-2700, mod_ssl SSLVerifyClient bug + http://svn.apache.org/viewcvs?rev=264800&view=rev + test case: perl-framework/t/security/CAN-2005-2700.t + +1: jorton, wrowe + wrowe cautions to backport to 2.2.x branch as well. *) Correct RFC 2616 non-compliance by refusing to proxy a request body in a TRACE request, unless TraceEnable extended is configured. @@ -233,7 +217,11 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: full control of TRACE request handling. RFC 2616 does NOT require TRACE (although to disable remains silly). Current patch at; http://people.apache.org/~wrowe/httpd-2.0-trace.patch - +1 wrowe, jimjag + +1 wrowe, jimjag, colm + colm notes: There are some \n's in apr_table_setn calls that are + not consistent with other calls to apr_table_setn. + There is no documentation for TraceEnable in trunk to + backport, shouldn't release while still undocumented. *) mod_headers: Support {...}s tag for SSL variable lookup. http://www.apache.org/~jorton/mod_headers-2.0-ssl.diff @@ -287,50 +275,26 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: rediffed for 2.0.x as: http://issues.apache.org/bugzilla/attachment.cgi?id=14804 PR: 34452 - +1: jorton - - *) EBCDIC: Handle chunked input from client or, with proxy, origin - server. - http://svn.apache.org/viewcvs?rev=178262&view=rev - (With 2.0.x it is the same code in the same function, but in - a different source file.) - +1: trawick, wrowe, nd - - *) Support the suppress-error-charset setting, as with Apache 1.3.x. - PR 31274. (current docs say it works with Apache from 2.0.40 ;) ) - http://svn.apache.org/viewcvs?rev=170354&view=rev - +1: trawick, jorton, nd - - *) mod_mime_magic: Handle CRLF-format magic files so that it works with - the default installation on Windows. + +1: jorton, trawick + + *) mod_mime_magic: Handle CRLF-format^H^H^H^H^H^H^H magic files + with any trailing whitespace so that it works with the + default installation on Windows. http://svn.apache.org/viewcvs?rev=179622&view=rev + http://svn.apache.org/viewcvs?rev=280114&view=rev +1: trawick, wrowe - wrowe asks: is it possible to simply strip trailing whitespace instead - of special handling for the end of line characters? - Seems more portable. - trawick says: makes sense; searching for bandwidth + backported 280114 to 2.2.x branch already *) mod_cache: Fix handling of 'Vary: *". PR 16125. Trunk: r180341 2.0.x Patch: http://issues.apache.org/bugzilla/attachment.cgi?id=15297 - +1: pquerna + +1: pquerna, jerenkrantz, colm + jerenkrantz notes: I do prefer the version from r190033 (own if check). *) mod_ssl: Fix buffering in SSL output filter. http://svn.apache.org/viewcvs?rev=189971&view=rev PR: 35279 - +1: jorton - - *) mod_include: Fix possible variable corruption with nested - includes. - http://svn.apache.org/viewcvs?rev=179763&view=rev - 2.0.x patch: http://people.apache.org/~jorton/ap_pr12655.patch - test case in perl-framework/t/modules/include.t - PR: 12655 - +1: jorton, nd - - *) mod_auth_digest: Fix hostinfo validation for CONNECT requests. - http://svn.apache.org/viewcvs.cgi?rev=193127&view=rev - +1: jorton, nd + +1: jorton, jerenkrantz *) Reverse Proxy fixes: <Location> bug and Cookie support Patch is at @@ -338,6 +302,39 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: and is in production with Clients. +1: niq, nd niq: I'm seeing *a lot* of demand for this. + jerenkrantz: Didn't a variant of this get committed to trunk? + If so, what revision? And, is there a clean patch for + 2.0? (The patch in that message isn't clean.) + + *) Block mod_cgid usage on Solaris 10 due to OS bugs. PR 34264. + http://svn.apache.org/viewcvs?view=rev&rev=264866 + +1: jerenkrantz, colm + + *) mod_cgid: Fix PR 36410. Invoke the set_suexec_identity hook from + the non-cgid side of the handler, where the full per-server/dir/etc + configuration is available instead of using two mod_suexec and + mod_userdir specific hacks. See mod_vhost_ldap for an example + third-party get_suexec_identity implementation. + http://people.apache.org/~colm/2.0.x-suexec-cgid.patch + +1: colm + + *) Add ReceiveBufferSize directive to control the TCP receive buffer. + code: http://svn.apache.org/viewcvs?view=rev&rev=157583 + http://svn.apache.org/viewcvs?rev=280401&view=rev + docs: http://svn.apache.org/viewcvs?rev=280384&view=rev + +1: stas + -0: colm + colm: It's a useful feature, but TCP window size selection + algorithims can be pretty "interesting", probably more + 2.2. + + *) mod_ldap: Fix PR 36563. Keep track of the number of attributes + retrieved from LDAP so that all of the values can be properly + cached even if the value is NULL. + http://issues.apache.org/bugzilla/attachment.cgi?id=16429 + or + http://svn.apache.org/viewcvs.cgi?rev=156587&view=rev + +1: bnicholes PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON: @@ -376,125 +373,125 @@ PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON: 2.0, just let 'em in -1: wrowe (as nd suggests, leave the dead horse in peace.) - * Replace some of the mutex locking in the worker MPM with - atomic operations for higher concurrency. - server/mpm/worker/fdqueue.c 1.24, 1.25 - +1: brianp, ianh, jjclar - trawick: Doesn't this make Apache 2.0.next slower except - when the right atomic operations are available/ - implemented? (Due to under-the-covers mutex - operations when the dummy atomics are used?) - pquerna: Has anyone tested the performance differences - for different platforms? At this point I would - favour waiting for 2.2. - -0: stoddard (at least until the performance implications are clarified) - - * Allow mod_dav to do weak entity comparison functions. - modules/dav/main/util.c: r1.45 - [ This one is under review. Don't merge. ] - +1: - - * mod_negotiation: parse quality values independent from - the current locale and level values as integers. PR 17564. - (essentially: get a rid of atof()) (2.0 + 1.3) - modules/mappers/mod_negotiation.c: r1.114 - +1: nd + *) Replace some of the mutex locking in the worker MPM with + atomic operations for higher concurrency. + server/mpm/worker/fdqueue.c 1.24, 1.25 + +1: brianp, ianh, jjclar + trawick: Doesn't this make Apache 2.0.next slower except + when the right atomic operations are available/ + implemented? (Due to under-the-covers mutex + operations when the dummy atomics are used?) + pquerna: Has anyone tested the performance differences + for different platforms? At this point I would + favour waiting for 2.2. + -0: stoddard (at least until the performance implications are clarified) + + *) Allow mod_dav to do weak entity comparison functions. + modules/dav/main/util.c: r1.45 + [ This one is under review. Don't merge. ] + +1: + + *) mod_negotiation: parse quality values independent from + the current locale and level values as integers. PR 17564. + (essentially: get a rid of atof()) (2.0 + 1.3) + modules/mappers/mod_negotiation.c: r1.114 + +1: nd We need to decide what happens with unparsable qvalues. RFC 2616 states that q defaults to 1. (see 14.1 - 14.4). So should wrong qvalues be returned as 1.0 or 0.0 (as atof() did)? 