| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2003-06-04 | mop up some more 3/4 license issues | Theo de Raadt | |
| 2003-06-02 | Remove the advertising clause in the UCB license which Berkeley | Todd C. Miller | |
| rescinded 22 July 1999. Proofed by myself and Theo. | |||
| 2003-06-01 | various format string cleanups; tedu ok | Theo de Raadt | |
| 2003-05-26 | install mod_ssl headers | Henning Brauer | |
| from a discussion with and ok by naddy@ | |||
| 2003-05-17 | sync to reduce diffs | Henning Brauer | |
| 2003-05-17 | bye bye | Henning Brauer | |
| 2003-05-12 | cut crap, use strdup instead of malloc + strlcpy, use err() | Henning Brauer | |
| 2003-05-12 | extend copyright to 2003 | Henning Brauer | |
| 2003-05-12 | no point in strncmp here; seen after question from | Henning Brauer | |
| Pedro Bastos <pbastos@rdc.puc-rio.br> | |||
| 2003-05-12 | explicit != NULL for pointer | Henning Brauer | |
| 2003-04-30 | add an ap_server_strip_chroot for LoadModule tags. this partially | Anil Madhavapeddy | |
| unbreaks apachectl restarts (it still dies when it hits dlopen later on) henning@ ok | |||
| 2003-04-20 | oh, the cgi-man thing... duh | Theo de Raadt | |
| 2003-04-16 | honour httpd_flags from rc.conf | Henning Brauer | |
| ok hin@ jakob@ ho@ markus@ lebel@ avsm@ todd@ | |||
| 2003-04-15 | fix an oups | Henning Brauer | |
| 2003-04-15 | close to "official" ap_config.h so future merges are easier. NOOP, just style | Henning Brauer | |
| 2003-04-14 | standalone/stand alone -> stand-alone; | Jason McIntyre | |
| from NetBSD (Igor Sobrado); httpd stuff passed to apache people; ok millert@ | |||
| 2003-04-09 | string shit; ok dhartmei@ | Henning Brauer | |
| 2003-04-09 | more string shit, ok bob and vincent | Henning Brauer | |
| 2003-04-08 | missing free(pagname); noticed by vincent | Henning Brauer | |
| 2003-04-08 | 2x trivial strcpy | Henning Brauer | |
| 2003-04-08 | very easy strcpy | Henning Brauer | |
| 2003-04-08 | kill one more strcpy; easy one | Henning Brauer | |
| 2003-04-08 | easy sprintf in code we don't use | Henning Brauer | |
| 2003-04-08 | string fixes in code we don't compile by default; tedu help & ok | Henning Brauer | |
| 2003-04-08 | use asprintf; ok henning | Theo de Raadt | |
| 2003-04-08 | yes I am a dork | Henning Brauer | |
| 2003-04-08 | string fixes; pval agrees | Henning Brauer | |
| 2003-04-08 | trivial strcpy in code we don't even compile | Henning Brauer | |
| 2003-04-08 | string stuff, ok pval | Henning Brauer | |
| 2003-04-08 | bye-bye sprintf, ok pval@ | Henning Brauer | |
| 2003-04-08 | string stuff; ok pval@ | Henning Brauer | |
| 2003-04-08 | more strcpy & friends bye-bye; ok pval | Henning Brauer | |
| 2003-04-08 | string shit; ok pval | Henning Brauer | |
| 2003-04-08 | string shit, ok pval@ | Henning Brauer | |
| 2003-04-08 | more string shitz | Henning Brauer | |
| 2003-04-08 | easy strcpy elimination | Henning Brauer | |
| 2003-04-05 | trivial sprintf | Henning Brauer | |
| 2003-03-23 | sync FILES section with reality | Henning Brauer | |
| 2003-03-23 | correct URL to apache online docs | Henning Brauer | |
| 2003-03-19 | use RSA key blinding code from mod_ssl 2.8.13. differences to our own fix | Henning Brauer | |
| that was already in are purely cosmetical, but this will make the future merge of mod_ssl 2.8.13 easier. | |||
| 2003-03-15 | missing ap_server_strip_chroot() | Henning Brauer | |
| 2003-03-14 | RSA blinding for private keys here too. | Hakan Olsson | |
| 2003-03-14 | Add RSA blinding for private keys. markus@ ok. | Hakan Olsson | |
| 2003-03-06 | date should be written formally: .Dd Month day, year | David Krause | |
| ok henning@ jmc@ | |||
| 2003-02-21 | open the etag-state file writeonly. open it O_TRUNC in case it was too big. | Henning Brauer | |
| chmod/chown to root.www 0640, just in case a etag file from the initial version is around. ok cloder theo | |||
| 2003-02-21 | $OpenBSD$ | Henning Brauer | |
| 2003-02-21 | fix restarts. | Henning Brauer | |
| the etag-state file wasn't readable after chroot and privilege drop. therefore, make it root.www 640. split the read and write portions to their own functions, and in init_etag, try to write the etag-state; in case of any problem with that, create a new one and read that. | |||
| 2003-02-18 | intial -> initial; | Jason McIntyre | |
| the great intial witch hunt, as prompted by tdeval@ os-aix-dso.c: ok henning@ ab.C: ok drahn@ | |||
| 2003-02-17 | Add hyphens to boundary ID to make it not pure base64. This means that | Chad Loder | |
| the boundary could never ever be accidentally matched inside base64 data. Based on conversation with markus@, deraadt@, henning@. OK deraadt@, henning@ | |||
| 2003-02-16 | Don't leak the inode numbers of served files via the | Chad Loder | |
| ETag (entity tag) header value. Instead of including the file modification date, inode, file size, etc. directly in the ETag header, return a SHA1 hash of these values instead. This SHA1 hash is initialized with a pseudorandom secret, so that it's harder to brute force inode numbers. This initialization secret is saved in a file called "etag-state" in the httpd chroot logs/ directory, so that the ETag header values are consistent across httpd restarts (if the secret were different each time httpd started, ETags would change unnecessarily and thereby cause caches to refresh unnecessarily). An additional change is introduced: we add the dev number to the hash when (and only when) we add the inode number to the hash. Before: HTTP/1.1 200 OK Server: Apache/1.3.27 (Unix) mod_ssl/2.8.12 OpenSSL/0.9.7-beta3 ETag: "b10d3-1e59-3e49cbe4" In this case, we can tell the inode number of index.html is is b10d3 hex. After: HTTP/1.1 200 OK Server: Apache/1.3.27 (Unix) mod_ssl/2.8.12 OpenSSL/0.9.7-beta3 ETag: "3f3b3cb2ce2e278087960b3be6a6e9844166e371" Idea and solution by deraadt@. OK deraadt@, henning@. Any bugs are my fault :) | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |