cvs commit: apache-1.3/src CHANGES Configure
rse 98/05/11 03:13:28
Modified:src CHANGES Configure
Log:
Fix handling of LDFLAGS_SHLIB_EXPORT variable. It was used
in src/Configure but never retrieved from the config file.
Revision ChangesPath
1.843 +4 -0 apache-1.3/src/CHANGES
Index: CHANGES
===
RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.842
retrieving revision 1.843
diff -u -r1.842 -r1.843
--- CHANGES 1998/05/10 13:04:25 1.842
+++ CHANGES 1998/05/11 10:13:25 1.843
@@ -1,4 +1,8 @@
Changes with Apache 1.3b7
+
+ *) The LDFLAGS_SHLIB_EXPORT variable of src/Configuration[.tmpl] was
+ not retrieved in src/Configure and thus was not useable.
+ [Ralf S. Engelschall]
*) Various Makefile consistency cleanups:
- make OSDIR also automatically be relative to src/ like INCDIR
1.259 +1 -0 apache-1.3/src/Configure
Index: Configure
===
RCS file: /export/home/cvs/apache-1.3/src/Configure,v
retrieving revision 1.258
retrieving revision 1.259
diff -u -r1.258 -r1.259
--- Configure 1998/05/10 13:04:26 1.258
+++ Configure 1998/05/11 10:13:26 1.259
@@ -774,6 +774,7 @@
## Check for user provided flags for shared object support
##
TLDFLAGS_SHLIB=`egrep '^LDFLAGS_SHLIB=' Makefile.config | tail -1 | awk -F=
'{print $2}'`
+TLDFLAGS_SHLIB_EXPORT=`egrep '^LDFLAGS_SHLIB_EXPORT=' Makefile.config | tail
-1 | awk -F= '{print $2}'`
TCFLAGS_SHLIB=`egrep '^CFLAGS_SHLIB=' Makefile.config | tail -1 | awk -F=
'{print $2}'`
cvs commit: apache-1.3/htdocs/manual/mod directive-dict.html
marc98/05/11 07:51:24 Modified:htdocs/manual sections.html htdocs/manual/mod directive-dict.html Log: Fix AllowOverrides --> AllowOverride in docs. PR: 2213 Submitted by: Thomas Neumann <[EMAIL PROTECTED]> Revision ChangesPath 1.6 +1 -1 apache-1.3/htdocs/manual/sections.html Index: sections.html === RCS file: /export/home/cvs/apache-1.3/htdocs/manual/sections.html,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- sections.html 1998/02/05 20:04:14 1.5 +++ sections.html 1998/05/11 14:51:23 1.6 @@ -32,7 +32,7 @@(except a sub- section, but the code doesn't test for that, Lars has an open bug report on that). Semantically however some things, and the most -notable is AllowOverrides, make no sense in +notable is AllowOverride, make no sense in . The same for -- syntactically everything is fine, but semantically some things are different. 1.2 +3 -3 apache-1.3/htdocs/manual/mod/directive-dict.html Index: directive-dict.html === RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/directive-dict.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- directive-dict.html 1997/10/15 14:45:24 1.1 +++ directive-dict.html 1998/05/11 14:51:24 1.2 @@ -179,12 +179,12 @@ Overrides are activated by the AllowOverrides + >AllowOverride directive, and apply to a particular scope (such as a directory) and all descendants, unless further modified by other - AllowOverrides directives at lower levels. The + AllowOverride directives at lower levels. The documentation for that directive also lists the possible override names available.
