Here is the list of proposed patches for Apache 0.8.16. Please test the
patches out and submit a vote for them by 6pm GMT Tuesday, November
21st. At that point the patch votes will be tallied by myself and
posted, and Rob Thau will build 0.8.17. The patches are all in
/httpd/patches/for_Apache_0.8.16/. Please refer to
http://bong.com/httpd/voting.html for further details on voting.
Here is the vote list and summary of each patch.
40_tz.0.8.16.patch
From: drtr@ast.cam.ac.uk (David Robinson)
Subject: Fix big in system time routines in CGI scripts
Affects: util_script.c
ChangeLog: Pass TZ environment variable to CGI scripts
41_getparents.0.8.16.patch
From: drtr@ast.cam.ac.uk (David Robinson)
Subject: Fix problems with .. and ./ in paths
Affects: util.c
ChangeLog: Rewrite getparents() to conform to RFC 1808, including the removal
of ./ from the path.
42_cert.no2slash.0.8.16.patch
From: drtr@ast.cam.ac.uk (David Robinson)
Subject: Fix problems with ///
Affects: util.c
ChangeLog: no2slash() should convert /// -> /
43_slashredir.0.8.16.patch
From: drtr@ast.cam.ac.uk (David Robinson)
Subject: Fix problems with //
Affects: http_request.c
ChangeLog: Redirect a request that contains // in the file name of the
document.
44_ident.0.8.16.patch
From: drtr@ast.cam.ac.uk (David Robinson)
Subject: Fix IdentityCheck with Virtual Hosts
Affects: http_main.c, util.c
ChangeLog: Ensure that rfc931() is given a sockaddr describing the local
address (virtual host) that is currently in use.
Comments: Before this patch, rfc931() was passed 0.0.0.0 as the local
address; on some systems bind() managed to correctly choose the IP
address for the virtual host currently in use!
45_dbm_groups.0.8.16.patch
From: Rob H
Subject: Bug fix for group authorisation checking
Affects: mod_auth_dbm.c
Changelog: Check all groups not just the first one
46.dbmmanage_group.0.8.16.patch
From: RobH
Subject: tweak dbmmanage to take optional "group" info
Affects: dbmmanage perl script
Changelog: dbmmanage perl script added support for "group" in password db and
0/1 exit status when used in the "view" mode.
47.allow.0.8.16.patch
From: rst@ai.mit.edu
Subject: string comparison problems with access control
Affects: mod_access.c
ChangeLog: this makes sure that "allow from good.com"
doesn't allow in anyone from nogood.com, even though the last eight
characters of the DNS name match. Since IP-address matching is done
on strings, there is a similar problem with it, which is also
corrected.
48.log-ssi.0.8.16.patch
From: rst@ai.mit.edu
Subject: Fix CGI timeouts in SSI's from causing problems
Affects: http_main.c
Changelog: Correctly log transactions which timed out while processing a
sub_request, or after an internal redirect
50.imagemap.0.8.16.patch
From: mjhcox@discovery.brad.ac.uk
Subject: Mod_Imap causes server error if no arguments
Affects: mod_imap.c
Changelog: Internal imagemap module no longer fails when called by
clients that don't support image maps. It uses the "default" URL for
these clients.
51.requires.0.8.16.patch
From: ???
Subject: fixes core dump in use of "auth" with no "requires".
Affects: mod_auth.c
ChangeLog: Makes use of auth with no "requires" equivalent to "require
valid-user".
The former behavior was a core dump.
52.extralibs.0.8.16.patch
From: ???
Subject: Correctly support EXTRA_LIBS and OS-dependent libs (AUX_LIBS)
Affects: Configuration Makefile.tmpl
Changelog: EXTRA_LIBS was used for two separate purposes in Configuration,
firstly, to provide libraries needed by modules, and secondly, to
provide OS-dependent libraries need globally by Apache. The second
use defeats the first, so a new variable, AUX_LIBS is introduced to
handle the second use.
httpd_monitor
From: Rob Hartill
Subject: a monitoring program for watching httpd
Affects: nothing
Changelog: independent Perl script to monitor the child Apache
processes.
