summaryrefslogtreecommitdiff
path: root/usr.sbin/httpd
AgeCommit message (Collapse)Author
2005-03-10Write this in real C, not some bullshit GNU extension that other compilersTheo de Raadt
do no understand.
2005-03-09Do not leak Keynote sessions on failure. Also check snprintf returnChad Loder
value for truncation and failure. OK hshoexer
2005-03-09Check kn_init for failure.Chad Loder
OK hshoexer@, henning@
2005-02-17Fix scoping error in fatal error check during passphrase/privkey handling.Aaron Campbell
henning@, otto@, robert@ ok
2005-02-13Don't close the dbm until after we have copied the datum retrieved by theAaron Campbell
fetch into a local buffer. Adapted from r1.10 of the same file in Apache CVS. henning@ ok
2005-02-09cleanup and unifdef'ing, no change in object filesHenning Brauer
work by Daniel Ouellet <daniel@presscom.net>
2005-01-08SECURITY: CAN-2004-0940 (cve.mitre.org)Theo de Raadt
mod_include: Fix potential buffer overflow with escaped characters in SSI tag string. [Martin Kraemer, Jim Jagielski] merged by fgsch
2005-01-02document ssl(8);Jason McIntyre
2004-12-31add ssl(8) to SEE ALSO;Jason McIntyre
2004-12-28document that suexec has to be setuid to work correctly;Jason McIntyre
slightly more logical layout of the page; ok henning@
2004-12-28add apache manual to SEE ALSO;Jason McIntyre
2004-12-21missing apache Xr's;Jason McIntyre
2004-12-21sync w/ obsd;Jason McIntyre
2004-12-20apachectl is section 8, not 1;Jason McIntyre
2004-12-20convert to mdoc. ok jmcJared Yanovich
2004-12-14.Xr dbmmanage 1 ,Jason McIntyre
2004-12-14convert to mdoc;Jason McIntyre
2004-12-14- be more consistent when referring to ServerRootJason McIntyre
- document DocumentRoot more explicitly - don't use .Va for everything ok henning@
2004-12-14sync usage() w/ SYNOPSIS and remove some verbosity;Jason McIntyre
ok henning@
2004-12-14convert to mdoc;Jason McIntyre
2004-12-14OBSD sync;Jason McIntyre
2004-12-14update (and sort) FILES;Jason McIntyre
ok henning@
2004-12-14one more rc.conf -> rc.conf.local;Jason McIntyre
2004-12-14convert to mdoc;Jason McIntyre
2004-12-07sync usage() w/ man page;Jason McIntyre
2004-12-07sync w/ obsd behaviour + tweaks;Jason McIntyre
2004-12-07convert to mdoc;Jason McIntyre
2004-12-06customise for obsd + tweaks;Jason McIntyre
ok henning@
2004-12-06kill more dead code, mostly inside #ifdef SOMENONSENSEONSTUPIDOSESHenning Brauer
joint work by Michael Knudsen <e@molioner.dk> and Daniel Ouellet <daniel@presscom.net> with my input no change in binaries
2004-12-06convert to mdoc;Jason McIntyre
2004-12-04sync usage() w/ man page;Jason McIntyre
ok henning@
2004-12-04reorder page contents somewhat, to make this easier to read, and put theJason McIntyre
chroot stuff back into the main description; remove non-standard Sh OPTIONS; remove apache web site link, since we keep the docs locally anyway; ok henning@
2004-12-04edit rc.conf.local, not rc.conf;Jason McIntyre
2004-12-04sort OPTIONS/SYNOPSIS;Jason McIntyre
2004-12-04these pages not used;Jason McIntyre
ok henning@
2004-12-04incredible what for shit is in this codeHenning Brauer
adding time and date the binary was built is a really really really important and worthwile information, rrrrriiiiiiiigggggghhhht. and for sure a nice way to make the binary changes every time it is built workaround for now (return "unnown") since this stupid piece of crap function is part of the API and modules etc might (ab)use it. king bula sez: what an incredible nonsense pointed out by John Kerbawy <kerbawy@gmail.com>
2004-12-03king bula sez: rot where the other crap rots shall theseHenning Brauer
2004-12-02king bula sez: in Attic/ you shall rotHenning Brauer
2004-12-02Redirected to /dev/nullHenning Brauer
2004-12-02big time httpd cleanupHenning Brauer
this diff removes a lot of #ifdef'd stuff that is irrelevant for us. done by Daniel Ouellet after my advice. tested by many, ok miod@
2004-10-20merge changes from mod_ssl 2.8.20, in particular a fix for CAN-2004-0885Henning Brauer
2004-09-10expand @@ServerRoot@@ variableDavid Krause
2004-09-08security fix:Henning Brauer
Apache's mod_rewrite module can be made to write one zero byte in an arbitrary memory position outside of a char array, causing DoS or possibly buffer overflows. The function lookup_map_dbmfile() in modules/mappers/mod_rewrite.c copies data from a DBM file to the char array buf in a _secure_ manner, but it zero-terminates the array afterwards in an _insecure_ manner. If the key that is looked up has an n bytes long value, a zero byte will be written in the memory position n bytes from the start of the char array buf. exploiting would require enabling dbm for mod_rewrite and getting it to use a malicious dbm file. reported by Ulf.Harnhammar.9485@student.uu.se fix by me ok otto, deraadt
2004-08-25typos from -f (PR #3907);Jason McIntyre
2004-07-31Make UseCanonicalName off correctly grab port info fromBrad Smith
the client. Make UseCanonicalName socket port aware. ok henning@
2004-07-27art.html -> art1.html, PR3872 From: ak@ebi.ac.ukHenning Brauer
2004-07-26Fold in backport of 2.0 fix for mod_usertrack core dumpBrad Smith
when enabled but no explicit CookieName is set. From: Apache CVS ok henning@
2004-06-10SECURITY: CAN-2004-0492 (cve.mitre.org)Henning Brauer
Reject responses from a remote server if sent an invalid (negative) Content-Length. [Mark Cox]
2004-06-10get changes from mod_ssl 2.8.18:Henning Brauer
*) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation if the Subject-DN in the client certificate exceeds 6KB in length. (CVE CAN-2004-0488). *) Handle the case of OpenSSL retry requests after interrupted system calls during the SSL handshake phase. *) Remove some unused functions.
2004-06-07mod_digest for Apache does not properly verify the nonce of a client responseBrad Smith
by using a AuthNonce secret. CAN-2003-0987 ok henning@
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-03 13:57:55 +0000