cvs commit: apache-1.3/src CHANGES
marc98/05/11 08:03:13 Modified:src CHANGES Log: Fix AllowOverrides --> AllowOverride. PR: 2213 Submitted by: Thomas Neumann <[EMAIL PROTECTED]> Revision ChangesPath 1.844 +1 -1 apache-1.3/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.843 retrieving revision 1.844 diff -u -r1.843 -r1.844 --- CHANGES 1998/05/11 10:13:25 1.843 +++ CHANGES 1998/05/11 15:03:12 1.844 @@ -1065,7 +1065,7 @@ calls that use too small an initial guess, see alloc.c. [Dean Gaudet] - *) Options and AllowOverrides weren't properly merging in the main + *) Options and AllowOverride weren't properly merging in the main server setting inside vhosts (only an issue when you have no or other section containing an Options that affects a request). Options +foo or -foo in the main_server wouldn't
cvs commit: apache-1.3/src/ap ap_snprintf.c
dgaudet 98/05/11 10:49:21
Modified:src/ap ap_snprintf.c
Log:
Martin found the core dumping bug... it was my fault. psprintf()
could possibly set curpos == endpos + 1... and the old test for sp ==
bep would never find this case. As a result it would waltz past the
end of a block. When I wrote the "sp == bep" thing I thought "it's the
caller's responsibility to guarantee this!" ... er, program defensively
Dean, it doesn't cost any more in this case.
Revision ChangesPath
1.24 +1 -1 apache-1.3/src/ap/ap_snprintf.c
Index: ap_snprintf.c
===
RCS file: /export/home/cvs/apache-1.3/src/ap/ap_snprintf.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- ap_snprintf.c 1998/05/07 13:13:53 1.23
+++ ap_snprintf.c 1998/05/11 17:49:21 1.24
@@ -269,7 +269,7 @@
*/
#define INS_CHAR(c, sp, bep, cc) \
{ \
- if (sp == bep) {\
+ if (sp >= bep) {\
vbuff->curpos = sp; \
if (flush_func(vbuff)) \
return -1; \
cvs commit: apache-1.3/src/include ap.h
dgaudet 98/05/11 10:50:09 Modified:src/include ap.h Log: fix comment about curpos == endpos Revision ChangesPath 1.15 +1 -1 apache-1.3/src/include/ap.h Index: ap.h === RCS file: /export/home/cvs/apache-1.3/src/include/ap.h,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- ap.h 1998/05/06 19:49:48 1.14 +++ ap.h 1998/05/11 17:50:09 1.15 @@ -117,7 +117,7 @@ * appropriate, re-initialize curpos and endpos, and return 0. * * Note that flush_func is only invoked as a result of attempting to - * write another byte at curpos when curpos == endpos. So for + * write another byte at curpos when curpos >= endpos. So for * example, it's possible when the output exactly matches the buffer * space available that curpos == endpos will be true when * ap_vformatter returns.
cvs commit: apache-1.2/src CHANGES Configure conf.h
brian 98/05/11 12:56:06 Modified:src CHANGES Configure conf.h Log: Support for NCR MP/RAS 3.0 [John Withers <[EMAIL PROTECTED]>] Revision ChangesPath 1.308 +2 -0 apache-1.2/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache-1.2/src/CHANGES,v retrieving revision 1.307 retrieving revision 1.308 diff -u -r1.307 -r1.308 --- CHANGES 1998/05/08 06:29:32 1.307 +++ CHANGES 1998/05/11 19:56:04 1.308 @@ -1,5 +1,7 @@ Changes with Apache 1.2.7 + *) Support for NCR MP/RAS 3.0 [John Withers <[EMAIL PROTECTED]>] + *) Correct a protocol issue - always send the "Accept-ranges: bytes" header in the default_handler. [Brian Behlendorf] 1.100 +6 -0 apache-1.2/src/Configure Index: Configure === RCS file: /export/home/cvs/apache-1.2/src/Configure,v retrieving revision 1.99 retrieving revision 1.100 diff -u -r1.99 -r1.100 --- Configure 1998/03/20 18:25:28 1.99 +++ Configure 1998/05/11 19:56:04 1.100 @@ -482,6 +482,12 @@ OS='Paragon OSF/1' CFLAGS="$CFLAGS -DPARAGON" ;; +4850-*.