cvs commit: apache-apr/pthreads/src/test check_chunked
manoj 99/08/19 13:53:36 Modified:pthreads INSTALL KEYS Makefile.tmpl config.layout configure pthreads/src .gdbinit ApacheCore.def ApacheCore.dsp ApacheCore.mak CHANGES Configuration.tmpl Configure pthreads/src/ap Makefile.tmpl ap.dsp ap.mak ap_md5c.c ap_snprintf.c pthreads/src/helpers GuessOS TestCompile binbuild.sh buildinfo.sh find-dbm-lib mkshadow.sh pthreads/src/include ap.h ap_config.h ap_md5.h ap_mmn.h http_conf_globals.h http_core.h httpd.h pthreads/src/main acceptlock.c buff.c http_config.c http_core.c http_main.c http_protocol.c rfc1413.c util.c util_script.c util_uri.c pthreads/src/modules/experimental Makefile.tmpl pthreads/src/modules/proxy ApacheModuleProxy.dsp ApacheModuleProxy.mak proxy_cache.c proxy_ftp.c pthreads/src/modules/standard .cvsignore mod_access.c mod_auth.c mod_auth_db.c mod_auth_dbm.c mod_cgi.c mod_log_config.c mod_rewrite.c mod_rewrite.h mod_unique_id.c pthreads/src/os/bs2000 Makefile.tmpl bs2login.c os.h pthreads/src/os/os2 util_os2.c pthreads/src/os/tpf os.c os.h pthreads/src/os/unix os.c pthreads/src/os/win32 ApacheModuleRewrite.dsp ApacheModuleRewrite.mak os.h registry.c pthreads/src/os/win32/installer/installdll install.c pthreads/src/regex debug.c main.c split.c pthreads/src/support Makefile.tmpl README ab.c apxs.8 apxs.pl htdigest.c htpasswd.1 htpasswd.c httpd.8 httpd.exp suexec.c pthreads/src/test check_chunked Log: merge the differences in apache-1.3 from tag apache-apr-merge-3 to APACHE_1_3_9. Revision ChangesPath 1.5 +3 -3 apache-apr/pthreads/INSTALL Index: INSTALL === RCS file: /home/cvs/apache-apr/pthreads/INSTALL,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -u -r1.4 -r1.5 --- INSTALL 1999/06/10 06:25:33 1.4 +++ INSTALL 1999/08/19 20:51:48 1.5 @@ -82,8 +82,8 @@ - Linux - SunOS - UnixWare - Mac OS X Server - FreeBSD - Solaris - AIX - Mac OS - OpenBSD - IRIX - SCO - OpenStep/Mach - - NetBSD- HPUX - ReliantUNIX - - BSDI - Digital Unix + - NetBSD- HPUX - ReliantUNIX - DYNIX/ptx + - BSDI - Digital Unix - DGUX o Entirely unsupported platforms are: - Ultrix @@ -326,7 +326,7 @@ this way implicitly enables them itself). Note 1: The --enable-shared option DOES NOT AUTOMATICALLY enable the - module because there are variants like `--enable-shared=all' + module because there are variants like `--enable-shared=max' which should not imply `--enable-module=all'. Note 2: Per default the DSO mechanism is globally disabled, i.e. no 1.4 +232 -123 apache-apr/pthreads/KEYS Index: KEYS === RCS file: /home/cvs/apache-apr/pthreads/KEYS,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -u -r1.3 -r1.4 --- KEYS 1999/06/10 06:25:34 1.3 +++ KEYS 1999/08/19 20:51:49 1.4 @@ -386,133 +386,242 @@ Type Bits/KeyIDDate User ID -pub 999/F88341D9 1994/11/08 Lars Eilebrecht [EMAIL PROTECTED] +pub 999/F88341D9 1994/11/08 Lars Eilebrecht [EMAIL PROTECTED] + Lars Eilebrecht [EMAIL PROTECTED] + Lars Eilebrecht [EMAIL PROTECTED] Lars Eilebrecht [EMAIL PROTECTED] - Lars `SFX' Eilebrecht [EMAIL PROTECTED] - Lars `SFX' Eilebrecht [EMAIL PROTECTED] - Lars `SFX' Eilebrecht [EMAIL PROTECTED] -BEGIN PGP PUBLIC KEY BLOCK- -Version: 2.6.3a +Version: 2.6.3ia mQCKAi6+wOsAAAED53PJgrIYS7iHbZn0ycrnzS03fwvwsDpoAVouoqqBSVNoVXH+ lL+8HzX/fADvNyk1lYi5kTiYR2meKB1p0qpvj4bQ8ZEmcBemhV0FbESJ4CxIgy6V -euxOD3v9gauyf1u4lkfyLIsCepuJqpkH+aOviE9VhTcE/D6Pt/L4g0HZAAURtCFM -YXJzIEVpbGVicmVjaHQgPHNmeEB1bml4LWFnLm9yZz6JAJUDBRA2KRwZms08wKmf -dd0BASoSA/9ZwyAWilXJNMWsV0KfyUeHZ7CsFA9/KQixLtpSH8ij4raLasr6rurc -Sckrd+OiQKPQG0/TSXSAEP7suatV6XTTLEFHJbmqchTZXMSapwxFWGLxdG+buCiO -uVxbpop4ZoKz2xb+GtdeyeDr+//gFL+wbEqlZMXfvwgzBCxcOM/tZYkAkgMFEDPN
cvs commit: apache-site/info/css-security apache_1.3.11_css_patch.txt apache_specific.html encoding_examples.html index.html
.html;CERT Advisory CA-2000-02/A that has been released on this issue for details before continuing. PThis document focuses on how you can safely encode data before it is output to the client. The main method of doing this is through entity encoding, as described in the CERT advisory, using entities such as amp;lt;. H2General Comments on Encoding:/H2 PNote that, in general, many functions that perform entity encoding do so in a way which is only suitable for use outside attribute values, in normal block level elements such as a paragraph of text. Many of the functions referenced below are in this category. This means they may not encode characters such as the double or single quote. If you don't use quotation marks around an attribute value supplied from user input, then you need to encode even more characters. Always use quotes and you won't have to worry about that particular issue. PUnfortunately, the situation for encoding data within attribute values or within the body scripts (eg. within lt;SCRIPTgt; tags) is more complex and less understood. If you are in this situation, you may be wise to consider filtering special characters (as described in the A HREF=http://www.cert.org/tech_tips/malicious_code_mitigation.html;CERT Tech Tip/A) instead of encoding them. Generally, encoding is recommended because it does not require you to make a decision about what characters could legitimately be entered and need to be passed through and it has less of an impact on existing functionality. PThe reason why safely encoding data within attribute values is difficult is because some characters that are not considered special characters can be arranged to have unexpected effects in certain attribute values. This is very specific to the tag the attribute is associated with and to how the client interprets it. For example, if you let the user enter the value for a HREF attribute, and you encode it properly, you could end up outputting a tag such as: PRE lt;A HREF=javascript:document.writeln(document.cookie + amp;quot;amp;lt;BRamp;gt;amp;quot;)gt; /PRE Even though you have properly encoded special characters, many popular browsers will interpret a javascript: URL as containing JavaScript to execute in the context of the current document. POne of the issues that is still unresolved is exactly what HTML tags are safe to allow through, and what the algorithm for doing so is like. Many sites wish to allow users to enter a limited subset of safe HTML. This is still very much an open issue. It has been an issue for quite some time, and it is our hope that this Cross Site Scripting problem will help prompt more work into addressing it. PIf you are encoding user entered data in a URL, then URL encoding (also known as percent encoding) is appropriate. Unfortunately, this can be a complex thing to get right because the special characters in http://;, for example, must remain unencoded because they are part of the syntax of the URL. Better solutions to deal with this are necessary. PAlso note that some URL encoding functions encode a space into a + for historical reasons. This will only work in the query string for CGIs, and will not properly encode a space in other parts of the URL. PWe realize that all these special situations and the lack of a single bulletproof set of steps for encoding user data, wherever it may occur on the page, makes the task of fixing this problem quite challenging in some cases. We wish we had a better answer, and are working on filling in the fuzzy areas. H2PHP Example:/H2 PRE lt;? $Text = foolt;bgt;bar; $URL = foolt;bgt;bar.html; echo HTMLSpecialChars($Text), lt;BRgt;; echo lt;A HREF=\, rawurlencode($URL), \gt;linklt;/Agt;; ?gt; /PRE PNote that PHP also has a strip_tags() function that will remove all HTML tags from a string. Using this function in a manner such as: PRE echo strip_tags($Text); /PRE will strip all HTML from the input. However, if you use it in the form: PRE echo strip_tags($Text, lt;Bgt;); /PRE which only allows the lt;Bgt; tag through, you are still often vulnerable to users inserting script code. By design, this function does not strip attributes from the tags. This means it is often possible to include things such as JavaScript event attributes. An example of a tag that would be allowed by the above strip_tags() call is: PRE lt;B onmouseover=document.location='http://www.cert.org/'gt; /PRE PSome clients accept such attributes on tags that are otherwise benign. H2Apache Module Example:/H2 PRE char *Text = foolt;bgt;bar; char *URL = foolt;bgt;bar.html; ap_rvputs(r, ap_escape_html(r-pool, Text), lt;BRgt;, NULL); ap_rvputs(r, lt;A HREF=\, ap_escape_uri(r-pool, URL), \gt;linklt;/Agt;, NULL
cvs commit: apache/src/modules/proxy mod_proxy.h proxy_cache.c proxy_connect.c proxy_ftp.c proxy_http.c proxy_util.c Makefile mod_proxy.c
,
! char **hostp, int *port)
! {
! int i;
! char *p, *host, *url=*urlp;
!