1.0: nd 0.0: jim (a default != an "errored" value) - * Keep the same SSLMutex for the lifetime of the parent process - (instead of having children using different mutexes and failing - to lock the session cache across restarts.) - New patch forthcoming - JimJag's changes make the merge ugly. - +1: wrowe - +1 (concept): jim (final vote when the patch is available) - - * Fix the SSLMutex config parser so that all 'mechanisms' can take - a filename, even if ignored, and they are rooted to the full path - to the server (except for posixsem locks). This allows a very - cross-platform default:logs/ssl_mutex to be used everywhere. Also - eliminates the '.pid' suffix so that the name given is the name. - Allows Win32 and other non-unicies to use named locks. - New patch forthcoming - JimJag's changes make the merge ugly. - +1: wrowe - +1 (concept): jim (final vote when the patch is available) - - * mod_ssl: Drop SSL_EXPERIMENTAL_ENGINE test in favor of testing for the - ENGINE_init() function in config.m4, and use HAVE_ENGINE_INIT instead. - wrowe notes that this feature is a noop until configured with SSLEngine. - http://www.apache.org/~wrowe/have_engine_init.patch for a clean 2.0 patch. - modules/ssl/README 1.40 - modules/ssl/config.m4 1.14 - modules/ssl/mod_ssl.c 1.79 - modules/ssl/mod_ssl.h 1.135 - modules/ssl/ssl_engine_config.c 1.78 - modules/ssl/ssl_engine_init.c 1.113 - modules/ssl/ssl_toolkit_compat.c 1.33 - +0: wrowe {Pending research into how to get AC to use -lsockets et. al., - shows breakage on Solaris which can't -lcrypto -lssl without - the extra pkgconfig/openssl.pc Libs: * foo } - - * mod_ssl: fix a link failure when the openssl-engine libraries are - present but the engine headers are missing. - modules/ssl/mod_ssl.c: r1.87 - modules/ssl/mod_ssl.h: r1.139 - modules/ssl/ssl_engine_config.c: r1.82 - PREREQ: Blow away of SSL_EXPERIMENTAL_ENGINE (see above) - +1: jwoolley, trawick, jim, jerenkrantz - - * When UseCanonicalName is set to OFF, allow ap_get_server_port to - check r->connection->local_addr->port before defaulting to - server->port or ap_default_port() - server/core.c r1.247 - +1: bnicholes, jim, wrowe + *) Keep the same SSLMutex for the lifetime of the parent process + (instead of having children using different mutexes and failing + to lock the session cache across restarts.) + New patch forthcoming - JimJag's changes make the merge ugly. + +1: wrowe + +1 (concept): jim (final vote when the patch is available) + + *) Fix the SSLMutex config parser so that all 'mechanisms' can take + a filename, even if ignored, and they are rooted to the full path + to the server (except for posixsem locks). This allows a very + cross-platform default:logs/ssl_mutex to be used everywhere. Also + eliminates the '.pid' suffix so that the name given is the name. + Allows Win32 and other non-unicies to use named locks. + New patch forthcoming - JimJag's changes make the merge ugly. + +1: wrowe + +1 (concept): jim (final vote when the patch is available) + + *) mod_ssl: Drop SSL_EXPERIMENTAL_ENGINE test in favor of testing for the + ENGINE_init() function in config.m4, and use HAVE_ENGINE_INIT instead. + wrowe notes that this feature is a noop until configured with SSLEngine. + http://www.apache.org/~wrowe/have_engine_init.patch for a clean 2.0 patch. + modules/ssl/README 1.40 + modules/ssl/config.m4 1.14 + modules/ssl/mod_ssl.c 1.79 + modules/ssl/mod_ssl.h 1.135 + modules/ssl/ssl_engine_config.c 1.78 + modules/ssl/ssl_engine_init.c 1.113 + modules/ssl/ssl_toolkit_compat.c 1.33 + +0: wrowe {Pending research into how to get AC to use -lsockets et. al., + shows breakage on Solaris which can't -lcrypto -lssl without + the extra pkgconfig/openssl.pc Libs: * foo } + + *) mod_ssl: fix a link failure when the openssl-engine libraries are + present but the engine headers are missing. + modules/ssl/mod_ssl.c: r1.87 + modules/ssl/mod_ssl.h: r1.139 + modules/ssl/ssl_engine_config.c: r1.82 + PREREQ: Blow away of SSL_EXPERIMENTAL_ENGINE (see above) + +1: jwoolley, trawick, jim, jerenkrantz + + *) When UseCanonicalName is set to OFF, allow ap_get_server_port to + check r->connection->local_addr->port before defaulting to + server->port or ap_default_port() + server/core.c r1.247 + +1: bnicholes, jim, wrowe 0: nd, jerenkrantz - nd: can the local_addr->port ever be 0? - bnicholes response: I couldn't tell you for sure if local_addr->port - could be 0. But it makes sense that if it were then Apache - wouldn't be listening on any port so it wouldn't matter anyway. - nd replies: But if it can't be 0 the alternatives thereafter make no - sense anymore, right? - jim proposes: UseCanonicalName Client directive - which implements this, keeping UseCanonicalName Off - "as is". - - * ThreadStackSize for Win32 and threaded MPMs - trawick will eventually put together a patch for httpd 2.0.next - +1 concept: trawick, nd, stoddard, wrowe + nd: can the local_addr->port ever be 0? + bnicholes response: I couldn't tell you for sure if local_addr->port + could be 0. But it makes sense that if it were then Apache + wouldn't be listening on any port so it wouldn't matter anyway. + nd replies: But if it can't be 0 the alternatives thereafter make no + sense anymore, right? + jim proposes: UseCanonicalName Client directive + which implements this, keeping UseCanonicalName Off + "as is". + + *) ThreadStackSize for Win32 and threaded MPMs + trawick will eventually put together a patch for httpd 2.0.next + +1 concept: trawick, nd, stoddard, wrowe - * don't propagate input headers describing a body to a GET subrequest - with no body - http://svn.apache.org/viewcvs?view=rev&rev=158798 - http://svn.apache.org/viewcvs?view=rev&rev=159410 - http://svn.apache.org/viewcvs?view=rev&rev=160573 - +1: gregames - -1: jerenkrantz (read_length isn't a sufficient check to see if a body + *) don't propagate input headers describing a body to a GET subrequest + with no body + http://svn.apache.org/viewcvs?view=rev&rev=158798 + http://svn.apache.org/viewcvs?view=rev&rev=159410 + http://svn.apache.org/viewcvs?view=rev&rev=160573 + +1: gregames + -1: jerenkrantz (read_length isn't a sufficient check to see if a body is present in the request; presence of T-E and C-L in the headers is the correct flag.) - gregames: done in rev 160573 - ±0: wrowe (this has a negative impact on modules who wish to 'inspect' - the headers, e.g. an xml transformation affected by the query - string or request POST args. The right solution is adopt apreq, - providing an API for filters to participate in POST bodies.) - gregames: this does not affect POSTs. the affected function helps - create a GET subrequest with no body and is unprepared to deal with - subrequest bodies. any modules or applications wishing to - inspect headers will in fact work better because the headers will - reflect reality. + gregames: done in rev 160573 + ±0: wrowe (this has a negative impact on modules who wish to 'inspect' + the headers, e.g. an xml transformation affected by the query + string or request POST args. The right solution is adopt apreq, + providing an API for filters to participate in POST bodies.) + gregames: this does not affect POSTs. the affected function helps + create a GET subrequest with no body and is unprepared to deal with + subrequest bodies. any modules or applications wishing to + inspect headers will in fact work better because the headers will + reflect reality. CURRENT VOTES: - * Promote mod_ldap and mod_auth_ldap from experimental to - non experimental status. - +1: bnicholes, wrowe - +0: minfrin (wait till the last cache bugs are ironed out) - -1: jerenkrantz + *) Promote mod_ldap and mod_auth_ldap from experimental to + non experimental status. + +1: bnicholes, wrowe + +0: minfrin (wait till the last cache bugs are ironed out) + -1: jerenkrantz - * httpd-std.conf and friends; + *) httpd-std.conf and friends; a) httpd-std.conf should be tailored by install (from src or binbuild) even if user has existing httpd.conf @@ -527,28 +524,28 @@ CURRENT VOTES: include the updated directives and inline comments that explain the changes and make the 'diff' more useful. - * If the parent process dies, should the remaining child processes - "gracefully" self-terminate. Or maybe we should make it a runtime - option, or have a concept of 2 parent processes (one being a - "hot spare"). - See: Message-ID: <3C58232C.FE91F19F@Golux.Com> + *) If the parent process dies, should the remaining child processes + "gracefully" self-terminate. Or maybe we should make it a runtime + option, or have a concept of 2 parent processes (one being a + "hot spare"). + See: Message-ID: <3C58232C.FE91F19F@Golux.Com> - Self-destruct: Ken, Martin - Not self-destruct: BrianP, Ian, Cliff, BillS - Make it runtime configurable: Aaron, Justin, wrowe, rederpj, jim, nd + Self-destruct: Ken, Martin + Not self-destruct: BrianP, Ian, Cliff, BillS + Make it runtime configurable: Aaron, Justin, wrowe, rederpj, jim, nd - /* The below was a concept on *how* to handle the problem */ - Have 2 parents: +1: jim - -1: Justin, wrowe, rederpj, nd - +0: Martin (while standing by, could it do + /* The below was a concept on *how* to handle the problem */ + Have 2 parents: +1: jim + -1: Justin, wrowe, rederpj, nd + +0: Martin (while standing by, could it do something useful?) - * Make the worker MPM the default MPM for threaded Unix boxes. - +1: Justin, Ian, Cliff, BillS, striker - +0: BrianP, Aaron (mutex contention is looking better with the - latest code, let's continue tuning and testing), rederpj, jim - -0: Lars, wrowe (let's make this defacto for the 2.2 release.), - nd (for 2.0) + *) Make the worker MPM the default MPM for threaded Unix boxes. + +1: Justin, Ian, Cliff, BillS, striker + +0: BrianP, Aaron (mutex contention is looking better with the + latest code, let's continue tuning and testing), rederpj, jim + -0: Lars, wrowe (let's make this defacto for the 2.2 release.), + nd (for 2.0) RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: diff --git a/configure.in b/configure.in index f1cccd46ea..9f547ab111 100644 --- a/configure.in +++ b/configure.in @@ -590,7 +590,7 @@ dnl Ensure that docs/conf is created. test -d docs/conf||$mkdir_p docs/conf dnl Ensure that the httpd version is included -HTTPD_VERSION=`build/get-version.sh all include/ap_release.h AP_SERVER` +HTTPD_VERSION=`$srcdir/build/get-version.sh all $srcdir/include/ap_release.h AP_SERVER` AC_SUBST(HTTPD_VERSION) AC_OUTPUT($APACHE_OUTPUT_FILES docs/conf/httpd-std.conf docs/conf/ssl-std.conf include/ap_config_layout.h support/apxs support/apachectl support/dbmmanage support/envvars-std support/log_server_status support/logresolve.pl support/phf_abuse_log.cgi support/split-logfile build/rules.mk build/pkg/pkginfo,[true],[ diff --git a/docs/manual/env.html.en b/docs/manual/env.html.en index 00930fc98d..a1a4dc21ec 100644 --- a/docs/manual/env.html.en +++ b/docs/manual/env.html.en @@ -303,7 +303,7 @@ <h3><a name="suppress-error-charset" id="suppress-error-charset">suppress-error-charset</a></h3> - <p><em>Available in versions after 2.0.40</em></p> + <p><em>Available in versions after 2.0.54</em></p> <p>When Apache issues a redirect in response to a client request, the response includes some actual text to be displayed in case diff --git a/docs/manual/env.html.es b/docs/manual/env.html.es index 6a028eb29d..c2bb03321b 100644 --- a/docs/manual/env.html.es +++ b/docs/manual/env.html.es @@ -24,6 +24,10 @@ <a href="./ja/env.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | <a href="./ko/env.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p> </div> +<div class="outofdate">Esta traducción podría estar + obsoleta. Consulte la versión en inglés de la + documentación para comprobar si se han producido cambios + recientemente.</div> <p>El servidor HTTP Apache HTTP ofrece un mecanismo para almacenar información en variables especiales que se llaman diff --git a/docs/manual/env.html.fr b/docs/manual/env.html.fr index 4684ffb955..4d519cabd6 100644 --- a/docs/manual/env.html.fr +++ b/docs/manual/env.html.fr @@ -24,6 +24,8 @@ <a href="./ja/env.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | <a href="./ko/env.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p> </div> +<div class="outofdate">Cette traduction peut être périmée. Consultez la version + Anglaise pour les changements récents.</div> <p>Le serveur HTTP Apache permet de conserver et d'utiliser certaines informations dans des variables appelées <em>variables diff --git a/docs/manual/env.xml b/docs/manual/env.xml index 1d4728f5b3..e7d0b425aa 100644 --- a/docs/manual/env.xml +++ b/docs/manual/env.xml @@ -339,7 +339,7 @@ <section id="suppress-error-charset"> <title>suppress-error-charset</title> - <p><em>Available in versions after 2.0.40</em></p> + <p><em>Available in versions after 2.0.54</em></p> <p>When Apache issues a redirect in response to a client request, the response includes some actual text to be displayed in case diff --git a/docs/manual/env.xml.es b/docs/manual/env.xml.es index 9474beef55..b95dc2620c 100644 --- a/docs/manual/env.xml.es +++ b/docs/manual/env.xml.es @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd"> <?xml-stylesheet type="text/xsl" href="./style/manual.es.xsl"?> -<!-- English Revision: 151405 --> +<!-- English Revision: 151405:240425 (outdated) --> <!-- Copyright 2002-2005 The Apache Software Foundation or its licensors, diff --git a/docs/manual/env.xml.fr b/docs/manual/env.xml.fr index 862b74b967..ace3863b3f 100644 --- a/docs/manual/env.xml.fr +++ b/docs/manual/env.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="ISO-8859-1" ?> <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd"> <?xml-stylesheet type="text/xsl" href="./style/manual.fr.xsl"?> -<!-- English Revision: 151405 --> +<!-- English Revision: 151405:240425 (outdated) --> <!-- French Translation by Vincent Deffontaines, review by alain B --> <!-- diff --git a/docs/manual/env.xml.ja b/docs/manual/env.xml.ja index 5aeae6ecac..34a3d3fbee 100644 --- a/docs/manual/env.xml.ja +++ b/docs/manual/env.xml.ja @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="iso-2022-jp" ?> <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd"> <?xml-stylesheet type="text/xsl" href="./style/manual.ja.xsl"?> -<!-- English Revision: 106090:151405 (outdated) --> +<!-- English Revision: 106090:240425 (outdated) --> <!-- Copyright 2002-2004 The Apache Software Foundation diff --git a/docs/manual/env.xml.ko b/docs/manual/env.xml.ko index f66b7e386e..46efcac479 100644 --- a/docs/manual/env.xml.ko +++ b/docs/manual/env.xml.ko @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="EUC-KR" ?> <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd"> <?xml-stylesheet type="text/xsl" href="./style/manual.ko.xsl"?> -<!-- English Revision: 106090:151405 (outdated) --> +<!-- English Revision: 106090:240425 (outdated) --> <!