*) +OS='NCR MP/RAS' +CFLAGS="$CFLAGS -DSVR4 -DMPRAS" +DEF_WANTHSREGEX="yes" +LIBS="$LIBS -lsocket -lnsl -lc -L/usr/ucblib -lucb" +;; *) # default: Catch systems we don't know about echo Sorry, but we cannot grok \"$PLAT\" echo uname -m 1.104 +2 -0 apache-1.2/src/conf.h Index: conf.h === RCS file: /export/home/cvs/apache-1.2/src/conf.h,v retrieving revision 1.103 retrieving revision 1.104 diff -u -r1.103 -r1.104 --- conf.h1998/04/13 11:45:37 1.103 +++ conf.h1998/05/11 19:56:05 1.104 @@ -336,8 +336,10 @@ #define NO_KILLPG #undef NO_SETSID #undef NEED_STRDUP +#ifndef MPRAS #define NEED_STRCASECMP #define NEED_STRNCASECMP +#endif #define bzero(a,b) memset(a,0,b) #define JMP_BUF sigjmp_buf /* A lot of SVR4 systems need this */
cvs commit: apache-1.3/src/include conf.h
brian 98/05/11 12:59:02 Modified:src CHANGES Configure src/include conf.h Log: Support for the NCR MP/RAS 3.0 [John Withers <[EMAIL PROTECTED]>] Revision ChangesPath 1.845 +2 -0 apache-1.3/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.844 retrieving revision 1.845 diff -u -r1.844 -r1.845 --- CHANGES 1998/05/11 15:03:12 1.844 +++ CHANGES 1998/05/11 19:58:56 1.845 @@ -1,5 +1,7 @@ Changes with Apache 1.3b7 + *) Support for the NCR MP/RAS 3.0 [John Withers <[EMAIL PROTECTED]>] + *) The LDFLAGS_SHLIB_EXPORT variable of src/Configuration[.tmpl] was not retrieved in src/Configure and thus was not useable. [Ralf S. Engelschall] 1.260 +6 -0 apache-1.3/src/Configure Index: Configure === RCS file: /export/home/cvs/apache-1.3/src/Configure,v retrieving revision 1.259 retrieving revision 1.260 diff -u -r1.259 -r1.260 --- Configure 1998/05/11 10:13:26 1.259 +++ Configure 1998/05/11 19:58:57 1.260 @@ -672,6 +672,12 @@ CFLAGS="$CFLAGS -DBEOS" DEF_WANTHSREGEX=yes ;; +4850-*.*) +OS='NCR MP/RAS' +CFLAGS="$CFLAGS -DSVR4 -DMPRAS" +DEF_WANTHSREGEX=yes +LIBS="$LIBS -lsocket -lnsl -lc -L/usr/ucblib -lucb" +;; *) # default: Catch systems we don't know about OS='Unknown and unsupported OS' echo Sorry, but we cannot grok \"$PLAT\" 1.210 +3 -1 apache-1.3/src/include/conf.h Index: conf.h === RCS file: /export/home/cvs/apache-1.3/src/include/conf.h,v retrieving revision 1.209 retrieving revision 1.210 diff -u -r1.209 -r1.210 --- conf.h1998/05/09 17:29:44 1.209 +++ conf.h1998/05/11 19:59:01 1.210 @@ -485,10 +485,12 @@ #define NO_KILLPG #undef NO_SETSID #undef NEED_STRDUP +#ifndef MPRAS #define NEED_STRCASECMP #ifndef ENCORE #define NEED_STRNCASECMP -#endif +#endif /* ENCORE */ +#endif /* MPRAS */ #define bzero(a,b) memset(a,0,b) /* A lot of SVR4 systems need this */ #ifndef USE_SYSVSEM_SERIALIZED_ACCEPT
cvs commit: apache-1.3/src/main http_core.c http_main.c
jim 98/05/11 13:08:10
Modified:.STATUS
htdocs/manual new_features_1_3.html
htdocs/manual/mod core.html
src CHANGES
src/include http_conf_globals.h httpd.h
src/main http_core.c http_main.c
Log:
Submitted by: Jim Jagielski
Replace the AddVersionPlatform directive with ServerTokens directive
which allow for either Minimal ("Apache/1.3.0"), OS ("Apache/1.3.0 (UNIX)")
or Full ("Apache/1.3.0 (UNIX) PHP/3.0") type Server headers.
