summaryrefslogtreecommitdiff
path: root/usr.sbin/httpd
AgeCommit message (Collapse)Author
2004-01-15Fix printf format string. ok henning@Otto Moerbeek
2004-01-13cast vararg sentinel value to pointerOtto Moerbeek
ok henning@
2004-01-13return value at end of non-void functionOtto Moerbeek
ok henning@
2003-11-21Allow and Deny rules with IP addresses outside the class A rangeHenning Brauer
(e.g. 192.168.1.1) where parsed incorrectly on sparc64. It only affected IP addresses with no netmask definition. The cause of this was: a) use of the wrong type -- unsigned long instead of a 32bit value b) implicit casts from int to unsigned long with sign extension While doing that fix also some other obvious bugs. from claudio jeker
2003-11-17two more dead MANUALFILESHenning Brauer
2003-11-17these are gone since some time tooHenning Brauer
2003-11-17this is historic as of 1.3.29Henning Brauer
2003-11-17syn manualfilesHenning Brauer
2003-11-17merge apache 1.3.29 and mod_ssl 2.8.16Henning Brauer
ok brad@
2003-11-17import Apache 1.3.29 and mod_ssl 2.8.16Henning Brauer
2003-11-06add commented out LoadModule statements for each module we build and installHenning Brauer
and a short description what it does result of a conversation with nick@ and Diana Eichert
2003-10-30typo from Tom Cosgrove; this appears to already be fixed in latest httpd;Jason McIntyre
2003-10-29security fix from upcoming apache 1.3.29:Henning Brauer
SECURITY: CAN-2003-0542 (cve.mitre.org) Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. [André Malo] ok markus@
2003-10-24initgroups() before chroot(), found by Daniel LucqHenning Brauer
ok deraadt@
2003-10-17use u_int32_t instead of unsigned long, a 32-bit quantity is needed.Daniel Hartmeier
ok deraadt@
2003-10-08ugly hack to fix digest authentication for ie, safari et al. FreeBSD PR#55401.Jakob Schlyter
ok henning@
2003-10-02chroot handling for SSLCertificateChainFile, problem found and fix tested byHenning Brauer
Sandor Palfy <netchan@cotse.net>
2003-09-26use a much more random salt; prompted by ast@domdv.deTheo de Raadt
2003-09-19when dropping privileges use initgroups(3) instead of setgroups(2) so theHenning Brauer
secondary groups get initialized as well. ok beck@ deraadt@
2003-08-27these are not needed here; henning@ ok.Federico G. Schwindt
2003-08-26bitgarbage to the recycle binHenning Brauer
2003-08-25string shitHenning Brauer
ok markus@
2003-08-21die - regenerated during buildHenning Brauer
noriced by theo
2003-08-21thank you, cvs, for re-adding files that were removed on purposeHenning Brauer
2003-08-21sync MANUALFILESHenning Brauer
2003-08-21we have our own oneHenning Brauer
2003-08-21apache bug #21737 ( http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21737)Henning Brauer
introduced with 1.3.28: Apparently there has been a regression in 1.3.28 from 1.3.27 whereby CGI scripts are getting left around as zombies when suexec is in use, apparently because of a change in src/main/alloc.c that altered the behavior when sending SIGTERM to a child process. With suexec, the SIGTERM at line 2862 will fail not because the subprocess is dead already but because the httpd uid has no permission to term the cgi process, which is running as some other user. fix by Ralf S. Engelschall: That is, we don't have to check for the return value of ap_os_kill() and especially not check for ESRCH, because we _HAVE_ to waitpid() for it anyway (because it's our child and it either is already terminated and is waiting as a zombie for our waitpid() or it is still running). Under Unix it cannot be that a (non-detached in the sense of BSD's daemon(3)) child of a process just does no longer exists as long as the parent still exists and as long as the parent still has not done waitpid() for the child. So ESRCH cannot happen in our situation and the patch we currently use is fully sufficient. Both are at least portable enough for Unix, of course...
2003-08-21#include conf.h -> ap_config.hHenning Brauer
2003-08-21fixHenning Brauer
2003-08-21mergeHenning Brauer
2003-08-21mergeHenning Brauer
2003-08-21import apache 1.3.28 and mod_ssl 2.8.15Henning Brauer
2003-08-14add tgz, prodded by wimHenning Brauer
2003-08-07use setusercontext(3) instead of initgroups/setuid/et al., making possibleFederico G. Schwindt
to limit resources based on the user class the binary is run under. while i'm here, use %u for gid_t and uid_t. input and ok from millert and henning.
2003-08-06Remove some double semicolons (hmm, do two semis equal a maxi?).Todd C. Miller
I've skipped the GNU stuff for now. From Patrick Latifi.
2003-07-18#include "http_main.h" for the chroot functionsDavid Krause
fixes some implicit declaration warnings ok henning@
2003-07-14- new sentence, new lineJason McIntyre
- .Bk/.Ek for SYNOPSIS - kill whitespace at EOL - some macro fixes ok henning@
2003-07-08declare chroot and etag functions in the .h filesDavid Krause
and get rid of some implicit declaration warnings ok henning@
2003-07-08oupsie, error in code we don't compileHenning Brauer
found bu david
2003-07-02bump mktemp/mkstemp randomness from 6 -> 10 X'sAnil Madhavapeddy
henning@ ok
2003-06-12Terms 3 and 4 have been removed from sbin/isakmpd/x509.c so theyTodd C. Miller
can go away here too.
2003-06-04mop up some more 3/4 license issuesTheo de Raadt
2003-06-02Remove the advertising clause in the UCB license which BerkeleyTodd C. Miller
rescinded 22 July 1999. Proofed by myself and Theo.
2003-06-01various format string cleanups; tedu okTheo de Raadt
2003-05-26install mod_ssl headersHenning Brauer
from a discussion with and ok by naddy@
2003-05-17sync to reduce diffsHenning Brauer
2003-05-17bye byeHenning Brauer
2003-05-12cut crap, use strdup instead of malloc + strlcpy, use err()Henning Brauer
2003-05-12extend copyright to 2003Henning Brauer
2003-05-12no point in strncmp here; seen after question fromHenning Brauer
Pedro Bastos <pbastos@rdc.puc-rio.br>