! if (url[0] != '/' || url[1] != '/') return Malformed URL;
! host = url + 2;
! url = strchr(host, '/');
! if (url == NULL)
! url = ;
! else
! *(url++) = '\0'; /* skip seperating '/' */
!
! if (userp != NULL)
! {
! char *user=NULL, *password = NULL;
! p = strchr(host, '@');
!
! if (p != NULL)
! {
! *p = '\0';
! user = host;
! host = p + 1;
!
! /* find password */
! p = strchr(user, ':');
! if (p != NULL)
! {
! *p = '\0';
! password = canonenc(pool, p+1, strlen(p+1), enc_user, 1);
! if (password == NULL)
! return Bad %-escape in URL (password);
! }
!
! user = canonenc(pool, user, strlen(user), enc_user, 1);
! if (user == NULL) return Bad %-escape in URL (username);
! }
! *userp = user;
! *passwordp = password;
! }
!
! p = strchr(host, ':');
! if (p != NULL)
! {
! *(p++) = '\0';
!
! for (i=0; p[i] != '\0'; i++)
! if (!isdigit(p[i])) break;
!
! if (i == 0 || p[i] != '\0')
! return Bad port number in URL;
! *port = atoi(p);
! if (*port 65535) return Port number in URL 65535;
! }
! str_tolower(host); /* DNS names are case-insensitive */
! if (*host == '\0') return Missing host in URL;
! /* check hostname syntax */
! for (i=0; host[i] != '\0'; i++)
! if (!isdigit(host[i]) host[i] != '.')
! break;
! /* must be an IP address */
! if (host[i] == '\0' (inet_addr(host) == -1 || inet_network(host) ==
-1))
! return Bad IP address in URL;
!
! *urlp = url;
! *hostp = host;
!
! return NULL;
! }
!
! /*
! * checks an encoded ftp string for bad characters, namely, CR, LF or
! * non-ascii character
! */
! static int
! ftp_check_string(const char *x)
! {
! int i, ch;
!
! for (i=0; x[i] != '\0'; i++)
! {
! ch = x[i];
! if ( ch == '%' isxdigit(x[i+1]) isxdigit(x[i+2]))
! {
! ch = hex2c(x[i+1]);
! i += 2;
! }
! if (ch == '\015' || ch == '\012' || (ch 0x80)) return 0;
! }
! return 1;
! }
!
! /*
! * Canonicalise ftp URLs.
! */
! static int
! ftp_canon(request_rec *r, char *url)
! {
! char *user, *password, *host, *path, *parms, *p, sport[7];
! const char *err;
! int port;
!
! port = DEFAULT_FTP_PORT;
! err = canon_netloc(r-pool, url, user, password, host, port);
! if (err) return BAD_REQUEST;
! if (user != NULL !ftp_check_string(user)) return BAD_REQUEST;
! if (password != NULL !ftp_check_string(password)) return BAD_REQUEST;
!
! /* now parse path/parameters args, according to rfc1738 */
! /* N.B. if this isn't a true proxy request, then the URL path
! * (but not query args) has already been decoded.
! * This gives rise to the problem of a ; being decoded into the
! * path.
! */
! p = strchr(url, ';');
! if (p != NULL)
! {
! *(p++) = '\0';
! parms = canonenc(r-pool, p, strlen(p), enc_parm, r-proxyreq);
! if (parms == NULL) return BAD_REQUEST;
! } else
! parms = ;
!
! path = canonenc(r-pool, url, strlen(url), enc_path, r-proxyreq);
! if (path == NULL) return BAD_REQUEST;
! if (!ftp_check_string(path)) return BAD_REQUEST;
!
! if (!r-proxyreq r-args != NULL)
! {
! if (p != NULL)
! {
! p = canonenc(r-pool, r-args, strlen(r-args), enc_parm, 1);
! if (p == NULL) return BAD_REQUEST;
! parms = pstrcat(r-pool, parms, ?, p, NULL);
! }
! else
! {
! p = canonenc(r-pool, r-args, strlen(r-args), enc_path, 1);
! if (p == NULL) return BAD_REQUEST;
! path = pstrcat(r-pool, path, ?, p, NULL);
! }
! r-args = NULL;
! }
!
! /* now, rebuild URL */
!
! if (port != DEFAULT_FTP_PORT) sprintf(sport, :%d, port);
! else sport[0] = '\0';
!
! r-filename = pstrcat(r-pool, proxy:ftp://;, (user != NULL) ? user :
,
! (password != NULL) ? : : ,
! (password != NULL) ? password : ,
! (user != NULL) ? @ : , host, sport, /, path,
! (parms[0] != '\0') ? ; : , parms, NULL);
!
! return OK;
! }
!
!
! /*
! * Canonicalise http-like URLs.
! * scheme is the scheme for the URL
! * urlis the URL starting with the first '/'
! * def_port is the default port for this scheme.
! */
! static int
! http_canon(request_rec *r, char *url, const char *scheme, int def_port)
! {
! char *host, *path, *search, *p, sport
cvs commit: apache-1.3/src/support/SHA1 README.sha1 convert-sha1.pl htpasswd-sha1.pl ldif-sha1.example
/htpasswd-sha1.pl
src/support/SHA1/ldif-sha1.example
src/modules/standard src/ap/ap_checkpass.c
src/include/ap_checkpass.h src/ap/ap_sha1.c
src/include/ap_sha1.h src/support/SHA1/README.sha1
src/support/SHA1/convert-sha1.pl
src/support/SHA1/htpasswd-sha1.pl
src/support/SHA1/ldif-sha1.example
src/support src/ap/ap_checkpass.c src/include/ap_checkpass.h
src/ap/ap_sha1.c src/include/ap_sha1.h
src/support/SHA1/README.sha1
src/support/SHA1/convert-sha1.pl
src/support/SHA1/htpasswd-sha1.pl
src/support/SHA1/ldif-sha1.example
src/support/SHA1 README.sha1 convert-sha1.pl
htpasswd-sha1.pl ldif-sha1.example
src/ap/ap_checkpass.c src/include/ap_checkpass.h
src/ap/ap_sha1.c src/include/ap_sha1.h
src/support/SHA1/README.sha1
src/support/SHA1/convert-sha1.pl
src/support/SHA1/htpasswd-sha1.pl
src/support/SHA1/ldif-sha1.example
Log:
In order to fold in support for SHA / LDAP Directory Interchange
Format style passwords (which make integration or migration between
apache and netscape intstallations easier) the following has been done:
1. move ap_validate_passwd() out into its own function, and
change includes from ap_md5.h into ap_checkpasswd.h in the
various auth sections.
2. collate some to64 encodings into a single ap_to64
3. Add a ap_sha1.c along the lines of ap_md5.c
4. Add some flags to htpasswd, and make some man page chnages
Added some blurp in the html docs.
5. add a directory SHA1 in support with some usefull examples
for peoply trying to integrate or migrate from/to netscape
servers.
Obtained from Clinton Wong [EMAIL PROTECTED] and reworked into
something sepearate from ap_mda5c.c
But it could benefit from further abstraction; same goed for the
various base64, uunecode and mime-style base64 encoders we have
floating around.
Also, we could deal with string lenghts and verify lengths better.
Revision ChangesPath
1.80 +9 -0 apache-1.3/htdocs/manual/new_features_1_3.html
Index: new_features_1_3.html
===
RCS file: /x3/home/cvs/apache-1.3/htdocs/manual/new_features_1_3.html,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -r1.79 -r1.80
--- new_features_1_3.html 1999/03/23 14:30:40 1.79
+++ new_features_1_3.html 1999/08/02 10:13:40 1.80
@@ -675,6 +675,15 @@
/DL
+DTSTRONGSupport for Netscape style SHA1 encrypted passwords/STRONGBR
+DDTo facilitate migration or integration of BasicAuth password
+schemes where the password is encrypted using SHA1 (as opposed
+to apache's build in MD5 and/or the OS specific crypt(3) function
+) passwords prefixed with with CODE{SHA1}/CODE are taken
+as Base64 encoded SHA1 passwords. More information and
+some utilities to convert Netscape ldap/ldif entries can be
+found in support/SHA1.
+
!--#include virtual=footer.html --
/BODY
/HTML
1.1407+9 -0 apache-1.3/src/CHANGES
Index: CHANGES
===
RCS file: /x3/home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1406
retrieving revision 1.1407
diff -u -r1.1406 -r1.1407
--- CHANGES 1999/07/31 03:30:16 1.1406
+++ CHANGES 1999/08/02 10:13:42 1.1407
@@ -1,5 +1,14 @@
Changes with Apache 1.3.8
+ *) Added SHA1 password encryption support to easy migration from
+ Netscape servers. See support/SHA1 for more information; based
+ on the code contributed by Clinton Wong [EMAIL PROTECTED].
+ Caused the separation of ap_md5.c into md5, sha1 and a general
+ ap_checkpass.c with just a validate_passwd routine. Added a
+ couple of flags to support/htpasswd. Some reuse of the to64()
+ function; hence renamed to ap_to64().
+ [dirkx]
+
*) Change
cvs commit: apache/htdocs/manual/mod core.html directives.html index.html mod_access.html mod_actions.html mod_alias.html mod_auth_anon.html mod_auth_dbm.html mod_cern_meta.html mod_dir.html mod_env.html mod_imap.html mod_include.html mod_negotiation.html mod_proxy.html mod_rewrite.html mod_status.html mod_userdir.html
trthDimension thNotes trtdMedia Type ! tdBrowser indicates preferences on Accept: header. Each item can have an associated quality factor. Variant description can also have a quality factor. trtdLanguage --- 244,250 trthDimension thNotes trtdMedia Type ! tdBrowser indicates preferences on Accept: header. Each item can have an associated quality factor. Variant description can also have a quality factor. trtdLanguage *** *** 292,298 else the order of languages on the Accept-Language header. liSelect the variants with the highest 'level' media parameter ! (used to give the version of text/html media types). liSelect only unencoded variants, if there is a mix of encoded and non-encoded variants. If either all variants are encoded --- 292,298 else the order of languages on the Accept-Language header. liSelect the variants with the highest 'level' media parameter ! (used to give the version of text/html media types). liSelect only unencoded variants, if there is a mix of encoded and non-encoded variants. If either all variants are encoded *** *** 366,372 The explicit types have no quality factor, so they default to a preference of 1.0 (the highest). The wildcard */* is given a low preference of 0.01, so other types will only be returned if ! no variant matches an explicitly listed type. p If the Accept: header contains ino/i q factors at all, Apache sets --- 366,372 The explicit types have no quality factor, so they default to a preference of 1.0 (the highest). The wildcard */* is given a low preference of 0.01, so other types will only be returned if ! no variant matches an explicitly listed type. p If the Accept: header contains ino/i q factors at all, Apache sets *** *** 386,392 The reason for setting this language quality factor for variant with no language to a very low value is to allow for a default variant which can be supplied if none of the ! other variants match the browser's language preferences. For example, consider the situation with three variants: --- 386,392 The reason for setting this language quality factor for variant with no language to a very low value is to allow for a default variant which can be supplied if none of the ! other variants match the browser's language preferences. For example, consider the situation with three variants: *** *** 409,417 document, provided it is still within date. But if the resource is subject to content negotiation at the server, this would result in only the first requested variant being cached, and subsequent cache ! hits could return the wrong response. To prevent this, Apache normally marks all responses that are returned after content negotiation ! as non-cacheable by HTTP/1.0 clients. Apache also supports the HTTP/1.1 protocol features to allow caching of negotiated responses. P For requests which come from a HTTP/1.0 compliant client (either a --- 409,417 document, provided it is still within date. But if the resource is subject to content negotiation at the server, this would result in only the first requested variant being cached, and subsequent cache ! hits could return the wrong response. To prevent this, Apache normally marks all responses that are returned after content negotiation ! as non-cacheable by HTTP/1.0 clients. Apache also supports the HTTP/1.1 protocol features to allow caching of negotiated responses. P For requests which come from a HTTP/1.0 compliant client (either a 1.10 +7 -8 apache/htdocs/manual/custom-error.html Index: custom-error.html === RCS file: /export/home/cvs/apache/htdocs/manual/custom-error.html,v retrieving revision 1.9 retrieving revision 1.10 diff -C3 -r1.9 -r1.10 *** custom-error.html 1997/06/24 18:39:30 1.9 --- custom-error.html 1997/07/06 17:18:53 1.10 *** *** 29,41 response, then this response can be replaced with either some friendlier text or by a redirection to another URL (local or external). - P ! DTOld behavior ! DDNCSA httpd 1.3 would return some boring old error/problem message ! which would often be meaningless to the user, and would provide no means of logging the symptoms which caused it.BR P --- 29,40 response, then this response can be replaced with either some friendlier text or by a redirection to another URL (local or external). P ! DTOld behavior ! DDNCSA httpd 1.3 would return some
cvs commit: apache-1.3/src/support httpd.exp
with the Apache
+ * algorithm.
+ */
+neg-may_choose = 1;
+
+/* To save network bandwidth, we do not configure to send an
+ * Alternates header to the user agent in this case. User
+ * agents which want an Alternates header for agent-driven
+ * negotiation will have to request it by sending an
+ * appropriate Negotiate header.
+ */
}
-return new;
+#if NEG_DEBUG
+fprintf(stderr, dont_fiddle_headers=%d use_rvsa=%d ua_supports_trans=%d
+send_alternates=%d, may_choose=%d\n,
+neg-dont_fiddle_headers, neg-use_rvsa,
+neg-ua_supports_trans, neg-send_alternates, neg-may_choose);
+#endif
+
}
/* Sometimes clients will give us no Accept info at all; this routine sets
* up the standard default for that case, and also arranges for us to be
* willing to run a CGI script if we find one. (In fact, we set up to
* dramatically prefer CGI scripts in cases where that's appropriate,
- * e.g., POST).
+ * e.g., POST or when URI includes query args or extra path info).
*/
-
-static void maybe_add_default_encodings(negotiation_state *neg, int
prefer_scripts)
+static void maybe_add_default_accepts(negotiation_state *neg,
+ int prefer_scripts)
{
-accept_rec *new_accept = (accept_rec *) ap_push_array(neg-accepts);
+accept_rec *new_accept;
-new_accept-type_name = CGI_MAGIC_TYPE;
-new_accept-quality = prefer_scripts ? 1e-20f : 1e20f;
-new_accept-level = 0.0f;
-new_accept-max_bytes = 0.0f;
+if (!neg-accepts) {
+neg-accepts = ap_make_array(neg-pool, 4, sizeof(accept_rec));
+
+new_accept = (accept_rec *) ap_push_array(neg-accepts);
+
+new_accept-name = */*;
+new_accept-quality = 1.0f;
+new_accept-level = 0.0f;
+new_accept-max_bytes = 0.0f;
+}
-if (neg-accepts-nelts 1) {
-return;
-}
-
new_accept = (accept_rec *) ap_push_array(neg-accepts);
-new_accept-type_name = */*;
-new_accept-quality = 1.0f;
+new_accept-name = CGI_MAGIC_TYPE;
+if (neg-use_rvsa) {
+new_accept-quality = 0;
+}
+else {
+new_accept-quality = prefer_scripts ? 2.0f : 0.001f;
+}
new_accept-level = 0.0f;
new_accept-max_bytes = 0.0f;
}
@@ -646,14 +733,15 @@
static void strip_paren_comments(char *hdr)
{
/* Hmmm... is this correct? In Roy's latest draft, (comments) can nest!
*/
+/* Nope, it isn't correct. Fails to handle backslash escape as well.