SERVER_SUBVERSION is no longer supported.
Revision ChangesPath
1.395 +0 -10 apache-1.3/STATUS
Index: STATUS
===
RCS file: /export/home/cvs/apache-1.3/STATUS,v
retrieving revision 1.394
retrieving revision 1.395
diff -u -r1.394 -r1.395
--- STATUS1998/05/10 17:19:01 1.394
+++ STATUS1998/05/11 20:08:02 1.395
@@ -18,16 +18,6 @@
o Jim's looked over the ap_snprintf() stuff (the changes that Dean
did to make thread-safe) and they look fine.
-* The whole SERVER_SUBVERSION, Server: token debate.
- Problem: currently the additional tokens show up in the
- reverse order that they were added. Also, no real control
- over whether to display them or not. Keeping SERVER_SUBVERSION
- available "conflicts" with the new ap_add_version_component()
- function.
- Available patch:
- <[EMAIL PROTECTED]>
- Status:
-
WIN32 1.3 FINAL RELEASE SHOWSTOPPERS:
* SECURITY: check if the magic con/aux/nul/etc names do anything
1.58 +8 -9 apache-1.3/htdocs/manual/new_features_1_3.html
Index: new_features_1_3.html
===
RCS file: /export/home/cvs/apache-1.3/htdocs/manual/new_features_1_3.html,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- new_features_1_3.html 1998/05/09 04:42:25 1.57
+++ new_features_1_3.html 1998/05/11 20:08:03 1.58
@@ -639,18 +639,17 @@
configuration.
Including the operating system in the server
identity
- A new directive, AddVersionPlatform, allows the Webmaster
- to change the value of
- the Server response header field which is sent back
- to clients. The AddVersionPlatform directive controls
- whether the server will
- include a non-specific note in the server identity about the type of
- operating system on which the server is running. As of Apache 1.3, this
- additional information is included by default.
+ A new directive, ServerTokens, allows the Webmaster
+ to change the value of the Server response header
+ field which is sent back to clients. The ServerTokens
+ directive controls whether the server will include a non-specific
+ note in the server identity about the type of operating system on
+ which the server is running as well as included module information.
+ As of Apache 1.3, this additional information is included by default.
1.116 +51 -47apache-1.3/htdocs/manual/mod/core.html
Index: core.html
===
RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/core.html,v
retrieving revision 1.115
retrieving revision 1.116
diff -u -r1.115 -r1.116
--- core.html 1998/05/09 04:42:27 1.115
+++ core.html 1998/05/11 20:08:04 1.116
@@ -24,7 +24,6 @@
AccessConfig
AccessFileName
AddModule
-AddVersionPlatform
AllowOverride
AuthName
AuthType
@@ -78,6 +77,7 @@
ServerPath
ServerRoot
ServerSignature
+ServerTokens
ServerType
StartServers
ThreadsPerChild
@@ -179,52 +179,6 @@
be cleared with the ClearModuleList
directive.
-AddVersionPlatform directive
-
-Syntax: AddVersionPlatform On|Off
-Context: server config
-Status: core
-Compatibility: AddVersionPlatform is only available
- in Apache 1.3 and later
-
-
-This directive controls whether the server's operating system platform
-will be identified in the Server response header
-field which is sent back to clients. If enabled, a non-specific platform
-designation will be added to the identity string, as shown below:
-
-
- AddVersionPlatform Off
-
- Server sends: Server: Apache/1.3.0
-
- AddVersionPlatform On (or not specified)
-
- Server sends: Server: Apache/1.3.0 (UNIX)
-
-
-
-This setting applies to the entire server, and cannot be enabled or
-disabled on a virtualhost-by-virtualhost basis.
