cvs commit: apache-1.3/src CHANGES Configure
rse 98/05/11 03:13:28 Modified:src CHANGES Configure Log: Fix handling of LDFLAGS_SHLIB_EXPORT variable. It was used in src/Configure but never retrieved from the config file. Revision ChangesPath 1.843 +4 -0 apache-1.3/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.842 retrieving revision 1.843 diff -u -r1.842 -r1.843 --- CHANGES 1998/05/10 13:04:25 1.842 +++ CHANGES 1998/05/11 10:13:25 1.843 @@ -1,4 +1,8 @@ Changes with Apache 1.3b7 + + *) The LDFLAGS_SHLIB_EXPORT variable of src/Configuration[.tmpl] was + not retrieved in src/Configure and thus was not useable. + [Ralf S. Engelschall] *) Various Makefile consistency cleanups: - make OSDIR also automatically be relative to src/ like INCDIR 1.259 +1 -0 apache-1.3/src/Configure Index: Configure === RCS file: /export/home/cvs/apache-1.3/src/Configure,v retrieving revision 1.258 retrieving revision 1.259 diff -u -r1.258 -r1.259 --- Configure 1998/05/10 13:04:26 1.258 +++ Configure 1998/05/11 10:13:26 1.259 @@ -774,6 +774,7 @@ ## Check for user provided flags for shared object support ## TLDFLAGS_SHLIB=`egrep '^LDFLAGS_SHLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'` +TLDFLAGS_SHLIB_EXPORT=`egrep '^LDFLAGS_SHLIB_EXPORT=' Makefile.config | tail -1 | awk -F= '{print $2}'` TCFLAGS_SHLIB=`egrep '^CFLAGS_SHLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'`
cvs commit: apache-1.3/htdocs/manual/mod directive-dict.html
marc98/05/11 07:51:24 Modified:htdocs/manual sections.html htdocs/manual/mod directive-dict.html Log: Fix AllowOverrides --> AllowOverride in docs. PR: 2213 Submitted by: Thomas Neumann <[EMAIL PROTECTED]> Revision ChangesPath 1.6 +1 -1 apache-1.3/htdocs/manual/sections.html Index: sections.html === RCS file: /export/home/cvs/apache-1.3/htdocs/manual/sections.html,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- sections.html 1998/02/05 20:04:14 1.5 +++ sections.html 1998/05/11 14:51:23 1.6 @@ -32,7 +32,7 @@(except a sub- section, but the code doesn't test for that, Lars has an open bug report on that). Semantically however some things, and the most -notable is AllowOverrides, make no sense in +notable is AllowOverride, make no sense in . The same for -- syntactically everything is fine, but semantically some things are different. 1.2 +3 -3 apache-1.3/htdocs/manual/mod/directive-dict.html Index: directive-dict.html === RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/directive-dict.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- directive-dict.html 1997/10/15 14:45:24 1.1 +++ directive-dict.html 1998/05/11 14:51:24 1.2 @@ -179,12 +179,12 @@ Overrides are activated by the AllowOverrides + >AllowOverride directive, and apply to a particular scope (such as a directory) and all descendants, unless further modified by other - AllowOverrides directives at lower levels. The + AllowOverride directives at lower levels. The documentation for that directive also lists the possible override names available.
cvs commit: apache-1.3/src CHANGES
marc98/05/11 08:03:13 Modified:src CHANGES Log: Fix AllowOverrides --> AllowOverride. PR: 2213 Submitted by: Thomas Neumann <[EMAIL PROTECTED]> Revision ChangesPath 1.844 +1 -1 apache-1.3/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.843 retrieving revision 1.844 diff -u -r1.843 -r1.844 --- CHANGES 1998/05/11 10:13:25 1.843 +++ CHANGES 1998/05/11 15:03:12 1.844 @@ -1065,7 +1065,7 @@ calls that use too small an initial guess, see alloc.c. [Dean Gaudet] - *) Options and AllowOverrides weren't properly merging in the main + *) Options and AllowOverride weren't properly merging in the main server setting inside vhosts (only an issue when you have no or other section containing an Options that affects a request). Options +foo or -foo in the main_server wouldn't
cvs commit: apache-1.3/src/ap ap_snprintf.c
dgaudet 98/05/11 10:49:21 Modified:src/ap ap_snprintf.c Log: Martin found the core dumping bug... it was my fault. psprintf() could possibly set curpos == endpos + 1... and the old test for sp == bep would never find this case. As a result it would waltz past the end of a block. When I wrote the "sp == bep" thing I thought "it's the caller's responsibility to guarantee this!" ... er, program defensively Dean, it doesn't cost any more in this case. Revision ChangesPath 1.24 +1 -1 apache-1.3/src/ap/ap_snprintf.c Index: ap_snprintf.c === RCS file: /export/home/cvs/apache-1.3/src/ap/ap_snprintf.c,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- ap_snprintf.c 1998/05/07 13:13:53 1.23 +++ ap_snprintf.c 1998/05/11 17:49:21 1.24 @@ -269,7 +269,7 @@ */ #define INS_CHAR(c, sp, bep, cc) \ { \ - if (sp == bep) {\ + if (sp >= bep) {\ vbuff->curpos = sp; \ if (flush_func(vbuff)) \ return -1; \
cvs commit: apache-1.3/src/include ap.h
dgaudet 98/05/11 10:50:09 Modified:src/include ap.h Log: fix comment about curpos == endpos Revision ChangesPath 1.15 +1 -1 apache-1.3/src/include/ap.h Index: ap.h === RCS file: /export/home/cvs/apache-1.3/src/include/ap.h,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- ap.h 1998/05/06 19:49:48 1.14 +++ ap.h 1998/05/11 17:50:09 1.15 @@ -117,7 +117,7 @@ * appropriate, re-initialize curpos and endpos, and return 0. * * Note that flush_func is only invoked as a result of attempting to - * write another byte at curpos when curpos == endpos. So for + * write another byte at curpos when curpos >= endpos. So for * example, it's possible when the output exactly matches the buffer * space available that curpos == endpos will be true when * ap_vformatter returns.