*/
while (*hdr) {
if (*hdr == '') {
- hdr = strchr(hdr, '');
- if (hdr == NULL) {
- return;
- }
- ++hdr;
+hdr = strchr(hdr, '');
+if (hdr == NULL) {
+return;
+}
+++hdr;
}
else if (*hdr == '(') {
while (*hdr *hdr != ')') {
@@ -682,7 +770,7 @@
if (!*cp) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-Syntax error in type map --- no ':': %s, r-filename);
+ Syntax error in type map --- no ':': %s,
r-filename);
return NULL;
}
@@ -692,8 +780,8 @@
if (!*cp) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-Syntax error in type map --- no header body: %s,
-r-filename);
+ Syntax error in type map --- no header body: %s,
+ r-filename);
return NULL;
}
@@ -707,6 +795,7 @@
char buffer[MAX_STRING_LEN];
enum header_state hstate;
struct var_rec mime_info;
+int has_content;
/* We are not using multiviews */
neg-count_multiviews_variants = 0;
@@ -714,25 +803,26 @@
map = ap_pfopen(neg-pool, rr-filename, r);
if (map == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-cannot access type map file: %s, rr-filename);
+ cannot access type map file: %s, rr-filename);
return HTTP_FORBIDDEN;
}
clean_var_rec(mime_info);
+has_content = 0;
do {
hstate = get_header_line(buffer, MAX_STRING_LEN, map);
if (hstate == header_seen) {
char *body1 = lcase_header_name_return_body(buffer, neg-r);
- const char *body;
+const char *body;
if (body1 == NULL) {
return SERVER_ERROR;
}
strip_paren_comments(body1);
- body=body1;
+body = body1;
if (!strncmp(buffer, uri:, 4)) {
mime_info.file_name = ap_get_token
cvs commit: apache-apr/pthreads/src/support README ab.8 ab.c apachectl apxs.8 htdigest.c htpasswd.1 htpasswd.c httpd.exp log_server_status ab.1
manoj 99/06/09 23:26:49 Modified:pthreads ABOUT_APACHE Announcement INSTALL KEYS Makefile.tmpl README.NT config.layout configure pthreads/conf highperformance.conf-dist httpd.conf-dist httpd.conf-dist-win mime.types pthreads/src Apache.dsp Apache.mak CHANGES Configuration.tmpl Configure Makefile.nt Makefile.tmpl Makefile_win32.txt Makefile_win32_debug.txt pthreads/src/ap Makefile.tmpl ap_md5c.c ap_snprintf.c pthreads/src/helpers GuessOS PrintPath TestCompile binbuild.sh buildinfo.sh checkheader.sh dummy.c findcpp.sh fmn.sh install.sh mkshadow.sh ppl.sh slo.sh pthreads/src/include alloc.h ap.h ap_compat.h ap_config.h ap_md5.h ap_mmn.h hsregex.h http_config.h http_core.h http_protocol.h httpd.h scoreboard.h util_md5.h pthreads/src/main acceptlock.c alloc.c http_accept.c http_config.c http_core.c http_log.c http_main.c http_protocol.c http_request.c util.c util_md5.c util_script.c util_uri.c pthreads/src/modules/example mod_example.c pthreads/src/modules/proxy .cvsignore Makefile.tmpl proxy_cache.c proxy_connect.c proxy_ftp.c proxy_http.c proxy_util.c pthreads/src/modules/standard .cvsignore mod_alias.c mod_auth_dbm.c mod_autoindex.c mod_cgi.c mod_dir.c mod_env.c mod_imap.c mod_include.c mod_info.c mod_log_config.c mod_mime.c mod_mime_magic.c mod_negotiation.c mod_rewrite.c mod_rewrite.h mod_setenvif.c mod_so.c mod_status.c mod_usertrack.c pthreads/src/modules/test mod_test_util_uri.c pthreads/src/os/bs2000 os.h pthreads/src/os/os2 Makefile.tmpl os.c os.h util_os2.c pthreads/src/os/tpf Makefile.tmpl os.c os.h pthreads/src/os/unix os.c os.h pthreads/src/os/win32 os.h registry.c registry.h service.c service.h pthreads/src/os/win32/installer apache.iwz pthreads/src/support ab.c apachectl apxs.8 htdigest.c htpasswd.1 htpasswd.c httpd.exp log_server_status Added: pthreads/src/ap ap_getpass.c pthreads/src/helpers getuid.sh pthreads/src/lib .cvsignore pthreads/src/lib/expat-lite .cvsignore CHANGES Makefile.tmpl asciitab.h expat.html hashtable.c hashtable.h iasciitab.h latin1tab.h nametab.h utf8tab.h xmldef.h xmlparse.c xmlparse.h xmlrole.c xmlrole.h xmltok.c xmltok.h xmltok_impl.c xmltok_impl.h xmltok_ns.c pthreads/src/support README ab.8 Removed: pthreads/src/support ab.1 Log: Resync the hybrid server with the apache-1.3 repository, as of Wed Jun 9 23:17:22 PDT 1999. Revision ChangesPath 1.3 +1 -1 apache-apr/pthreads/ABOUT_APACHE Index: ABOUT_APACHE === RCS file: /home/cvs/apache-apr/pthreads/ABOUT_APACHE,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -u -r1.2 -r1.3 --- ABOUT_APACHE 1999/03/17 16:59:14 1.2 +++ ABOUT_APACHE 1999/06/10 06:25:33 1.3 @@ -85,7 +85,7 @@ Alexei Kosut Stanford University, California Martin Kraemer Munich, Germany Ben Laurie Freelance Consultant, UK - Doug MacEachernFreelance Consultant, Summer Seasons, Earth + Doug MacEachernCritical Path, California Aram W. Mirzadeh Qosina Corporation, New York Sameer Parekh C2Net, California Cliff Skolnick Freelance, California 1.3 +59 -25apache-apr/pthreads/Announcement Index: Announcement === RCS file: /home/cvs/apache-apr/pthreads/Announcement,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -u -r1.2 -r1.3 --- Announcement 1999/02/07 06:28:58 1.2 +++ Announcement 1999/06/10 06:25:33 1.3 @@ -1,39 +1,73 @@ -Apache 1.3.4 Released +Apache 1.3.6 Released = The Apache Group is pleased to announce the release of version -1.3.4 of the Apache HTTP server. +1.3.6 of the Apache HTTP server. -This new Apache version incorporates over 90 significant improvements -to the server, including avoidance of some
cvs commit: apache-2.0/mpm/src/support/SHA1 README.sha1 convert-sha1.pl htpasswd-sha1.pl ldif-sha1.example
, such as the simple base64 encoded crypt()s, MD5 $ marked
* FreeBSD style and netscape SHA1's.
*/
#include string.h
#include ap_config.h
#include ap_md5.h
#include ap_sha1.h
#include ap.h
#ifdef CHARSET_EBCDIC
#include ebcdic.h
#endif /*CHARSET_EBCDIC*/
#if HAVE_CRYPT_H
#include crypt.h
#endif
/*
* Validate a plaintext password against a smashed one. Use either
* crypt() (if available), ap_MD5Encode() or ap_SHA1Encode depending
* upon the format of the smashed input password.
*
* Return NULL if they match, or an explanatory text string if they don't.