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com brian@hyperreal.com http://www.[hyperreal,organic].com/
patches out and submit a vote for them by 6pm GMT Tuesday, November
21st. At that point the patch votes will be tallied by myself and
posted, and Rob Thau will build 0.8.17. The patches are all in
/httpd/patches/for_Apache_0.8.16/. Please refer to
http://bong.com/httpd/voting.html for further details on voting.
Here is the vote list and summary of each patch.
40_tz.0.8.16.patch
From: drtr@ast.cam.ac.uk (David Robinson)
Subject: Fix big in system time routines in CGI scripts
Affects: util_script.c
ChangeLog: Pass TZ environment variable to CGI scripts
41_getparents.0.8.16.patch
From: drtr@ast.cam.ac.uk (David Robinson)
Subject: Fix problems with .. and ./ in paths
Affects: util.c
ChangeLog: Rewrite getparents() to conform to RFC 1808, including the removal
of ./ from the path.
42_cert.no2slash.0.8.16.patch
From: drtr@ast.cam.ac.uk (David Robinson)
Subject: Fix problems with ///
Affects: util.c
ChangeLog: no2slash() should convert /// -> /
43_slashredir.0.8.16.patch
From: drtr@ast.cam.ac.uk (David Robinson)
Subject: Fix problems with //
Affects: http_request.c
ChangeLog: Redirect a request that contains // in the file name of the
document.
44_ident.0.8.16.patch
From: drtr@ast.cam.ac.uk (David Robinson)
Subject: Fix IdentityCheck with Virtual Hosts
Affects: http_main.c, util.c
ChangeLog: Ensure that rfc931() is given a sockaddr describing the local
address (virtual host) that is currently in use.
Comments: Before this patch, rfc931() was passed 0.0.0.0 as the local
address; on some systems bind() managed to correctly choose the IP
address for the virtual host currently in use!
45_dbm_groups.0.8.16.patch
From: Rob H
Subject: Bug fix for group authorisation checking
Affects: mod_auth_dbm.c
Changelog: Check all groups not just the first one
46.dbmmanage_group.0.8.16.patch
From: RobH
Subject: tweak dbmmanage to take optional "group" info
Affects: dbmmanage perl script
Changelog: dbmmanage perl script added support for "group" in password db and
0/1 exit status when used in the "view" mode.
47.allow.0.8.16.patch
From: rst@ai.mit.edu
Subject: string comparison problems with access control
Affects: mod_access.c
ChangeLog: this makes sure that "allow from good.com"
doesn't allow in anyone from nogood.com, even though the last eight
characters of the DNS name match. Since IP-address matching is done
on strings, there is a similar problem with it, which is also
corrected.
48.log-ssi.0.8.16.patch
From: rst@ai.mit.edu
Subject: Fix CGI timeouts in SSI's from causing problems
Affects: http_main.c
Changelog: Correctly log transactions which timed out while processing a
sub_request, or after an internal redirect
50.imagemap.0.8.16.patch
From: mjhcox@discovery.brad.ac.uk
Subject: Mod_Imap causes server error if no arguments
Affects: mod_imap.c
Changelog: Internal imagemap module no longer fails when called by
clients that don't support image maps. It uses the "default" URL for
these clients.
51.requires.0.8.16.patch
From: ???
Subject: fixes core dump in use of "auth" with no "requires".
Affects: mod_auth.c
ChangeLog: Makes use of auth with no "requires" equivalent to "require
valid-user".
The former behavior was a core dump.
52.extralibs.0.8.16.patch
From: ???
Subject: Correctly support EXTRA_LIBS and OS-dependent libs (AUX_LIBS)
Affects: Configuration Makefile.tmpl
Changelog: EXTRA_LIBS was used for two separate purposes in Configuration,
firstly, to provide libraries needed by modules, and secondly, to
provide OS-dependent libraries need globally by Apache. The second
use defeats the first, so a new variable, AUX_LIBS is introduced to
handle the second use.
httpd_monitor
From: Rob Hartill
Subject: a monitoring program for watching httpd
Affects: nothing
Changelog: independent Perl script to monitor the child Apache
processes.
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com brian@hyperreal.com http://www.[hyperreal,organic].com/