-- Copyright 2003-2004 The Apache Software Foundation diff --git a/docs/manual/env.xml.meta b/docs/manual/env.xml.meta index c33c15a6b8..15a8fdf305 100644 --- a/docs/manual/env.xml.meta +++ b/docs/manual/env.xml.meta @@ -7,8 +7,8 @@ <variants> <variant>en</variant> - <variant>es</variant> - <variant>fr</variant> + <variant outdated="yes">es</variant> + <variant outdated="yes">fr</variant> <variant outdated="yes">ja</variant> <variant outdated="yes">ko</variant> </variants> diff --git a/docs/manual/install.html.de b/docs/manual/install.html.de index 3741a81e55..38959b39f4 100644 --- a/docs/manual/install.html.de +++ b/docs/manual/install.html.de @@ -25,9 +25,6 @@ <a href="./ko/install.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | <a href="./ru/install.html" hreflang="ru" rel="alternate" title="Russian"> ru </a></p> </div> -<div class="outofdate">Diese Übersetzung ist möglicherweise - nicht mehr aktuell. Bitte prüfen Sie die englische Version auf - die neuesten Änderungen.</div> <p>Dieses Dokument umfaßt nur die Kompilierung und Installation des Apache auf Unix und Unix-ähnlichen Systemen. Für die @@ -162,17 +159,17 @@ <dd>Für einige Hilfsskripte wie <code class="program"><a href="./programs/apxs.html">apxs</a></code> oder <code class="program"><a href="./programs/dbmmanage.html">dbmmanage</a></code> (die in Perl geschrieben sind) wird der Perl 5 Interpreter benötigt (die - Versionen ab 5.003 sind ausreichend). Wenn kein derartiger Interpreter - vom <code class="program"><a href="./programs/configure.html">configure</a></code>-Skript gefunden werden kann, macht das - jedoch nichts. Selbstverständlich können Sie den Apache 2.0 - auch so generieren und installieren. Lediglich diese Pflegeskripte - können dann nicht verwendet werden. Wenn Sie mehrere Perl - Interpreter installiert haben (vielleicht Perl 4 durch Ihren - Händler und Perl 5 durch Sie selbst), dann ist die Verwendung der - <code>--with-perl</code> Option (siehe unten) empfehlenswert, um + Versionen ab 5.003 sind ausreichend). Wenn Sie mehrere Perl + Interpreter haben (beispielsweise eine systemweite Installation von + Perl 4 und Ihre eigene Perl 5-Installation), dann sollten Sie die + <code>--with-perl</code>-Option (siehe unten) verwenden, um sicherzustellen, dass der richtige Interpreter von - <code class="program"><a href="./programs/./configure.html">./configure</a></code> ausgewählt wird.</dd> - </dl> + <code class="program"><a href="./programs/configure.html">configure</a></code> ausgewählt wird. + Wenn kein Perl 5-Interpreter vom <code class="program"><a href="./programs/configure.html">configure</a></code>-Skript + gefunden werden kann, können Sie die betroffenen Hilfsskripte nicht + verwenden, sind jedoch selbstverständlich nach wie vor in der Lage, + den Apache 2.0 zu bauen und zu installieren.</dd> + </dl> </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> <div class="section"> <h2><a name="download" id="download">Download</a></h2> diff --git a/docs/manual/install.xml.de b/docs/manual/install.xml.de index 9cbd30c6c1..fb4c8a1024 100644 --- a/docs/manual/install.xml.de +++ b/docs/manual/install.xml.de @@ -1,10 +1,11 @@ <?xml version='1.0' encoding='UTF-8' ?> <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd"> <?xml-stylesheet type="text/xsl" href="./style/manual.de.xsl"?> -<!-- English Revision: 178522:239259 (outdated) --> +<!-- English Revision: 239259 --> <!-- - Copyright 2002-2004 The Apache Software Foundation + Copyright 2002-2005 The Apache Software Foundation or its licensors, + as applicable Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -152,17 +153,17 @@ <dd>Für einige Hilfsskripte wie <program>apxs</program> oder <program>dbmmanage</program> (die in Perl geschrieben sind) wird der Perl 5 Interpreter benötigt (die - Versionen ab 5.003 sind ausreichend). Wenn kein derartiger Interpreter - vom <program>configure</program>-Skript gefunden werden kann, macht das - jedoch nichts. Selbstverständlich können Sie den Apache 2.0 - auch so generieren und installieren. Lediglich diese Pflegeskripte - können dann nicht verwendet werden. Wenn Sie mehrere Perl - Interpreter installiert haben (vielleicht Perl 4 durch Ihren - Händler und Perl 5 durch Sie selbst), dann ist die Verwendung der - <code>--with-perl</code> Option (siehe unten) empfehlenswert, um + Versionen ab 5.003 sind ausreichend). Wenn Sie mehrere Perl + Interpreter haben (beispielsweise eine systemweite Installation von + Perl 4 und Ihre eigene Perl 5-Installation), dann sollten Sie die + <code>--with-perl</code>-Option (siehe unten) verwenden, um sicherzustellen, dass der richtige Interpreter von - <program>./configure</program> ausgewählt wird.</dd> - </dl> + <program>configure</program> ausgewählt wird. + Wenn kein Perl 5-Interpreter vom <program>configure</program>-Skript + gefunden werden kann, können Sie die betroffenen Hilfsskripte nicht + verwenden, sind jedoch selbstverständlich nach wie vor in der Lage, + den Apache 2.0 zu bauen und zu installieren.</dd> + </dl> </section> <section id="download"><title>Download</title> diff --git a/docs/manual/install.xml.meta b/docs/manual/install.xml.meta index e0e35e7b9e..cfba4de2d8 100644 --- a/docs/manual/install.xml.meta +++ b/docs/manual/install.xml.meta @@ -6,7 +6,7 @@ <relpath>.</relpath> <variants> - <variant outdated="yes">de</variant> + <variant>de</variant> <variant>en</variant> <variant outdated="yes">es</variant> <variant outdated="yes">ja</variant> diff --git a/docs/manual/mod/core.html.de b/docs/manual/mod/core.html.de index 7c4ce3b5bd..f6722f9584 100644 --- a/docs/manual/mod/core.html.de +++ b/docs/manual/mod/core.html.de @@ -1858,21 +1858,19 @@ HTTP-Request-Headers</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr> <tr><th><a href="directive-dict.html#Module">Modul:</a></th><td>core</td></tr> </table> - <p>Die Direktive gibt die Anzahl der <var>Bytes</var> zwischen 0 - und dem Wert der zur Kompilierungszeit definierten Konstante - <code>DEFAULT_LIMIT_REQUEST_FIELDSIZE</code> (<code>8190</code> bei - der Auslieferung) an, die in einem HTTP-Header erlaubt sind.</p> + <p>Die Direktive gibt die Anzahl der <var>Bytes</var> an, die in einem + HTTP-Header erlaubt sind.</p> <p>Die Direktive <code class="directive">LimitRequestFieldsize</code> erlaubt es dem Serveradministrator, die maximale Größe eines - HTTP-Request-Headers auf einen Wert unterhalb der normalen, im Server - einkompilierten Größe des Eingabepuffers zu verringern. - Für den Server muss der Wert groß genug sein, um eine beliebige - Headerzeile einer normalen Client-Anfrage vorzuhalten. Die - Größe variiert stark zwischen den verschiedenen - Client-Ausführungen, oft abhängig vom Ausmaß, mit dem - der Anwender die genaue Content-Negotiation-Unterstützung seines - Browsers konfiguriert hat.</p> + HTTP-Request-Headers zu verringern oder erhöhen. Für den Server + muss der Wert groß genug sein, um eine beliebige Headerzeile einer + normalen Client-Anfrage vorzuhalten. Die Größe variiert stark + zwischen den verschiedenen Client-Ausführungen, oft abhängig vom + Ausmaß, mit dem der Anwender die genaue + Content-Negotiation-Unterstützung seines Browsers konfiguriert hat. + SPNEGO-Authentisierungs-Header können bis zu 12392 Bytes lang + sein.</p> <p>Die Direktive gibt dem Serveradministrator eine größere Kontrolle gegenüber abnormalem Verhalten von Clients, was bei der @@ -1888,6 +1886,10 @@ HTTP-Request-Headers</td></tr> <div class="note">Unter normalen Umständen sollte die Voreinstellung nicht verändert werden.</div> + <div class="note">Sie benötigen mindestens Apache 2.0.53, um das Limit + über den einkompilierten Wert von DEFAULT_LIMIT_REQUEST_FIELDSIZE + hinaus zu setzen (8190 bei der Auslieferung).