*/
API_EXPORT(char *) ap_validate_password(const char *passwd, const char *hash)
{
char sample[120];
char *crypt_pw;
/* FreeBSD style MD5 string
*/
if (!strncmp(hash, apr1_id, strlen(apr1_id))) {
ap_MD5Encode((const unsigned char *)passwd,
(const unsigned char *)hash, sample, sizeof(sample));
}
/* Netscape / SHA1 ldap style strng
*/
else if (!strncmp(hash, sha1_id, strlen(sha1_id))) {
ap_sha1_base64(passwd, strlen(passwd), sample);
}
else {
/*
* It's not our
cvs commit: apachen/htdocs/manual/vhosts details.html details_1_2.html examples.html fd-limits.html host.html index.html ip-based.html name-based.html vhosts-in-depth.html virtual-host.html
containing the variant (of the given media +DL + DT CODEURI:/CODE + DD uri of the file containing the variant (of the given media type, encoded with the given content encoding). These are interpreted as URLs relative to the map file; they must be on the same server (!), and they must refer to files to which the client would be granted access if they were to be requested directly. - dt codeContent-type:/code - dd media type --- charset, level and qs parameters may be given. These + DT CODEContent-type:/CODE + DD media type --- charset, level and qs parameters may be given. These are often referred to as MIME types; typical media types are - codeimage/gif/code, codetext/plain/code, or - codetext/html;nbsp;level=3/code. - dt codeContent-language:/code - dd The languages of the variant, specified as an Internet standard - language code (e.g., codeen/code for English, - codekr/code for Korean, etc.). - dt codeContent-encoding:/code - dd If the file is compressed, or otherwise encoded, rather than + CODEimage/gif/CODE, CODEtext/plain/CODE, or + CODEtext/html;nbsp;level=3/CODE. + DT CODEContent-language:/CODE + DD The languages of the variant, specified as an Internet standard + language code (e.g., CODEen/CODE for English, + CODEkr/CODE for Korean, etc.). + DT CODEContent-encoding:/CODE + DD If the file is compressed, or otherwise encoded, rather than containing the actual raw data, this says how that was done. For compressed files (the only case where this generally comes up), content encoding should be - codex-compress/code, or codex-gzip/code, as appropriate. - dt codeContent-length:/code - dd The size of the file. Clients can ask to receive a given media + CODEx-compress/CODE, or CODEx-gzip/CODE, as appropriate. + DT CODEContent-length:/CODE + DD The size of the file. Clients can ask to receive a given media type only if the variant isn't too big; specifying a content length in the map allows the server to compare against these thresholds without checking the actual file. -/dl +/DL h3Multiviews/h3 -p +P This is a per-directory option, meaning it can be set with an -codeOptions/code directive within a codelt;Directorygt;/code, -codelt;Locationgt;/code or codelt;Filesgt;/code -section in codeaccess.conf/code, or (if codeAllowOverride/code -is properly set) in code.htaccess/code files. Note that -codeOptions All/code does not set codeMultiViews/code; you +CODEOptions/CODE directive within a CODElt;Directorygt;/CODE, +CODElt;Locationgt;/CODE or CODElt;Filesgt;/CODE +section in CODEaccess.conf/CODE, or (if CODEAllowOverride/CODE +is properly set) in CODE.htaccess/CODE files. Note that +CODEOptions All/CODE does not set CODEMultiViews/CODE; you have to ask for it by name. (Fixing this is a one-line change to -codehttp_core.h/code). +CODEhttp_core.h/CODE). -p +P -The effect of codeMultiViews/code is as follows: if the server -receives a request for code/some/dir/foo/code, if -code/some/dir/code has codeMultiViews/code enabled, and -code/some/dir/foo/code does emnot/em exist, then the server reads the +The effect of CODEMultiViews/CODE is as follows: if the server +receives a request for CODE/some/dir/foo/CODE, if +CODE/some/dir/CODE has CODEMultiViews/CODE enabled, and +CODE/some/dir/foo/CODE does EMnot/EM exist, then the server reads the directory looking for files named foo.*, and effectively fakes up a type map which names all those files, assigning them the same media types and content-encodings it would have if the client had asked for one of them by name. It then chooses the best match to the client's requirements, and forwards them along. -p +P This applies to searches for the file named by the -codeDirectoryIndex/code directive, if the server is trying to +CODEDirectoryIndex/CODE directive, if the server is trying to index a directory; if the configuration files specify -pre +PRE DirectoryIndex index -/pre then the server will arbitrate between codeindex.html/code -and codeindex.html3/code if both are present. If neither are -present, and codeindex.cgi/code is there, the server will run it. +/PRE then the server will arbitrate between CODEindex.html/CODE +and CODEindex.html3/CODE if both are present. If neither are +present, and CODEindex.cgi/CODE is there, the server will run it. -p +P If one of the files found when reading the directive is a CGI script, it's not obvious what should happen. The code gives that case @@ -238,7 +238,7 @@ of the dimensions of variance. It is not necessary to know any of the details of how negotiation actually takes place in order to use Apache's content
cvs commit: apache/htdocs/manual/mod core.html mod_access.html mod_auth.html mod_auth_db.html mod_auth_dbm.html mod_auth_msql.html mod_browser.html mod_cern_meta.html mod_cgi.html mod_cookies.html mod_digest.html mod_dld.html mod_env.html mod_example.html mod_expires.html mod_headers.html mod_imap.html mod_include.html mod_log_agent.html mod_log_common.html mod_log_config.html mod_log_referer.html mod_mime.html mod_negotiation.html mod_proxy.html mod_rewrite.html mod_userdir.html mod_usertrack.html
marc97/04/30 22:27:20 Modified:htdocsindex.html htdocs/manual bind.html cgi_path.html content-negotiation.html dns-caveats.html env.html host.html install.html install_1_1.html man-template.html process-model.html suexec.html vhosts-in-depth.html virtual-host.html htdocs/manual/misc API.html client_block_api.html compat_notes.html fin_wait_2.html index.html known_bugs.html perf-dec.html perf.html vif-info.html htdocs/manual/mod core.html mod_access.html mod_auth.html mod_auth_db.html mod_auth_dbm.html mod_auth_msql.html mod_browser.html mod_cern_meta.html mod_cgi.html mod_cookies.html mod_digest.html mod_dld.html mod_env.html mod_example.html mod_expires.html mod_headers.html mod_imap.html mod_include.html mod_log_agent.html mod_log_common.html mod_log_config.html mod_log_referer.html mod_mime.html mod_negotiation.html mod_proxy.html mod_rewrite.html mod_userdir.html mod_usertrack.html Log: Big spelling and HTML cleanup of docs. Thanks go to weblint and ispell and their authors. Revision ChangesPath 1.5 +1 -1 apache/htdocs/index.html Index: index.html === RCS file: /export/home/cvs/apache/htdocs/index.html,v retrieving revision 1.4 retrieving revision 1.5 diff -C3 -r1.4 -r1.5 *** index.html1996/12/02 16:59:44 1.4 --- index.html1997/05/01 05:26:31 1.5 *** *** 18,23 server. Thanks for using Apache! P ! img src=apache_pb.gif /BODY/HTML --- 18,23 server. Thanks for using Apache! P ! img src=apache_pb.gif alt= /BODY/HTML 1.6 +1 -2 apache/htdocs/manual/bind.html Index: bind.html === RCS file: /export/home/cvs/apache/htdocs/manual/bind.html,v retrieving revision 1.5 retrieving revision 1.6 diff -C3 -r1.5 -r1.6 *** bind.html 1997/03/20 23:30:44 1.5 --- bind.html 1997/05/01 05:26:32 1.6 *** *** 75,81 main server what addresses and ports to listen to. If no lt;VirtualHostgt; directives are used, the server will behave the same for all accepted requests. However, lt;VirtualHostgt; can be ! used to specify a different behavour for one or more of the addresses and ports. To implement a VirtualHost, the server must first be told to listen to the address and port to be used. Then a lt;VirtualHostgt; section should be created for a specified address --- 75,81 main server what addresses and ports to listen to. If no lt;VirtualHostgt; directives are used, the server will behave the same for all accepted requests. However, lt;VirtualHostgt; can be ! used to specify a different behavior for one or more of the addresses and ports. To implement a VirtualHost, the server must first be told to listen to the address and port to be used. Then a lt;VirtualHostgt; section should be created for a specified address *** *** 93,99 a href=dns-caveats.htmlDNS Issues/a and a href=mod/core.html#virtualhostlt;VirtualHostgt; section/a. - /ul !--#include virtual=footer.html -- /BODY --- 93,98 1.2 +6 -6 apache/htdocs/manual/cgi_path.html Index: cgi_path.html === RCS file: /export/home/cvs/apache/htdocs/manual/cgi_path.html,v retrieving revision 1.1 retrieving revision 1.2 diff -C3 -r1.1 -r1.2 *** cgi_path.html 1996/12/20 05:42:13 1.1 --- cgi_path.html 1997/05/01 05:26:33 1.2 *** *** 11,17 pAs implemented in Apache 1.1.1 and earlier versions, the method Apache used to create PATH_INFO in the CGI environment was ! counterintiutive, and could result in crashes in certain cases. In Apache 1.2 and beyond, this behavior has changed. Although this results in some compatibility problems with certain legacy CGI applications, the Apache 1.2 behavior is still compatible with the --- 11,17 pAs implemented in Apache 1.1.1 and earlier versions, the method Apache used to create PATH_INFO in the CGI environment was ! counterintuitive, and could result in crashes in certain cases. In Apache 1.2 and beyond, this behavior has changed. Although this results in some compatibility problems with certain legacy CGI