cvs commit: apache-1.2/src CHANGES Configure conf.h
brian 98/05/11 12:56:06 Modified:src CHANGES Configure conf.h Log: Support for NCR MP/RAS 3.0 [John Withers <[EMAIL PROTECTED]>] Revision ChangesPath 1.308 +2 -0 apache-1.2/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache-1.2/src/CHANGES,v retrieving revision 1.307 retrieving revision 1.308 diff -u -r1.307 -r1.308 --- CHANGES 1998/05/08 06:29:32 1.307 +++ CHANGES 1998/05/11 19:56:04 1.308 @@ -1,5 +1,7 @@ Changes with Apache 1.2.7 + *) Support for NCR MP/RAS 3.0 [John Withers <[EMAIL PROTECTED]>] + *) Correct a protocol issue - always send the "Accept-ranges: bytes" header in the default_handler. [Brian Behlendorf] 1.100 +6 -0 apache-1.2/src/Configure Index: Configure === RCS file: /export/home/cvs/apache-1.2/src/Configure,v retrieving revision 1.99 retrieving revision 1.100 diff -u -r1.99 -r1.100 --- Configure 1998/03/20 18:25:28 1.99 +++ Configure 1998/05/11 19:56:04 1.100 @@ -482,6 +482,12 @@ OS='Paragon OSF/1' CFLAGS="$CFLAGS -DPARAGON" ;; +4850-*.*) +OS='NCR MP/RAS' +CFLAGS="$CFLAGS -DSVR4 -DMPRAS" +DEF_WANTHSREGEX="yes" +LIBS="$LIBS -lsocket -lnsl -lc -L/usr/ucblib -lucb" +;; *) # default: Catch systems we don't know about echo Sorry, but we cannot grok \"$PLAT\" echo uname -m 1.104 +2 -0 apache-1.2/src/conf.h Index: conf.h === RCS file: /export/home/cvs/apache-1.2/src/conf.h,v retrieving revision 1.103 retrieving revision 1.104 diff -u -r1.103 -r1.104 --- conf.h1998/04/13 11:45:37 1.103 +++ conf.h1998/05/11 19:56:05 1.104 @@ -336,8 +336,10 @@ #define NO_KILLPG #undef NO_SETSID #undef NEED_STRDUP +#ifndef MPRAS #define NEED_STRCASECMP #define NEED_STRNCASECMP +#endif #define bzero(a,b) memset(a,0,b) #define JMP_BUF sigjmp_buf /* A lot of SVR4 systems need this */
cvs commit: apache-1.3/src/include conf.h
brian 98/05/11 12:59:02 Modified:src CHANGES Configure src/include conf.h Log: Support for the NCR MP/RAS 3.0 [John Withers <[EMAIL PROTECTED]>] Revision ChangesPath 1.845 +2 -0 apache-1.3/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.844 retrieving revision 1.845 diff -u -r1.844 -r1.845 --- CHANGES 1998/05/11 15:03:12 1.844 +++ CHANGES 1998/05/11 19:58:56 1.845 @@ -1,5 +1,7 @@ Changes with Apache 1.3b7 + *) Support for the NCR MP/RAS 3.0 [John Withers <[EMAIL PROTECTED]>] + *) The LDFLAGS_SHLIB_EXPORT variable of src/Configuration[.tmpl] was not retrieved in src/Configure and thus was not useable. [Ralf S. Engelschall] 1.260 +6 -0 apache-1.3/src/Configure Index: Configure === RCS file: /export/home/cvs/apache-1.3/src/Configure,v retrieving revision 1.259 retrieving revision 1.260 diff -u -r1.259 -r1.260 --- Configure 1998/05/11 10:13:26 1.259 +++ Configure 1998/05/11 19:58:57 1.260 @@ -672,6 +672,12 @@ CFLAGS="$CFLAGS -DBEOS" DEF_WANTHSREGEX=yes ;; +4850-*.*) +OS='NCR MP/RAS' +CFLAGS="$CFLAGS -DSVR4 -DMPRAS" +DEF_WANTHSREGEX=yes +LIBS="$LIBS -lsocket -lnsl -lc -L/usr/ucblib -lucb" +;; *) # default: Catch systems we don't know about OS='Unknown and unsupported OS' echo Sorry, but we cannot grok \"$PLAT\" 1.210 +3 -1 apache-1.3/src/include/conf.h Index: conf.h === RCS file: /export/home/cvs/apache-1.3/src/include/conf.h,v retrieving revision 1.209 retrieving revision 1.210 diff -u -r1.209 -r1.210 --- conf.h1998/05/09 17:29:44 1.209 +++ conf.h1998/05/11 19:59:01 1.210 @@ -485,10 +485,12 @@ #define NO_KILLPG #undef NO_SETSID #undef NEED_STRDUP +#ifndef MPRAS #define NEED_STRCASECMP #ifndef ENCORE #define NEED_STRNCASECMP -#endif +#endif /* ENCORE */ +#endif /* MPRAS */ #define bzero(a,b) memset(a,0,b) /* A lot of SVR4 systems need this */ #ifndef USE_SYSVSEM_SERIALIZED_ACCEPT
cvs commit: apache-1.3/src/main http_core.c http_main.c