</div> + </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="directive-section"><h2><a name="LimitRequestLine" id="LimitRequestLine">LimitRequestLine</a>-<a name="limitrequestline" id="limitrequestline">Direktive</a></h2> diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en index 85071070f8..85747b2b85 100644 --- a/docs/manual/mod/core.html.en +++ b/docs/manual/mod/core.html.en @@ -1753,21 +1753,18 @@ client</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr> </table> - <p>This directive specifies the number of <var>bytes</var> from 0 - to the value of the compile-time constant - <code>DEFAULT_LIMIT_REQUEST_FIELDSIZE</code> (8190 as - distributed) that will be allowed in an HTTP request - header.</p> + <p>This directive specifies the number of <var>bytes</var> + that will be allowed in an HTTP request header.</p> <p>The <code class="directive">LimitRequestFieldSize</code> directive - allows the server administrator to reduce the limit on the allowed - size of an HTTP request header field below the normal input buffer - size compiled with the server. A server needs this value to be - large enough to hold any one header field from a normal client - request. The size of a normal request header field will vary - greatly among different client implementations, often depending - upon the extent to which a user has configured their browser to - support detailed content negotiation.</p> + allows the server administrator to reduce or increase the limit + on the allowed size of an HTTP request header field. A server + needs this value to be large enough to hold any one header field + from a normal client request. The size of a normal request header + field will vary greatly among different client implementations, + often depending upon the extent to which a user has configured + their browser to support detailed content negotiation. SPNEGO + authentication headers can be up to 12392 bytes.</p> <p>This directive gives the server administrator greater control over abnormal client request behavior, which may be @@ -1782,6 +1779,11 @@ client</td></tr> <div class="note">Under normal conditions, the value should not be changed from the default.</div> + <div class="note">Apache 2.0.53 or higher is required for increasing the + limit above the compiled-in value of DEFAULT_LIMIT_REQUEST_FIELDSIZE + (8190 as distributed). + </div> + </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml index 134c8a8480..10d8a21f6c 100644 --- a/docs/manual/mod/core.xml +++ b/docs/manual/mod/core.xml @@ -1718,21 +1718,18 @@ client</description> <contextlist><context>server config</context></contextlist> <usage> - <p>This directive specifies the number of <var>bytes</var> from 0 - to the value of the compile-time constant - <code>DEFAULT_LIMIT_REQUEST_FIELDSIZE</code> (8190 as - distributed) that will be allowed in an HTTP request - header.</p> + <p>This directive specifies the number of <var>bytes</var> + that will be allowed in an HTTP request header.</p> <p>The <directive>LimitRequestFieldSize</directive> directive - allows the server administrator to reduce the limit on the allowed - size of an HTTP request header field below the normal input buffer - size compiled with the server. A server needs this value to be - large enough to hold any one header field from a normal client - request. The size of a normal request header field will vary - greatly among different client implementations, often depending - upon the extent to which a user has configured their browser to - support detailed content negotiation.</p> + allows the server administrator to reduce or increase the limit + on the allowed size of an HTTP request header field. A server + needs this value to be large enough to hold any one header field + from a normal client request. The size of a normal request header + field will vary greatly among different client implementations, + often depending upon the extent to which a user has configured + their browser to support detailed content negotiation. SPNEGO + authentication headers can be up to 12392 bytes.</p> <p>This directive gives the server administrator greater control over abnormal client request behavior, which may be @@ -1747,6 +1744,11 @@ client</description> <note>Under normal conditions, the value should not be changed from the default.</note> + <note>Apache 2.0.53 or higher is required for increasing the + limit above the compiled-in value of DEFAULT_LIMIT_REQUEST_FIELDSIZE + (8190 as distributed). + </note> + </usage> </directivesynopsis> diff --git a/docs/manual/mod/core.xml.de b/docs/manual/mod/core.xml.de index 953e92263a..07c9d4f441 100644 --- a/docs/manual/mod/core.xml.de +++ b/docs/manual/mod/core.xml.de @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.de.xsl"?> -<!-- English Revision: 167961 --> +<!-- English Revision: 279024 --> <!-- Copyright 2003-2004 The Apache Software Foundation @@ -1820,21 +1820,19 @@ HTTP-Request-Headers</description> <contextlist><context>server config</context></contextlist> <usage> - <p>Die Direktive gibt die Anzahl der <var>Bytes</var> zwischen 0 - und dem Wert der zur Kompilierungszeit definierten Konstante - <code>DEFAULT_LIMIT_REQUEST_FIELDSIZE</code> (<code>8190</code> bei - der Auslieferung) an, die in einem HTTP-Header erlaubt sind.</p> + <p>Die Direktive gibt die Anzahl der <var>Bytes</var> an, die in einem + HTTP-Header erlaubt sind.</p> <p>Die Direktive <directive>LimitRequestFieldsize</directive> erlaubt es dem Serveradministrator, die maximale Größe eines - HTTP-Request-Headers auf einen Wert unterhalb der normalen, im Server - einkompilierten Größe des Eingabepuffers zu verringern. - Für den Server muss der Wert groß genug sein, um eine beliebige - Headerzeile einer normalen Client-Anfrage vorzuhalten. Die - Größe variiert stark zwischen den verschiedenen - Client-Ausführungen, oft abhängig vom Ausmaß, mit dem - der Anwender die genaue Content-Negotiation-Unterstützung seines - Browsers konfiguriert hat.</p> + HTTP-Request-Headers zu verringern oder erhöhen. Für den Server + muss der Wert groß genug sein, um eine beliebige Headerzeile einer + normalen Client-Anfrage vorzuhalten. Die Größe variiert stark + zwischen den verschiedenen Client-Ausführungen, oft abhängig vom + Ausmaß, mit dem der Anwender die genaue + Content-Negotiation-Unterstützung seines Browsers konfiguriert hat. + SPNEGO-Authentisierungs-Header können bis zu 12392 Bytes lang + sein.</p> <p>Die Direktive gibt dem Serveradministrator eine größere Kontrolle gegenüber abnormalem Verhalten von Clients, was bei der @@ -1849,6 +1847,10 @@ HTTP-Request-Headers</description> <note>Unter normalen Umständen sollte die Voreinstellung nicht verändert werden.</note> + + <note>Sie benötigen mindestens Apache 2.0.53, um das Limit + über den einkompilierten Wert von DEFAULT_LIMIT_REQUEST_FIELDSIZE + hinaus zu setzen (8190 bei der Auslieferung).</note> </usage> </directivesynopsis> diff --git a/docs/manual/mod/core.xml.es b/docs/manual/mod/core.xml.es index 00ec68356a..c07bd015af 100644 --- a/docs/manual/mod/core.xml.es +++ b/docs/manual/mod/core.xml.es @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.es.xsl"?> -<!-- English Revision: 151420:167961 (outdated) --> +<!-- English Revision: 151420:279024 (outdated) --> <!