cvs commit: apache/htdocs/manual/mod core.html mod_actions.html mod_auth_anon.html mod_auth_dbm.html mod_cern_meta.html mod_cgi.html mod_env.html mod_imap.html mod_include.html mod_negotiation.html mod_status.html
dgaudet 97/11/01 15:39:48 Modified:htdocs/manual Tag: APACHE_1_2_X content-negotiation.html custom-error.html dns-caveats.html env.html host.html index.html install.html invoking.html man-template.html multilogs.html new_features_1_0.html new_features_1_1.html new_features_1_2.html process-model.html suexec.html vhosts-in-depth.html virtual-host.html htdocs/manual/misc Tag: APACHE_1_2_X API.html client_block_api.html fin_wait_2.html nopgp.html perf-bsd44.html perf-dec.html perf.html security_tips.html vif-info.html htdocs/manual/mod Tag: APACHE_1_2_X core.html mod_actions.html mod_auth_anon.html mod_auth_dbm.html mod_cern_meta.html mod_cgi.html mod_env.html mod_imap.html mod_include.html mod_negotiation.html mod_status.html Log: Merge in doc changes that are relevant from 1.3 branch. Revision ChangesPath No revision No revision 1.10.2.1 +11 -11apache/htdocs/manual/content-negotiation.html Index: content-negotiation.html === RCS file: /export/home/cvs/apache/htdocs/manual/content-negotiation.html,v retrieving revision 1.10 retrieving revision 1.10.2.1 diff -u -r1.10 -r1.10.2.1 --- content-negotiation.html 1997/06/04 11:07:47 1.10 +++ content-negotiation.html 1997/11/01 23:39:18 1.10.2.1 @@ -22,7 +22,7 @@ couple of features to give more intelligent handling of requests from browsers which send incomplete negotiation information. p -Content negotiation is provided by the +Content negotiation is provided by the a href=mod/mod_negotiation.htmlmod_negotiation/a module, which is compiled in by default. @@ -47,7 +47,7 @@ /pre Note that this preference will only be applied when there is a choice -of representations and they vary by language. +of representations and they vary by language. p As an example of a more complex request, this browser has been @@ -78,12 +78,12 @@ In order to negotiate a resource, the server needs to be given information about each of the variants. This is done in one of two -ways: +ways: ul li Using a type map (i.e., a code*.var/code file) which names the files containing the variants explicitly - li Or using a 'MultiViews' search, where the server does an implicit + li Or using a 'MultiViews' search, where the server does an implicit filename pattern match, and chooses from among the results. /ul @@ -154,7 +154,7 @@ interpreted as URLs relative to the map file; they must be on the same server (!), and they must refer to files to which the client would be granted access if they were to be requested - directly. + directly. dt codeContent-type:/code dd media type --- charset, level and qs parameters may be given. These are often referred to as MIME types; typical media types are @@ -244,7 +244,7 @@ trthDimension thNotes trtdMedia Type -tdBrowser indicates preferences on Accept: header. Each item +tdBrowser indicates preferences on Accept: header. Each item can have an associated quality factor. Variant description can also have a quality factor. trtdLanguage @@ -292,7 +292,7 @@ else the order of languages on the Accept-Language header. liSelect the variants with the highest 'level' media parameter - (used to give the version of text/html media types). + (used to give the version of text/html media types). liSelect only unencoded variants, if there is a mix of encoded and non-encoded variants. If either all variants are encoded @@ -366,7 +366,7 @@ The explicit types have no quality factor, so they default to a preference of 1.0 (the highest). The wildcard */* is given a low preference of 0.01, so other types will only be returned if -no variant matches an explicitly listed type. +no variant matches an explicitly listed type. p If the Accept: header contains ino/i q factors at all, Apache sets @@ -386,7 +386,7 @@ The reason for setting this language quality factor for variant with no language to a very low value is to allow for a default variant which can be supplied if none of the -other variants match the browser's language preferences. +other variants match the browser's language preferences. For example, consider the situation with three variants: @@ -409,9 +409,9 @@ document, provided it is still within date. But if the resource is subject to content negotiation at the server
cvs commit: apache/htdocs/manual/mod core.html mod_actions.html mod_auth_anon.html mod_auth_dbm.html mod_cern_meta.html mod_cgi.html mod_env.html mod_example.html mod_imap.html mod_include.html mod_mime.html mod_negotiation.html mod_proxy.html mod_status.html
). liSelect only unencoded variants, if there is a mix of encoded and non-encoded variants. If either all variants are encoded @@ -366,7 +366,7 @@ The explicit types have no quality factor, so they default to a preference of 1.0 (the highest). The wildcard */* is given a low preference of 0.01, so other types will only be returned if -no variant matches an explicitly listed type. +no variant matches an explicitly listed type. p If the Accept: header contains ino/i q factors at all, Apache sets @@ -386,7 +386,7 @@ The reason for setting this language quality factor for variant with no language to a very low value is to allow for a default variant which can be supplied if none of the -other variants match the browser's language preferences. +other variants match the browser's language preferences. For example, consider the situation with three variants: @@ -409,9 +409,9 @@ document, provided it is still within date. But if the resource is subject to content negotiation at the server, this would result in only the first requested variant being cached, and subsequent cache -hits could return the wrong response. To prevent this, +hits could return the wrong response. To prevent this, Apache normally marks all responses that are returned after content negotiation -as non-cacheable by HTTP/1.0 clients. Apache also supports the HTTP/1.1 +as non-cacheable by HTTP/1.0 clients. Apache also supports the HTTP/1.1 protocol features to allow caching of negotiated responses. P For requests which come from a HTTP/1.0 compliant client (either a 1.8.2.3 +8 -7 apache/htdocs/manual/custom-error.html Index: custom-error.html === RCS file: /export/home/cvs/apache/htdocs/manual/custom-error.html,v retrieving revision 1.8.2.2 retrieving revision 1.8.2.3 diff -u -r1.8.2.2 -r1.8.2.3 --- custom-error.html 1997/11/01 23:39:18 1.8.2.2 +++ custom-error.html 1997/11/02 00:19:06 1.8.2.3 @@ -29,12 +29,13 @@ response, then this response can be replaced with either some friendlier text or by a redirection to another URL (local or external). + P - + DTOld behavior - DDNCSA httpd 1.3 would return some boring old error/problem message - which would often be meaningless to the user, and would provide no + DDNCSA httpd 1.3 would return some boring old error/problem message + which would often be meaningless to the user, and would provide no means of logging the symptoms which caused it.BR P @@ -68,7 +69,7 @@ REDIRECT_URL=/cgi-bin/buggy.pl br /code/blockquote - Pnote the codeREDIRECT_/code prefix. + Pnote the codeREDIRECT_/code prefix. PAt least codeREDIRECT_URL/code and codeREDIRECT_QUERY_STRING/code will be passed to the new URL (assuming it's a cgi-script or a cgi-include). The @@ -93,16 +94,16 @@ ErrorDocument 401 /Subscription/how_to_subscribe.html /code/blockquote - PThe syntax is, + PThe syntax is, PcodeA HREF=mod/core.html#errordocumentErrorDocument/A/code -lt;3-digit-codegt; action +lt;3-digit-codegt; action Pwhere the action can be, OL LIText to be displayed. Prefix the text with a quote (quot;). Whatever -follows the quote is displayed. emNote: the (quot;) prefix isn't +follows the quote is displayed. emNote: the (quot;) prefix isn't displayed./em LIAn external URL to redirect to. 1.5.2.2 +1 -1 apache/htdocs/manual/dns-caveats.html Index: dns-caveats.html === RCS file: /export/home/cvs/apache/htdocs/manual/dns-caveats.html,v retrieving revision 1.5.2.1 retrieving revision 1.5.2.2 diff -u -r1.5.2.1 -r1.5.2.2 --- dns-caveats.html 1997/11/01 23:39:19 1.5.2.1 +++ dns-caveats.html 1997/11/02 00:19:06 1.5.2.2 @@ -188,7 +188,7 @@ than not booting at all depending on what the webserver is supposed to accomplish. -pAs HTTP/1.1 is deployed and browsers and proxies start issuing the +pAs HTTP/1.1 is deployed and browsers and proxies start issuing the codeHost/code header it will become possible to avoid the use of IP-based virtual hosts entirely. In this event a webserver has no requirement to do DNS lookups during configuration. But as of March 1997 these 1.4.2.2 +4 -9 apache/htdocs/manual/env.html Index: env.html === RCS file: /export/home/cvs/apache/htdocs/manual/env.html,v retrieving revision 1.4.2.1 retrieving revision 1.4.2.2 diff -u -r1.4.2.1 -r1.4.2.2 --- env.html 1997/11/01 23:39:19 1.4.2.1 +++ env.html 1997/11/02 00:19:07 1.4.2.2 @@ -17,9 +17,9