jim 98/05/11 13:08:10 Modified:.STATUS htdocs/manual new_features_1_3.html htdocs/manual/mod core.html src CHANGES src/include http_conf_globals.h httpd.h src/main http_core.c http_main.c Log: Submitted by: Jim Jagielski Replace the AddVersionPlatform directive with ServerTokens directive which allow for either Minimal ("Apache/1.3.0"), OS ("Apache/1.3.0 (UNIX)") or Full ("Apache/1.3.0 (UNIX) PHP/3.0") type Server headers. SERVER_SUBVERSION is no longer supported. Revision ChangesPath 1.395 +0 -10 apache-1.3/STATUS Index: STATUS === RCS file: /export/home/cvs/apache-1.3/STATUS,v retrieving revision 1.394 retrieving revision 1.395 diff -u -r1.394 -r1.395 --- STATUS1998/05/10 17:19:01 1.394 +++ STATUS1998/05/11 20:08:02 1.395 @@ -18,16 +18,6 @@ o Jim's looked over the ap_snprintf() stuff (the changes that Dean did to make thread-safe) and they look fine. -* The whole SERVER_SUBVERSION, Server: token debate. - Problem: currently the additional tokens show up in the - reverse order that they were added. Also, no real control - over whether to display them or not. Keeping SERVER_SUBVERSION - available "conflicts" with the new ap_add_version_component() - function. - Available patch: - <[EMAIL PROTECTED]> - Status: - WIN32 1.3 FINAL RELEASE SHOWSTOPPERS: * SECURITY: check if the magic con/aux/nul/etc names do anything 1.58 +8 -9 apache-1.3/htdocs/manual/new_features_1_3.html Index: new_features_1_3.html === RCS file: /export/home/cvs/apache-1.3/htdocs/manual/new_features_1_3.html,v retrieving revision 1.57 retrieving revision 1.58 diff -u -r1.57 -r1.58 --- new_features_1_3.html 1998/05/09 04:42:25 1.57 +++ new_features_1_3.html 1998/05/11 20:08:03 1.58 @@ -639,18 +639,17 @@ configuration. Including the operating system in the server identity - A new directive, AddVersionPlatform, allows the Webmaster - to change the value of - the Server response header field which is sent back - to clients. The AddVersionPlatform directive controls - whether the server will - include a non-specific note in the server identity about the type of - operating system on which the server is running. As of Apache 1.3, this - additional information is included by default. + A new directive, ServerTokens, allows the Webmaster + to change the value of the Server response header + field which is sent back to clients. The ServerTokens + directive controls whether the server will include a non-specific + note in the server identity about the type of operating system on + which the server is running as well as included module information. + As of Apache 1.3, this additional information is included by default. 1.116 +51 -47apache-1.3/htdocs/manual/mod/core.html Index: core.html === RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/core.html,v retrieving revision 1.115 retrieving revision 1.116 diff -u -r1.115 -r1.116 --- core.html 1998/05/09 04:42:27 1.115 +++ core.html 1998/05/11 20:08:04 1.116 @@ -24,7 +24,6 @@ AccessConfig AccessFileName AddModule -AddVersionPlatform AllowOverride AuthName AuthType @@ -78,6 +77,7 @@ ServerPath ServerRoot ServerSignature +ServerTokens ServerType StartServers ThreadsPerChild @@ -179,52 +179,6 @@ be cleared with the ClearModuleList directive. -AddVersionPlatform directive - -Syntax: AddVersionPlatform On|Off -Context: server config -Status: core -Compatibility: AddVersionPlatform is only available - in Apache 1.3 and later - - -This directive controls whether the server's operating system platform -will be identified in the Server response header -field which is sent back to clients. If enabled, a non-specific platform -designation will be added to the identity string, as shown below: - - - AddVersionPlatform Off - - Server sends: Server: Apache/1.3.0 - - AddVersionPlatform On (or not specified) - - Server sends: Server: Apache/1.3.0 (UNIX) - - - -This setting applies to the entire server, and cannot be enabled or -disabled on a virtualhost-by-virtualhost basis. - - -By default, this information is included in the server -identity string. - - - AllowOverride directive EMail setting additionally creates a "mailto:"; reference to the ServerAdmin of the referenced document. + + + +ServerTokens directive
cvs commit: apache-1.3/src/include ap.h
brian 98/05/11 13:42:35 Modified:src/include ap.h Log: Some API prefix stuff that was missed in the great renaming. Revision ChangesPath 1.16 +3 -3 apache-1.3/src/include/ap.h Index: ap.h === RCS file: /export/home/cvs/apache-1.3/src/include/ap.h,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- ap.h 1998/05/11 17:50:09 1.15 +++ ap.h 1998/05/11 20:42:35 1.16 @@ -85,7 +85,7 @@ #endif #endif /* WIN32 */ -/* apapi_vformatter() is a generic printf-style formatting routine +/* ap_vformatter() is a generic printf-style formatting routine * with some extensions. The extensions are: * * %pA takes a struct in_addr *, and prints it as a.b.c.d @@ -98,8 +98,8 @@ * work as expected at all, but that seems to be a fair trade-off * for the increased robustness of having printf-warnings work. * - * Additionally, apapi_vformatter allows for arbitrary output methods - * using the apapi_vformatter_buff and flush_func. + * Additionally, ap_vformatter allows for arbitrary output methods + * using the ap_vformatter_buff and flush_func. * * The ap_vformatter_buff has two elements curpos and endpos. * curpos is where ap_vformatter will write the next byte of output.
cvs commit: apache-1.3 STATUS
brian 98/05/11 16:45:13 Modified:.STATUS Log: Moved two issues to non-showstopper status based on new-httpd discussions. Revision ChangesPath 1.396 +12 -10apache-1.3/STATUS Index: STATUS === RCS file: /export/home/cvs/apache-1.3/STATUS,v retrieving revision 1.395 retrieving revision 1.396 diff -u -r1.395 -r1.396 --- STATUS1998/05/11 20:08:02 1.395 +++ STATUS1998/05/11 23:45:11 1.396 @@ -11,18 +11,8 @@ FINAL RELEASE SHOWSTOPPERS: -* Someone other than Dean has to do a security/correctness review on - psprintf(), bprintf(), and ap_snprintf(). In particular these routines - do lots of fun pointer manipulations and such and possibly have overflow - errors. The respective flush_funcs also need to be exercised. - o Jim's looked over the ap_snprintf() stuff (the changes that Dean - did to make thread-safe) and they look fine. - WIN32 1.3 FINAL RELEASE SHOWSTOPPERS: -* SECURITY: check if the magic con/aux/nul/etc names do anything - really bad - * SECURITY: numerous uses of strcpy and strcat have potential for buffer overflow, someone should rewrite or verify they're safe @@ -126,6 +116,15 @@ Open issues: +* Someone other than Dean has to do a security/correctness review on + psprintf(), bprintf(), and ap_snprintf(). In particular these routines + do lots of fun pointer manipulations and such and possibly have overflow + errors. The respective flush_funcs also need to be exercised. + o Jim's looked over the ap_snprintf() stuff (the changes that Dean + did to make thread-safe) and they look fine. + o Laura La Gassa's looked over ap_vformatter & other related code + o Could still use 1 or 2 more sets of eyeballs. + * Paul would like to see a 'gdbm' option because he uses it a lot. @@ -188,6 +187,9 @@ Ken: What's W95-specific about it? Help: + +* SECURITY: check if the magic con/aux/nul/etc names do anything + really bad * chdir() for CGI scripts and mod_include #exec needs to be re-implemented. This requires either serializing chdir/spawn