-- Copyright 2005 The Apache Software Foundation or it licensors, diff --git a/docs/manual/mod/core.xml.ja b/docs/manual/mod/core.xml.ja index 5f5dffb06e..3167ae71f1 100644 --- a/docs/manual/mod/core.xml.ja +++ b/docs/manual/mod/core.xml.ja @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="iso-2022-jp"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?> -<!-- English Revision: 106090:167961 (outdated) --> +<!-- English Revision: 106090:279024 (outdated) --> <!-- Copyright 2003-2004 The Apache Software Foundation diff --git a/docs/manual/stopping.html.de b/docs/manual/stopping.html.de index 04753f31b7..bbba6a1307 100644 --- a/docs/manual/stopping.html.de +++ b/docs/manual/stopping.html.de @@ -25,9 +25,6 @@ <a href="./ko/stopping.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | <a href="./ru/stopping.html" hreflang="ru" rel="alternate" title="Russian"> ru </a></p> </div> -<div class="outofdate">Diese Übersetzung ist möglicherweise - nicht mehr aktuell. Bitte prüfen Sie die englische Version auf - die neuesten Änderungen.</div> <p>Dieses Dokument umfasst das Beenden und Neustarten des Apache auf Unix-ähnlichen Systemen. Anwender von Windows NT, 2000 @@ -129,7 +126,8 @@ beschleunigen, entsprechend weitere erstellt. Auf diese Weise versucht der Code sowohl die Anzahl der Kinder entsprechend der Serverlast anzupassen als auch Ihre Wünsche hinsichtlich des Parameters - <code class="directive">StartServers</code> zu berücksichtigen.</p> + <code class="directive"><a href="./mod/mpm_common.html#startservers">StartServers</a></code> zu + berücksichtigen.</p> <p>Benutzer von <code class="module"><a href="./mod/mod_status.html">mod_status</a></code> werden feststellen, dass die Serverstatistiken <strong>nicht</strong> auf Null @@ -209,10 +207,12 @@ <p>Vor der Version 1.2b9 des Apache existierten verschiedene <em>Wettkampfsituationen</em> (race conditions), die den Neustart und - die Signale beeinflußt haben. (Eine einfache Beschreibung einer - Wettkampfsituation lautet: es ist ein zeitabhängiges Problem; wenn - etwas zum falschen Zeitpunkt erfolgt, wird es sich nicht wie erwartet - verhalten.) Bei Architekturen mit dem "richtigen" Funktionsumfang + die Signale beeinflußt haben. (Einfach erklärt ist eine + Wettkampfsituation ein zeitabhängiges Problem - wenn + etwas zum falschen Zeitpunkt erfolgt oder Dinge in der falschen + Reihenfolge passieren, ist unerwartetes Verhalten die Folge. Wenn die + gleichen Dinge zur richtigen Zeit geschehen, funktioniert alles korrekt.) + Bei Architekturen mit dem "richtigen" Funktionsumfang haben wir so viele eliminiert wie wir nur konnten. Dennoch sollte beachtet werden, dass noch immer Wettkampfsituationen auf bestimmten Architekturen existieren.</p> diff --git a/docs/manual/stopping.xml.de b/docs/manual/stopping.xml.de index 908fb04139..7423cddf5c 100644 --- a/docs/manual/stopping.xml.de +++ b/docs/manual/stopping.xml.de @@ -1,10 +1,11 @@ <?xml version='1.0' encoding='UTF-8' ?> <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd"> <?xml-stylesheet type="text/xsl" href="./style/manual.de.xsl"?> -<!-- English Revision: 151405:239259 (outdated) --> +<!-- English Revision: 239259 --> <!-- - Copyright 2002-2004 The Apache Software Foundation + Copyright 2002-2005 The Apache Software Foundation or its licensors, + as applicable Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -125,7 +126,8 @@ beschleunigen, entsprechend weitere erstellt. Auf diese Weise versucht der Code sowohl die Anzahl der Kinder entsprechend der Serverlast anzupassen als auch Ihre Wünsche hinsichtlich des Parameters - <directive>StartServers</directive> zu berücksichtigen.</p> + <directive module="mpm_common">StartServers</directive> zu + berücksichtigen.</p> <p>Benutzer von <module>mod_status</module> werden feststellen, dass die Serverstatistiken <strong>nicht</strong> auf Null @@ -205,10 +207,12 @@ <p>Vor der Version 1.2b9 des Apache existierten verschiedene <em>Wettkampfsituationen</em> (race conditions), die den Neustart und - die Signale beeinflußt haben. (Eine einfache Beschreibung einer - Wettkampfsituation lautet: es ist ein zeitabhängiges Problem; wenn - etwas zum falschen Zeitpunkt erfolgt, wird es sich nicht wie erwartet - verhalten.) Bei Architekturen mit dem "richtigen" Funktionsumfang + die Signale beeinflußt haben. (Einfach erklärt ist eine + Wettkampfsituation ein zeitabhängiges Problem - wenn + etwas zum falschen Zeitpunkt erfolgt oder Dinge in der falschen + Reihenfolge passieren, ist unerwartetes Verhalten die Folge. Wenn die + gleichen Dinge zur richtigen Zeit geschehen, funktioniert alles korrekt.) + Bei Architekturen mit dem "richtigen" Funktionsumfang haben wir so viele eliminiert wie wir nur konnten. Dennoch sollte beachtet werden, dass noch immer Wettkampfsituationen auf bestimmten Architekturen existieren.</p> diff --git a/docs/manual/stopping.xml.meta b/docs/manual/stopping.xml.meta index d671951504..2a5df1d974 100644 --- a/docs/manual/stopping.xml.meta +++ b/docs/manual/stopping.xml.meta @@ -6,7 +6,7 @@ <relpath>.</relpath> <variants> - <variant outdated="yes">de</variant> + <variant>de</variant> <variant>en</variant> <variant outdated="yes">es</variant> <variant outdated="yes">ja</variant> diff --git a/include/ap_mmn.h b/include/ap_mmn.h index 29777cae25..0e1175cd42 100644 --- a/include/ap_mmn.h +++ b/include/ap_mmn.h @@ -84,6 +84,7 @@ * 20020903.9 (2.0.51-dev) create pcommands and initialize arrays before * calling ap_setup_prelinked_modules * 20020903.10 (2.0.55-dev) added ap_get_server_revision / ap_version_t + * add ap_log_cerror() */ #define MODULE_MAGIC_COOKIE 0x41503230UL /* "AP20" */ diff --git a/include/http_core.h b/include/http_core.h index 2b816659f8..9028ff012b 100644 --- a/include/http_core.h +++ b/include/http_core.h @@ -332,6 +332,9 @@ typedef struct { char **response_code_strings; /* from ap_custom_response(), not from * ErrorDocument */ + /* Should addition of charset= be suppressed for this request? + */ + int suppress_charset; } core_request_config; /* Standard entries that are guaranteed to be accessible via diff --git a/include/http_log.h b/include/http_log.h index 93895f13c1..0efb077abb 100644 --- a/include/http_log.h +++ b/include/http_log.h @@ -131,8 +131,8 @@ void ap_logs_child_init(apr_pool_t *p, server_rec *s); #endif /* CORE_PRIVATE */ /* - * The three primary logging functions, ap_log_error, ap_log_rerror, and - * ap_log_perror use a printf style format string to build the log message. + * The primary logging functions, ap_log_error, ap_log_rerror, ap_log_cerror, + * and ap_log_perror use a printf style format string to build the log message. * It is VERY IMPORTANT that you not include any raw data from the network, * such as the request-URI or request header fields, within the format * string. Doing so makes the server vulnerable to a denial-of-service @@ -141,8 +141,9 @@ void ap_logs_child_init(apr_pool_t *p, server_rec *s); */ /** - * One of the primary logging routines in Apache. This uses a printf-like - * format to log messages to the error_log. + * ap_log_error() - log messages which are not related to a particular + * request or connection. This uses a printf-like format to log messages + * to the error_log. * @param file The file in which this function is called * @param line The line number on which this function is called * @param level The level of this error message @@ -151,6 +152,10 @@ void ap_logs_child_init(apr_pool_t *p, server_rec *s); * @param fmt The format string * @param ... The arguments to use