cvs commit: apache-apr/pthreads/src/support Makefile.tmpl ab.1 ab.c apachectl apachectl.1 apxs.8 apxs.pl dbmmanage dbmmanage.1 htdigest.1 htdigest.c htpasswd.1 htpasswd.c httpd.8 httpd.exp log_server_status logresolve.8 logresolve.pl rotatelogs.8 split-logfile suexec.8 suexec.c suexec.h
@@ -Apache 1.3.3 Released +Apache 1.3.4 Released = The Apache Group is pleased to announce the release of version -1.3.3 of the Apache HTTP server. +1.3.4 of the Apache HTTP server. -This new Apache version is a bugfix release, primarily to fix a -serious problem with server error reporting introduced in 1.3.2. -This affected the functionality of most custom ErrorDocuments and -of some modules that depend on special error output (e.g., mod_speling). -A side-effect bug that resulted in incorrect error reporting of -nonexistent .htaccess files has also been fixed. +This new Apache version incorporates over 90 significant improvements +to the server, including avoidance of some denial-of-service attacks, +support for 3rd-party WebDAV modules, a complete overhaul of content +negotiation, optional column sorting for fancy indexes, the ability to +set a DefaultLanguage, and many fixes to improve consistency, portability, +and squish bugs. A complete listing is provided in the src/CHANGES file. -Additional changes in this release consist of new supported platforms, -Win32 and Unix portability fixes, ErrorDocument environment enhancements, -improved protocol behavior to match the HTTP/1.1 revised specification, -and assorted other features or fixes. Users should review the CHANGES file -and decide on their upgrade plans. We consider Apache 1.3.3 to be the -most stable version of Apache available and we strongly recommend that -users of older versions, especially of the 1.1.x and 1.2.x family, upgrade -as soon as possible. +Of special note are the many changes to the Apache configuration process. +The default path layout generated by the configure script has been +changed to be more consistent with the traditional Apache layout, and +several new command-line options have been added to make compilation +easier. Please see the README.configure and INSTALL files for complete +information. In addition, we have moved all of the server configuration +directives to a single file (httpd.conf-dist), updated mime.types, and +improved the examples for first-time installers. Finally, a few of the +rarely-used command-line options for httpd have been changed to be more +consistent with the help options of other programs. -Apache 1.3.3 is available for download from +We consider Apache 1.3.4 to be the best version of Apache available and +we strongly recommend that users of older versions, especially of the +1.1.x and 1.2.x family, upgrade as soon as possible. No further releases +will be made in the 1.2.x family. + +Apache 1.3.4 is available for download from http://www.apache.org/dist/ 1.2 +56 -48apache-apr/pthreads/INSTALL Index: INSTALL === RCS file: /home/cvs/apache-apr/pthreads/INSTALL,v retrieving revision 1.1 retrieving revision 1.2 diff -u -u -r1.1 -r1.2 --- INSTALL 1999/01/21 23:08:29 1.1 +++ INSTALL 1999/02/07 06:28:58 1.2 @@ -1,5 +1,5 @@ - A P A C H E I N S T A L L A T I O N + APACHE INSTALLATION NOTE: Windows users please read the documents README.NT and http://www.apache.org/docs/windows.html, (or the @@ -29,7 +29,7 @@ $ ./configure --prefix=PREFIX $ make $ make install - $ PREFIX/sbin/apachectl start + $ PREFIX/bin/apachectl start NOTE: PREFIX is not the string PREFIX. Instead use the Unix filesystem path under which Apache should be installed. For @@ -79,12 +79,11 @@ platform-dependend. The current state is this: o Out-of-the-box supported platforms are: - - Linux - IRIX - - FreeBSD - HPUX - - OpenBSD - Digital UNIX - - NetBSD- UnixWare - - SunOS - AIX - - Solaris - SCO + - Linux - SunOS - UnixWare + - FreeBSD - Solaris - AIX + - OpenBSD - IRIX - SCO + - NetBSD- HPUX + - BSDI - Digital Unix o Entirely unsupported platforms are: - Ultrix @@ -135,38 +134,37 @@ Reference: - $ [CC=...][CFLAGS_SHLIB=...] + $ [CC=...][CFLAGS_SHLIB=...] [TARGET=...] [OPTIM=...] [LD_SHLIB=...] [CFLAGS=...][LDFLAGS_SHLIB=...] [INCLUDES=...] [LDFLAGS_SHLIB_EXPORT=...] [LDFLAGS=...] [RANLIB=...] - [LIBS=...] - ./configure [--quiet] [--prefix=DIR] [--enable-rule=NAME] - [--verbose] [--exec-prefix=PREFIX] [--disable-rule=NAME] - [--shadow] [--bindir=EPREFIX] [--add-module=FILE] - [--help
cvs commit: apache-2.0/apache-nspr/os/win32 modules.c util_win32.c
dgaudet 98/09/22 11:05:55 Modified:apache-nspr Configuration.tmpl Makefile.tmpl apache-nspr/ap Makefile.tmpl ap.dsp ap_snprintf.c apache-nspr/include alloc.h ap.h ap_config.h buff.h hsregex.h http_conf_globals.h http_log.h http_protocol.h http_request.h httpd.h scoreboard.h util_md5.h apache-nspr/main Makefile.tmpl alloc.c buff.c http_config.c http_core.c http_log.c http_main.c http_protocol.c http_request.c rfc1413.c util.c util_date.c util_md5.c util_script.c apache-nspr/modules/example mod_example.c apache-nspr/modules/experimental mod_mmap_static.c apache-nspr/modules/proxy Makefile.tmpl proxy_cache.c proxy_connect.c proxy_ftp.c proxy_http.c apache-nspr/modules/standard Makefile.tmpl mod_access.c mod_actions.c mod_asis.c mod_auth.c mod_autoindex.c mod_cern_meta.c mod_cgi.c mod_digest.c mod_dir.c mod_expires.c mod_imap.c mod_include.c mod_info.c mod_log_config.c mod_mime.c mod_mime_magic.c mod_negotiation.c mod_rewrite.c mod_rewrite.h mod_so.c mod_speling.c mod_status.c mod_userdir.c apache-nspr/os/unix os.c apache-nspr/os/win32 modules.c util_win32.c Removed: apache-nspr/include conf.h Log: painful conflict resolution... I have not tried to compile this Revision ChangesPath 1.3 +27 -20apache-2.0/apache-nspr/Configuration.tmpl Index: Configuration.tmpl === RCS file: /export/home/cvs/apache-2.0/apache-nspr/Configuration.tmpl,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- Configuration.tmpl1998/06/30 08:57:04 1.2 +++ Configuration.tmpl1998/09/22 18:05:05 1.3 @@ -58,6 +58,7 @@ EXTRA_DEPS= #CC= +#CPP= #OPTIM= #RANLIB= @@ -72,8 +73,7 @@ # knowledge on how to compile these DSO files because this is # heavily platform-dependent. The current state of supported and # explicitly unsupported platforms can be found in the file -# htdocs/manual/sharedobjects.html, under -# Supported Platforms. +# htdocs/manual/dso.html, under Supported Platforms. # # For other platforms where you want to use the DSO mechanism you # first have to make sure it supports the pragmatic dlopen() @@ -90,6 +90,19 @@ # Then enable the DSO feature for particular modules individually # by replacing their `AddModule' command with `SharedModule' and # change the filename extension from `.o' to `.so'. +# +# Sometimes the DSO files need to be linked against other shared +# libraries to explicitly resolve symbols from them when the +# httpd program not already contains references to them. For +# instance when buidling mod_auth_db as a DSO you need to link +# the DSO against the libdb explicity because the Apache kernel +# has no references for this library. But the problem is that +# this chaining is not supported on all platforms. Although one +# usually can link a DSO against another DSO without linker +# complains the linkage is not really done on these platforms. +# So, when you receive unresolved symbol errors under runtime +# when using the LoadModule directive for a particular module try +# to enable the SHARED_CHAIN rule below. #CFLAGS_SHLIB= #LD_SHLIB= @@ -97,6 +110,7 @@ #LDFLAGS_SHLIB_EXPORT= Rule SHARED_CORE=default +Rule SHARED_CHAIN=default # Rules configuration @@ -105,7 +119,7 @@ # functions. The format is: Rule RULE=value # # At present, only the following RULES are known: WANTHSREGEX, SOCKS4, -# SOCKS5, STATUS, IRIXNIS, IRIXN32 and PARANOID. +# SOCKS5, IRIXNIS, IRIXN32 and PARANOID. # # For all Rules, if set to yes, then Configure knows we want that # capability and does what is required to add it in. If set to default @@ -122,12 +136,6 @@ # location to EXTRA_LIBS, otherwise Configure will assume # -L/usr/local/lib -lsocks5 # -# STATUS: -# If Configure determines that you are using the status_module, -# it will automatically enable full status information if set -# to 'yes'. If the status module is not included, having STATUS -# set to 'yes' has no impact. -# # IRIXNIS: # Only takes effect if Configure determines that you are running # SGI IRIX. If you are using a (ancient) 4.x version of IRIX, you @@ -148,7 +156,6 @@ # actually print-out the code that the modules execute # -Rule STATUS=yes Rule SOCKS4=no Rule SOCKS5=no Rule IRIXNIS=no @@