-
-
-By default, this information is included in the server
-identity string.
-
-
-
AllowOverride directive
EMail setting additionally creates a "mailto:";
reference to the ServerAdmin of the
referenced document.
+
+
+
+ServerTokens directive
cvs commit: apache-1.3/src/include ap.h
brian 98/05/11 13:42:35 Modified:src/include ap.h Log: Some API prefix stuff that was missed in the great renaming. Revision ChangesPath 1.16 +3 -3 apache-1.3/src/include/ap.h Index: ap.h === RCS file: /export/home/cvs/apache-1.3/src/include/ap.h,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- ap.h 1998/05/11 17:50:09 1.15 +++ ap.h 1998/05/11 20:42:35 1.16 @@ -85,7 +85,7 @@ #endif #endif /* WIN32 */ -/* apapi_vformatter() is a generic printf-style formatting routine +/* ap_vformatter() is a generic printf-style formatting routine * with some extensions. The extensions are: * * %pA takes a struct in_addr *, and prints it as a.b.c.d @@ -98,8 +98,8 @@ * work as expected at all, but that seems to be a fair trade-off * for the increased robustness of having printf-warnings work. * - * Additionally, apapi_vformatter allows for arbitrary output methods - * using the apapi_vformatter_buff and flush_func. + * Additionally, ap_vformatter allows for arbitrary output methods + * using the ap_vformatter_buff and flush_func. * * The ap_vformatter_buff has two elements curpos and endpos. * curpos is where ap_vformatter will write the next byte of output.
cvs commit: apache-1.3 STATUS
brian 98/05/11 16:45:13 Modified:.STATUS Log: Moved two issues to non-showstopper status based on new-httpd discussions. Revision ChangesPath 1.396 +12 -10apache-1.3/STATUS Index: STATUS === RCS file: /export/home/cvs/apache-1.3/STATUS,v retrieving revision 1.395 retrieving revision 1.396 diff -u -r1.395 -r1.396 --- STATUS1998/05/11 20:08:02 1.395 +++ STATUS1998/05/11 23:45:11 1.396 @@ -11,18 +11,8 @@ FINAL RELEASE SHOWSTOPPERS: -* Someone other than Dean has to do a security/correctness review on - psprintf(), bprintf(), and ap_snprintf(). In particular these routines - do lots of fun pointer manipulations and such and possibly have overflow - errors. The respective flush_funcs also need to be exercised. - o Jim's looked over the ap_snprintf() stuff (the changes that Dean - did to make thread-safe) and they look fine. - WIN32 1.3 FINAL RELEASE SHOWSTOPPERS: -* SECURITY: check if the magic con/aux/nul/etc names do anything - really bad - * SECURITY: numerous uses of strcpy and strcat have potential for buffer overflow, someone should rewrite or verify they're safe @@ -126,6 +116,15 @@ Open issues: +* Someone other than Dean has to do a security/correctness review on + psprintf(), bprintf(), and ap_snprintf(). In particular these routines + do lots of fun pointer manipulations and such and possibly have overflow + errors. The respective flush_funcs also need to be exercised. + o Jim's looked over the ap_snprintf() stuff (the changes that Dean + did to make thread-safe) and they look fine. + o Laura La Gassa's looked over ap_vformatter & other related code + o Could still use 1 or 2 more sets of eyeballs. + * Paul would like to see a 'gdbm' option because he uses it a lot. @@ -188,6 +187,9 @@ Ken: What's W95-specific about it? Help: + +* SECURITY: check if the magic con/aux/nul/etc names do anything + really bad * chdir() for CGI scripts and mod_include #exec needs to be re-implemented. This requires either serializing chdir/spawn