to fill out fmt. * @tip Use APLOG_MARK to fill out file and line + * @tip If a request_rec is available, use that with ap_log_rerror() + * in preference to calling this function. Otherwise, if a conn_rec is + * available, use that with ap_log_cerror() in preference to calling + * this function. * @warning It is VERY IMPORTANT that you not include any raw data from * the network, such as the request-URI or request header fields, within * the format string. Doing so makes the server vulnerable to a @@ -165,8 +170,9 @@ AP_DECLARE(void) ap_log_error(const char *file, int line, int level, __attribute__((format(printf,6,7))); /** - * The second of the primary logging routines in Apache. This uses - * a printf-like format to log messages to the error_log. + * ap_log_perror() - log messages which are not related to a particular + * request, connection, or virtual server. This uses a printf-like + * format to log messages to the error_log. * @param file The file in which this function is called * @param line The line number on which this function is called * @param level The level of this error message @@ -189,13 +195,14 @@ AP_DECLARE(void) ap_log_perror(const char *file, int line, int level, __attribute__((format(printf,6,7))); /** - * The last of the primary logging routines in Apache. This uses - * a printf-like format to log messages to the error_log. + * ap_log_rerror() - log messages which are related to a particular + * request. This uses a a printf-like format to log messages to the + * error_log. * @param file The file in which this function is called * @param line The line number on which this function is called * @param level The level of this error message * @param status The status code from the previous command - * @param s The request which we are logging for + * @param r The request which we are logging for * @param fmt The format string * @param ... The arguments to use to fill out fmt. * @tip Use APLOG_MARK to fill out file and line @@ -205,7 +212,7 @@ AP_DECLARE(void) ap_log_perror(const char *file, int line, int level, * denial-of-service attack and other messy behavior. Instead, use a * simple format string like "%s", followed by the string containing the * untrusted data. - * @deffunc void ap_log_rerror(const char *file, int line, int level, apr_status_t status, request_rec *r, const char *fmt, ...) + * @deffunc void ap_log_rerror(const char *file, int line, int level, apr_status_t status, const request_rec *r, const char *fmt, ...) */ AP_DECLARE(void) ap_log_rerror(const char *file, int line, int level, apr_status_t status, const request_rec *r, @@ -213,6 +220,34 @@ AP_DECLARE(void) ap_log_rerror(const char *file, int line, int level, __attribute__((format(printf,6,7))); /** + * ap_log_cerror() - log messages which are related to a particular + * connection. This uses a a printf-like format to log messages to the + * error_log. + * @param file The file in which this function is called + * @param line The line number on which this function is called + * @param level The level of this error message + * @param status The status code from the previous command + * @param c The connection which we are logging for + * @param fmt The format string + * @param ... The arguments to use to fill out fmt. + * @tip Use APLOG_MARK to fill out file and line + * @tip If a request_rec is available, use that with ap_log_rerror() + * in preference to calling this function. + * @warning It is VERY IMPORTANT that you not include any raw data from + * the network, such as the request-URI or request header fields, within + * the format string. Doing so makes the server vulnerable to a + * denial-of-service attack and other messy behavior. Instead, use a + * simple format string like "%s", followed by the string containing the + * untrusted data. + * @note ap_log_cerror() is available starting with Apache 2.0.55. + * @deffunc void ap_log_cerror(const char *file, int line, int level, apr_status_t status, const conn_rec *c, const char *fmt, ...) + */ +AP_DECLARE(void) ap_log_cerror(const char *file, int line, int level, + apr_status_t status, const conn_rec *c, + const char *fmt, ...) + __attribute__((format(printf,6,7))); + +/** * Convert stderr to the error log * @param s The current server * @deffunc void ap_error_log2stderr(server_rec *s) diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c index 137ca0c599..be107b94ed 100644 --- a/modules/aaa/mod_auth_digest.c +++ b/modules/aaa/mod_auth_digest.c @@ -1504,6 +1504,8 @@ static void copy_uri_components(apr_uri_t *dst, else { dst->query = src->query; } + + dst->hostinfo = src->hostinfo; } /* These functions return 0 if client is OK, and proper error status @@ -1631,7 +1633,7 @@ static int authenticate_digest_user(request_rec *r) } if (r->method_number == M_CONNECT) { - if (strcmp(resp->uri, r_uri.hostinfo)) { + if (!r_uri.hostinfo || strcmp(resp->uri, r_uri.hostinfo)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Digest: uri mismatch - <%s> does not match " "request-uri <%s>", resp->uri, r_uri.hostinfo); diff --git a/modules/experimental/mod_auth_ldap.c b/modules/experimental/mod_auth_ldap.c index 7f0c76e160..17b8d9659a 100644 --- a/modules/experimental/mod_auth_ldap.c +++ b/modules/experimental/mod_auth_ldap.c @@ -460,6 +460,26 @@ int mod_auth_ldap_auth_checker(request_rec *r) return DECLINED; } + /* + * It is possible that we've skipped mod_auth_ldap's + * check_user_id hook, but still get here. In that + * case, the req request_config struct hasn't been initialized + * causing problems when we try to use req->dn and/or req->name + * below. So we simply create one. + * + * Unlike 2.2, we don't try to search or populate it. + */ + if (!req) { + ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r, + "[%d] auth_ldap authorise: " + "no req struct - skipped mod_auth_ldap_check_user_id?", + getpid()); + + req = (mod_auth_ldap_request_t *)apr_pcalloc(r->pool, + sizeof(mod_auth_ldap_request_t)); + ap_set_module_config(r->request_config, &auth_ldap_module, req); + } + if (sec->host) { ldc = util_ldap_connection_find(r, sec->host, sec->port, sec->binddn, sec->bindpw, sec->deref, @@ -657,6 +677,13 @@ int mod_auth_ldap_auth_checker(request_rec *r) } } else if (strcmp(w, "ldap-attribute") == 0) { + if (req->dn == NULL || strlen(req->dn) == 0) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, + "[%d] auth_ldap authorise: " + "require ldap-attribute: user's DN has not been defined; failing authorisation", + getpid()); + return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED; + } while (t[0]) { w = ap_getword(r->pool, &t, '='); value = ap_getword_conf(r->pool, &t); diff --git a/modules/filters/mod_include.c b/modules/filters/mod_include.c index ee45a086da..c1a252b5ac 100644 --- a/modules/filters/mod_include.c +++ b/modules/filters/mod_include.c @@ -788,11 +788,11 @@ static int handle_include(include_ctx_t *ctx, apr_bucket_brigade **bb, CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); } - - /* destroy the sub request */ - if (rr != NULL) { - ap_destroy_sub_req(rr); - } + + /* Do *not* destroy the subrequest here; it may have allocated + * variables in this r->subprocess_env in the subrequest's + * r->pool, so that pool must survive as long as this request. + * Yes, this is a memory leak. */ } else { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c index a14326f23f..5dd50704dd 100644 --- a/modules/generators/mod_cgid.c +++ b/modules/generators/mod_cgid.c @@ -1278,10 +1278,7 @@ static int cgid_handler(request_rec *r) nph = !