cvs commit: apache-apr/pthreads/src/support ab.1 ab.c apachectl apachectl.1 apxs.pl dbmmanage.1 htpasswd.c httpd.exp suexec.c
different source qualities, that may be indicated by the qs parameter to the media type, as in this picture (available as jpeg, gif, or ASCII-art): + PRE URI: foo @@ -142,14 +148,22 @@ URI: foo.txt Content-type: text/plain; qs=0.01 - /PRE P -qs values can vary between 0.000 and 1.000. Note that any variant with +qs values can vary in the range 0.000 to 1.000. Note that any variant with a qs value of 0.000 will never be chosen. Variants with no 'qs' -parameter value are given a qs factor of 1.0. P +parameter value are given a qs factor of 1.0. The qs parameter indicates +the relative 'quality' of this variant compared to the other available +variants, independent of the client's capabilities. For example, a jpeg +file is usually of higher source quality than an ascii file if it is +attempting to represent a photograph. However, if the resource being +represented is an original ascii art, then an ascii representation would +have a higher source quality than a jpeg representation. A qs value +is therefore specific to a given variant depending on the nature of +the resource it represents. +P The full list of headers recognized is: DL @@ -160,22 +174,24 @@ the same server (!), and they must refer to files to which the client would be granted access if they were to be requested directly. - DT CODEContent-type:/CODE + DT CODEContent-Type:/CODE DD media type --- charset, level and qs parameters may be given. These are often referred to as MIME types; typical media types are CODEimage/gif/CODE, CODEtext/plain/CODE, or CODEtext/html;nbsp;level=3/CODE. - DT CODEContent-language:/CODE + DT CODEContent-Language:/CODE DD The languages of the variant, specified as an Internet standard - language code (EMe.g./EM, CODEen/CODE for English, + language tag from RFC 1766 (EMe.g./EM, CODEen/CODE for English, CODEkr/CODE for Korean, EMetc./EM). - DT CODEContent-encoding:/CODE + DT CODEContent-Encoding:/CODE DD If the file is compressed, or otherwise encoded, rather than containing the actual raw data, this says how that was done. - For compressed files (the only case where this generally comes - up), content encoding should be - CODEx-compress/CODE, or CODEx-gzip/CODE, as appropriate. - DT CODEContent-length:/CODE + Apache only recognizes encodings that are defined by an + A HREF=mod/mod_mime.html#addencodingAddEncoding/A directive. + This normally includes the encodings CODEx-compress/CODE + for compress'd files, and CODEx-gzip/CODE for gzip'd files. + The CODEx-/CODE prefix is ignored for encoding comparisons. + DT CODEContent-Length:/CODE DD The size of the file. Clients can ask to receive a given media type only if the variant isn't too big; specifying a content length in the map allows the server to compare against these @@ -185,17 +201,15 @@ H3Multiviews/H3 P -This is a per-directory option, meaning it can be set with an -CODEOptions/CODE directive within a CODElt;Directorygt;/CODE, +CODEMultiViews/CODE is a per-directory option, meaning it can be set with +an CODEOptions/CODE directive within a CODElt;Directorygt;/CODE, CODElt;Locationgt;/CODE or CODElt;Filesgt;/CODE section in CODEaccess.conf/CODE, or (if CODEAllowOverride/CODE is properly set) in CODE.htaccess/CODE files. Note that CODEOptions All/CODE does not set CODEMultiViews/CODE; you -have to ask for it by name. (Fixing this is a one-line change to -CODEhttp_core.h/CODE). +have to ask for it by name. P - The effect of CODEMultiViews/CODE is as follows: if the server receives a request for CODE/some/dir/foo/CODE, if CODE/some/dir/CODE has CODEMultiViews/CODE enabled, and @@ -204,23 +218,22 @@ type map which names all those files, assigning them the same media types and content-encodings it would have if the client had asked for one of them by name. It then chooses the best match to the client's -requirements, and forwards them along. +requirements. P - -This applies to searches for the file named by the +CODEMultiViews/CODE may also apply to searches for the file named by the CODEDirectoryIndex/CODE directive, if the server is trying to -index a directory; if the configuration files specify -PRE +index a directory. If the configuration files specify +PRE DirectoryIndex index +/PRE -/PRE then the server will arbitrate between CODEindex.html/CODE +then the server will arbitrate between CODEindex.html/CODE and CODEindex.html3/CODE if both are present. If neither are present, and CODEindex.cgi/CODE is there, the server will run it. P - If one of the files found when reading the directive is a CGI script, it's
cvs commit: apache-1.3/src/test/rename rename.cf
rse 98/04/11 05:01:10 Modified:.STATUS src CHANGES Configure buildmark.c src/ap ap_slack.c ap_strings.c src/include alloc.h buff.h explain.h fnmatch.h http_conf_globals.h http_config.h http_core.h http_log.h http_main.h http_protocol.h http_request.h http_vhost.h httpd.h md5.h multithread.h rfc1413.h scoreboard.h util_date.h util_script.h util_uri.h src/main alloc.c buff.c fnmatch.c http_config.c http_core.c http_log.c http_main.c http_protocol.c http_request.c http_vhost.c md5c.c rfc1413.c util.c util_date.c util_md5.c util_script.c util_uri.c src/modules/example mod_example.c src/modules/experimental mod_mmap_static.c src/modules/proxy mod_proxy.c mod_proxy.h proxy_cache.c proxy_connect.c proxy_ftp.c proxy_http.c proxy_util.c src/modules/standard mod_access.c mod_actions.c mod_alias.c mod_asis.c mod_auth.c mod_auth_anon.c mod_auth_db.c mod_auth_dbm.c mod_autoindex.c mod_cern_meta.c mod_cgi.c mod_digest.c mod_dir.c mod_env.c mod_expires.c mod_headers.c mod_imap.c mod_include.c mod_info.c mod_log_agent.c mod_log_config.c mod_log_referer.c mod_mime.c mod_mime_magic.c mod_negotiation.c mod_rewrite.c mod_setenvif.c mod_so.c mod_speling.c mod_status.c mod_unique_id.c mod_userdir.c mod_usertrack.c src/modules/test mod_rndchunk.c mod_test_util_uri.c src/os/bs2000 os-inline.c os.c os.h src/os/emx os-inline.c os.h src/os/unix os-inline.c os.h src/os/win32 mod_dll.c mod_isapi.c modules.c multithread.c os.h registry.c service.c util_win32.c src/support htdigest.c src/test/rename rename.cf Log: THE BIG SYMBOL RENAMING FOR APACHE 1.3 The used renaming configuration: === bind_address ap_bind_address coredump_dir ap_coredump_dir daemons_limit ap_daemons_limit daemons_max_free ap_daemons_max_free daemons_min_free ap_daemons_min_free daemons_to_start ap_daemons_to_start excess_requests_per_child ap_excess_requests_per_child group_id ap_group_id listenbacklog ap_listenbacklog listeners ap_listeners lock_fname ap_lock_fname max_requests_per_child ap_max_requests_per_child pid_fname ap_pid_fname restart_time ap_restart_time scoreboard_fname ap_scoreboard_fname server_argv0 ap_server_argv0 server_confnameap_server_confname server_post_read_configap_server_post_read_config server_pre_read_config ap_server_pre_read_config server_rootap_server_root standalone ap_standalone threads_per_child ap_threads_per_child user_idap_user_id user_name ap_user_name suexec_enabled ap_suexec_enabled day_snames ap_day_snames dummy_mutexap_dummy_mutex month_snames ap_month_snames rfc1413_timeoutap_rfc1413_timeout scoreboard_image ap_scoreboard_image MD5Final ap_MD5Final MD5Initap_MD5Init MD5Update ap_MD5Update add_cgi_vars ap_add_cgi_vars add_common_varsap_add_common_vars add_module ap_add_module add_named_module ap_add_named_module add_per_dir_conf ap_add_per_dir_conf add_per_url_conf ap_add_per_url_conf allow_options ap_allow_options allow_overridesap_allow_overrides append_arrays ap_append_arrays array_cat ap_array_cat auth_name ap_auth_name auth_type ap_auth_type basic_http_header ap_basic_http_header bclose ap_bclose bcreateap_bcreate bfilbufap_bfilbuf bfilenoap_bfileno bflsbufap_bflsbuf bflush ap_bflush bgetopt
