On May 11, 2004, at 12:28 PM, Jim Jagielski wrote:
One way of handling the diffs between how 1.3 and 2.0 handles UCN Off.
*) SECURITY: CAN-2003-0987 (cve.mitre.org) Index: src/include/ap_mmn.h =================================================================== RCS file: /home/cvs/apache-1.3/src/include/ap_mmn.h,v retrieving revision 1.68 diff -u -r1.68 ap_mmn.h --- src/include/ap_mmn.h 15 Apr 2004 15:51:51 -0000 1.68 +++ src/include/ap_mmn.h 11 May 2004 16:06:57 -0000 @@ -203,6 +203,8 @@ * 19990320.16 - ap_escape_errorlog_item() * 19990320.17 - ap_auth_nonce() and ap_auth_nonce added * in core_dir_config. + * 19990320.18 - increase bitfield size of use_canonical_name + from 2 to 4 in core_dir_config. */
Ignore this for now... widening the bitfield breaks API compatibility...
I'm mulling over a CanonicalPort directive... we need more granular control over how we determine the canonical port number...