(strncmp(argv0, "nph-", 4)); - if ((argv0 = strrchr(r->filename, '/')) != NULL) - argv0++; - else - argv0 = r->filename; + argv0 = r->filename; if (!(ap_allow_options(r) & OPT_EXECCGI) && !is_scriptaliased(r)) return log_scripterror(r, conf, HTTP_FORBIDDEN, 0, diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c index 849ddfb1ea..8b58453255 100644 --- a/modules/http/http_protocol.c +++ b/modules/http/http_protocol.c @@ -1816,6 +1816,8 @@ static long get_chunk_size(char *b) long chunksize = 0; size_t chunkbits = sizeof(long) * 8; + ap_xlate_proto_from_ascii(b, strlen(b)); + /* Skip leading zeros */ while (*b == '0') { ++b; @@ -2336,7 +2338,19 @@ AP_DECLARE(void) ap_send_error_response(request_rec *r, int recursive_error) r->content_languages = NULL; r->content_encoding = NULL; r->clength = 0; - ap_set_content_type(r, "text/html; charset=iso-8859-1"); + + if (apr_table_get(r->subprocess_env, + "suppress-error-charset") != NULL) { + core_request_config *request_conf = + ap_get_module_config(r->request_config, &core_module); + request_conf->suppress_charset = 1; /* avoid adding default + * charset later + */ + ap_set_content_type(r, "text/html"); + } + else { + ap_set_content_type(r, "text/html; charset=iso-8859-1"); + } if ((status == HTTP_METHOD_NOT_ALLOWED) || (status == HTTP_NOT_IMPLEMENTED)) { diff --git a/modules/proxy/proxy_ftp.c b/modules/proxy/proxy_ftp.c index 417008d5ca..4ddcfc020f 100644 --- a/modules/proxy/proxy_ftp.c +++ b/modules/proxy/proxy_ftp.c @@ -92,7 +92,7 @@ static int ftp_check_globbingchars(const char *path) for ( ; *path; ++path) { if (*path == '\\') ++path; - if (path != '\0' && strchr(FTP_GLOBBING_CHARS, *path) != NULL) + if (*path != '\0' && strchr(FTP_GLOBBING_CHARS, *path) != NULL) return TRUE; } return FALSE; diff --git a/server/core.c b/server/core.c index e9a868f5b3..e702b459c6 100644 --- a/server/core.c +++ b/server/core.c @@ -4178,9 +4178,9 @@ static apr_status_t core_output_filter(ap_filter_t *f, apr_bucket_brigade *b) rv = apr_bucket_read(bucket, &buf, &len, APR_BLOCK_READ); if (rv != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, rv, - c->base_server, "core_output_filter:" - " Error reading from bucket."); + ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, + c, "core_output_filter:" + " Error reading from bucket."); return HTTP_INTERNAL_SERVER_ERROR; } } @@ -4287,8 +4287,8 @@ static apr_status_t core_output_filter(ap_filter_t *f, apr_bucket_brigade *b) } if (rv != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server, - "core_output_filter: writing data to the network"); + ap_log_cerror(APLOG_MARK, APLOG_INFO, rv, c, + "core_output_filter: writing data to the network"); if (more) apr_brigade_destroy(more); @@ -4463,6 +4463,7 @@ static conn_rec *core_create_conn(apr_pool_t *ptrans, server_rec *server, static int core_pre_connection(conn_rec *c, void *csd) { core_net_rec *net = apr_palloc(c->pool, sizeof(*net)); + apr_status_t rv; #ifdef AP_MPM_DISABLE_NAGLE_ACCEPTED_SOCK /* BillS says perhaps this should be moved to the MPMs. Some OSes @@ -4470,7 +4471,21 @@ static int core_pre_connection(conn_rec *c, void *csd) * accept sockets which means this call only needs to be made * once on the listener */ - ap_sock_disable_nagle(csd); + /* The Nagle algorithm says that we should delay sending partial + * packets in hopes of getting more data. We don't want to do + * this; we are not telnet. There are bad interactions between + * persistent connections and Nagle's algorithm that have very severe + * performance penalties. (Failing to disable Nagle is not much of a + * problem with simple HTTP.) + */ + rv = apr_socket_opt_set(csd, APR_TCP_NODELAY, 1); + if (rv != APR_SUCCESS && rv != APR_ENOTIMPL) { + /* expected cause is that the client disconnected already, + * hence the debug level + */ + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, + "apr_socket_opt_set(APR_TCP_NODELAY)"); + } #endif net->c = c; net->in_ctx = NULL; diff --git a/server/log.c b/server/log.c index 10bdb566f3..a4692f42c7 100644 --- a/server/log.c +++ b/server/log.c @@ -405,6 +405,7 @@ AP_DECLARE(void) ap_error_log2stderr(server_rec *s) { static void log_error_core(const char *file, int line, int level, apr_status_t status, const server_rec *s, + const conn_rec *c, const request_rec *r, apr_pool_t *pool, const char *fmt, va_list args) { @@ -417,6 +418,10 @@ static void log_error_core(const char *file, int line, int level, const char *referer; int level_and_mask = level & APLOG_LEVELMASK; + if (r && r->connection) { + c = r->connection; + } + if (s == NULL) { /* * If we are doing stderr logging (startup), don't log messages that are @@ -512,14 +517,14 @@ static void log_error_core(const char *file, int line, int level, } #endif /* TPF */ - if (r && r->connection) { + if (c) { /* XXX: TODO: add a method of selecting whether logged client * addresses are in dotted quad or resolved form... dotted * quad is the most secure, which is why I'm implementing it * first. -djg */ len += apr_snprintf(errstr + len, MAX_STRING_LEN - len, - "[client %s] ", r->connection->remote_ip); + "[client %s] ", c->remote_ip); } if (status != 0) { if (status < APR_OS_START_EAIERR) { @@ -598,7 +603,7 @@ AP_DECLARE(void) ap_log_error(const char *file, int line, int level, va_list args; va_start(args, fmt); - log_error_core(file, line, level, status, s, NULL, NULL, fmt, args); + log_error_core(file, line, level, status, s, NULL, NULL, NULL, fmt, args); va_end(args); } @@ -609,7 +614,7 @@ AP_DECLARE(void) ap_log_perror(const char *file, int line, int level, va_list args; va_start(args, fmt); - log_error_core(file, line, level, status, NULL, NULL, p, fmt, args); + log_error_core(file, line, level, status, NULL, NULL, NULL, p, fmt, args); va_end(args); } @@ -620,7 +625,8 @@ AP_DECLARE(void) ap_log_rerror(const char *file, int line, int level, va_list args; va_start(args, fmt); - log_error_core(file, line, level, status, r->server, r, NULL, fmt, args); + log_error_core(file, line, level, status, r->server, NULL, r, NULL, fmt, + args); /* * IF APLOG_TOCLIENT is set, @@ -641,6 +647,18 @@ AP_DECLARE(void) ap_log_rerror(const char *file, int line, int level, va_end(args); } +AP_DECLARE(void) ap_log_cerror(const char *file, int line, int level, + apr_status_t status, const conn_rec *c, + const char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + log_error_core(file, line, level, status, c->base_server, c, NULL, NULL, + fmt, args); + va_end(args); +} + AP_DECLARE(void) ap_log_pid(apr_pool_t *p, const char *filename) { apr_file_t *pid_file = NULL; diff --git a/server/protocol.c b/server/protocol.c index a10610e01e..80cea4834c 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -106,6 +106,7 @@ AP_DECLARE(const char *)ap_make_content_type(request_rec *r, const char *type) core_dir_config *conf = (core_dir_config *)ap_get_module_config(r->per_dir_config, &core_module); + core_request_config *request_conf; apr_size_t type_len; if (!type) { @@ -116,6 +117,12 @@ AP_DECLARE(const char *)ap_make_content_type(request_rec *r, const char *type) return type; } + request_conf = + ap_get_module_config(r->request_config, &core_module); + if (request_conf->suppress_charset) { + return type; + } + type_len = strlen(type); if (apr_strmatch(charset_pattern, type, type_len) != NULL) { |