| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2004-07-27 | art.html -> art1.html, PR3872 From: ak@ebi.ac.uk | Henning Brauer | |
| 2004-07-26 | Fold in backport of 2.0 fix for mod_usertrack core dump | Brad Smith | |
| when enabled but no explicit CookieName is set. From: Apache CVS ok henning@ | |||
| 2004-06-10 | SECURITY: CAN-2004-0492 (cve.mitre.org) | Henning Brauer | |
| Reject responses from a remote server if sent an invalid (negative) Content-Length. [Mark Cox] | |||
| 2004-06-10 | get changes from mod_ssl 2.8.18: | Henning Brauer | |
| *) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation if the Subject-DN in the client certificate exceeds 6KB in length. (CVE CAN-2004-0488). *) Handle the case of OpenSSL retry requests after interrupted system calls during the SSL handshake phase. *) Remove some unused functions. | |||
| 2004-06-07 | mod_digest for Apache does not properly verify the nonce of a client response | Brad Smith | |
| by using a AuthNonce secret. CAN-2003-0987 ok henning@ | |||
| 2004-06-07 | Apache does not filter terminal escape sequences from its error logs, which | Brad Smith | |
| could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. CAN-2003-0020 ok henning@ | |||
| 2004-06-07 | check for NOPIC instead of using a list of arch names. | Brad Smith | |
| ok drahn@ henning@ | |||
| 2004-05-16 | Use arc4random(3) to compute random numbers, instead of using rand() | Otto Moerbeek | |
| to produce a double, snprintf()ing that into a buffer and then converting the string to an int with atoi(). ok millert@ henning@ | |||
| 2004-05-16 | Use arc4random(3) instead of rand(3) to compute random numbers. | Otto Moerbeek | |
| ok millert@ henning@ | |||
| 2004-04-13 | commented out LoadModule statement for mod_proxy like we do for the other | Henning Brauer | |
| modules, From: Robert McMeekin <rrm3@rrm3.org> | |||
| 2004-04-01 | audio/x-vorbis, ok henning@ | Todd T. Fries | |
| 2004-02-27 | change amd64's MACHINE_ARCH from x86_64 to amd64. There are many many | Theo de Raadt | |
| reasons for this, quite a few of them technical, and not all of them in response to Intel's broken ia32e crud. The gcc toolchain stays at x86_64 for now. | |||
| 2004-02-11 | enable shared libs on amd64; from drahn | Theo de Raadt | |
| 2004-02-11 | ARM now supports shared libraries. | Dale Rahn | |
| 2004-02-10 | ap_server_strip_chroot() is void not int, found by otto while playing with | Henning Brauer | |
| a etoh diff | |||
| 2004-02-03 | somehow cvs revived this long dead directory, but fgs@ noticed | Henning Brauer | |
| 2004-01-15 | Fix printf format string. ok henning@ | Otto Moerbeek | |
| 2004-01-13 | cast vararg sentinel value to pointer | Otto Moerbeek | |
| ok henning@ | |||
| 2004-01-13 | return value at end of non-void function | Otto Moerbeek | |
| ok henning@ | |||
| 2003-11-21 | Allow and Deny rules with IP addresses outside the class A range | Henning Brauer | |
| (e.g. 192.168.1.1) where parsed incorrectly on sparc64. It only affected IP addresses with no netmask definition. The cause of this was: a) use of the wrong type -- unsigned long instead of a 32bit value b) implicit casts from int to unsigned long with sign extension While doing that fix also some other obvious bugs. from claudio jeker | |||
| 2003-11-17 | two more dead MANUALFILES | Henning Brauer | |
| 2003-11-17 | these are gone since some time too | Henning Brauer | |
| 2003-11-17 | this is historic as of 1.3.29 | Henning Brauer | |
| 2003-11-17 | syn manualfiles | Henning Brauer | |
| 2003-11-17 | merge apache 1.3.29 and mod_ssl 2.8.16 | Henning Brauer | |
| ok brad@ | |||
| 2003-11-17 | import Apache 1.3.29 and mod_ssl 2.8.16 | Henning Brauer | |
| 2003-11-06 | add commented out LoadModule statements for each module we build and install | Henning Brauer | |
| and a short description what it does result of a conversation with nick@ and Diana Eichert | |||
| 2003-10-30 | typo from Tom Cosgrove; this appears to already be fixed in latest httpd; | Jason McIntyre | |
| 2003-10-29 | security fix from upcoming apache 1.3.29: | Henning Brauer | |
| SECURITY: CAN-2003-0542 (cve.mitre.org) Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. [André Malo] ok markus@ | |||
| 2003-10-24 | initgroups() before chroot(), found by Daniel Lucq | Henning Brauer | |
| ok deraadt@ | |||
| 2003-10-17 | use u_int32_t instead of unsigned long, a 32-bit quantity is needed. | Daniel Hartmeier | |
| ok deraadt@ | |||
| 2003-10-08 | ugly hack to fix digest authentication for ie, safari et al. FreeBSD PR#55401. | Jakob Schlyter | |
| ok henning@ | |||
| 2003-10-02 | chroot handling for SSLCertificateChainFile, problem found and fix tested by | Henning Brauer | |
| Sandor Palfy <netchan@cotse.net> | |||
| 2003-09-26 | use a much more random salt; prompted by ast@domdv.de | Theo de Raadt | |
| 2003-09-19 | when dropping privileges use initgroups(3) instead of setgroups(2) so the | Henning Brauer | |
| secondary groups get initialized as well. ok beck@ deraadt@ | |||
| 2003-08-27 | these are not needed here; henning@ ok. | Federico G. Schwindt | |
| 2003-08-26 | bitgarbage to the recycle bin | Henning Brauer | |
| 2003-08-25 | string shit | Henning Brauer | |
| ok markus@ | |||
| 2003-08-21 | die - regenerated during build | Henning Brauer | |
| noriced by theo | |||
| 2003-08-21 | thank you, cvs, for re-adding files that were removed on purpose | Henning Brauer | |
| 2003-08-21 | sync MANUALFILES | Henning Brauer | |
| 2003-08-21 | we have our own one | Henning Brauer | |
| 2003-08-21 | apache bug #21737 ( http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21737) | Henning Brauer | |
| introduced with 1.3.28: Apparently there has been a regression in 1.3.28 from 1.3.27 whereby CGI scripts are getting left around as zombies when suexec is in use, apparently because of a change in src/main/alloc.c that altered the behavior when sending SIGTERM to a child process. With suexec, the SIGTERM at line 2862 will fail not because the subprocess is dead already but because the httpd uid has no permission to term the cgi process, which is running as some other user. fix by Ralf S. Engelschall: That is, we don't have to check for the return value of ap_os_kill() and especially not check for ESRCH, because we _HAVE_ to waitpid() for it anyway (because it's our child and it either is already terminated and is waiting as a zombie for our waitpid() or it is still running). Under Unix it cannot be that a (non-detached in the sense of BSD's daemon(3)) child of a process just does no longer exists as long as the parent still exists and as long as the parent still has not done waitpid() for the child. So ESRCH cannot happen in our situation and the patch we currently use is fully sufficient. Both are at least portable enough for Unix, of course... | |||
| 2003-08-21 | #include conf.h -> ap_config.h | Henning Brauer | |
| 2003-08-21 | fix | Henning Brauer | |
| 2003-08-21 | merge | Henning Brauer | |
| 2003-08-21 | merge | Henning Brauer | |
| 2003-08-21 | import apache 1.3.28 and mod_ssl 2.8.15 | Henning Brauer | |
| 2003-08-14 | add tgz, prodded by wim | Henning Brauer | |
| 2003-08-07 | use setusercontext(3) instead of initgroups/setuid/et al., making possible | Federico G. Schwindt | |
| to limit resources based on the user class the binary is run under. while i'm here, use %u for gid_t and uid_t. input and ok from millert and henning. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |