summaryrefslogtreecommitdiffstats
path: root/usr.sbin/httpd/src/modules (follow)
Commit message (Collapse)AuthorAgeFilesLines
* this commit is really florian@'s, since he's the one who made removalhenning2014-04-22100-60657/+0
| | | | | | | | of our forked apache possible by his work on nginx and slowcgi, but he doesn't want it - so it is my pleasure to tedu it. I spent so much work on chroot in it 10 years ago - and am very happy to see it go now, nginx is a far better choice today. Bye bye, Apache, won't miss you.
* If a constant string needs a name, use a static const array instead of aguenther2013-10-271-1/+1
| | | | | | | | pointer or non-const array, as that minimizes the symbols, maximizes the placement into read-only memory, and avoids warnings from gcc -Wformat=2 when they're used as format strings. ok deraadt@
* Correct format string mismatches turned up by -Wformat=2guenther2013-08-221-2/+2
| | | | suggestions and ok millert@
* Don't assume inode numbers fit in a longguenther2013-08-051-6/+7
| | | | ok kettenis@
* Disable SSL compression in order to mitigate CRIME attacks. Addjsing2013-07-164-5/+23
| | | | | | | an SSLCompression option so that it can be turned back on, however on this is currently a no-op due to the compile options for libssl. Requested by and ok djm@
* Enable ECDHE support in httpd via a SSLECDHCurve option. This specifies thejsing2013-07-164-4/+47
| | | | | | | | named curve to use when generating ephemeral EC keys for an ECDHE-based cipher suite, or can be set to `none' to disable. The default is to use a prime256v1 curve. yay^Wok djm@
* Define HonorCipherOrder as a FLAG (rather than as a TAKE1), so that itjsing2013-07-165-18/+19
| | | | | | | works correctly as a boolean on/off flag. While here, rename the variable so that it is consistent with existing naming scheme. ok otto@ djm@
* introduce HonorCipherOrder to use the server's order of preference of ciphersotto2013-07-115-3/+23
| | | | ok djm@ guenther@
* acknowlege -> acknowledgemartynas2013-01-061-3/+3
| | | | | | compatability -> compatibility OK jmc@.
* allow httpd to build if sslv2 is disabled, ok guenther@sthen2012-07-071-5/+2
|
* Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'miod2011-04-061-3/+3
| | | | for chars.
* Local variables storing integer values and printed with %d should bemiod2011-04-061-2/+3
| | | | declared as integer types, not pointers, really.
* - properly fix pr6009. a different fix was commited as the original patchjasper2011-01-051-1/+7
| | | | | | | used atoi(). this fix uses strtonum() instead. from bjorn ketelaars, pr6515. ok henning@
* adapt to API changes in OpenSSL-1.0.0adjm2010-10-011-5/+5
|
* Allow mod_headers to handle RequestHeader directives known from apache2,sebastia2010-09-261-6/+42
| | | | | | | | and update documentation accordingly. Patch mostly based on an old patch from Martin Algesten he posted 2002 in apache bugzilla entry: 10772 OK, pyr@
* nessesary -> necessary.miod2010-09-091-2/+2
|
* Various comment typos. 'wether' -> 'whether' (most popular), 'possiblity' ->krw2010-05-101-1/+1
| | | | | 'possibility', 'optins' -> 'options', 'resposne' -> 'response', 'unecessary' -> 'unnecessary', 'desination' -> 'destination'. Collected from various misc@ and tech@ postings, many by Brad Tilley.
* make ProxyPass exclude directives only exclude on match, instead of alwayshalex2010-03-311-3/+3
| | | | | | noted by Vasiliy Kiryanov, thanks! ok stephan@
* - apache would send the wrong Host-Header back when setup as a reverse proxyjasper2010-02-251-1/+1
| | | | | | | | with ProxyPreserveHost. fixes pr6009, though i applied a different fix as what was suggested in that pr. ok sthen@
* fix some fallout from the >2G commit. namely allow for all byte counters topyr2010-02-253-8/+8
| | | | | | report the correct size when it exceeds a long's capacity. From Dan Harnett <daniel @ harnett . name>
* Fix byte range parsing, broken in last revision of http_protocol.c,pyr2010-02-231-1/+1
| | | | | | | | | unfortunately this backs out the use of strtonum and goes back to strtoll will need more love in a future diff. This fix from Dan Harnett <daniel @ harnett . name> ok deraadt@
* Add a SECURITY FIX for CVE-2010-0010jasper2010-02-031-3/+3
| | | | | | | | | "on 64-bit platforms this allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow." "looks good" to henning@ ok otto@
* could write one word too far, found by parfait; ok millertderaadt2009-12-141-1/+1
|
* wrote one byte too far, found by parfait; ok beck millertderaadt2009-12-141-2/+2
|
* repair typederaadt2009-12-131-1/+1
|
* copy correctly sized object, found by parfait; ok jsgderaadt2009-12-131-1/+1
|
* Add ! support to ProxyPass to exclude directories from being proxied.fgsch2009-08-261-0/+3
| | | | | From Stephan A. Rickauer <stephan dot rickauer at startek dot ch> with minor tweaks. ok by many.
* fix rcs ids. ok sthen@martynas2009-06-212-2/+2
|
* KNF and readability changes; no binary changes.mbalmer2008-10-031-789/+780
|
* Use correct function signature when calling the write_host_header hook.mbalmer2008-10-031-1/+1
| | | | from Josh Elsasser <josh@elsasser.org>, thanks.
* adapt to API changes in OpenSSL 0.9.8hdjm2008-09-061-1/+1
|
* more negotation -> negotiation; ok sthen@martynas2008-07-222-4/+4
|
* Make the proxy module work with https again by allowing the destinationmbalmer2008-07-042-5/+12
| | | | | | | | port to be set in the config file instead of using HTTP_DEFAULT_PORT in all cases. Prevent a segfault that would happen when the SSL connection from the proxy fails. Problem found and analyzed by Mischa Diehm; fix by me.
* grammar fixes; from Jochem Kossen, system/5822;jmc2008-05-271-13/+13
| | | | ok henning
* de-register, remove #ifdefs and #ifndefs using SIN6_LEN, add OpenBSD cvsmbalmer2008-05-259-44/+36
| | | | | | markers. no binary changes
* Permit compilation on 3 architectures which show that this diff wasderaadt2008-05-191-2/+2
| | | | | not tested on them. Older gcc's require decl before code, and this is supposed to be portable code in that sense.
* Add support for IPv6 while keeping the default at IPv4 to not breakmbalmer2008-05-0911-301/+794
| | | | | | | | | | | | existing installations. See the documentation for the IPv6 related configuration. This changes the module ABI since addresses are now struct addrinfo. This has been tested by many people and run on production machines for several months. feedback many, ok todd
* neccessary -> necessary; from Pierre Riteaujmc2008-04-252-3/+3
|
* Use arc4random_buf() when requesting more than a single word of outputdjm2008-04-131-8/+2
| | | | | | | Use arc4random_uniform() when the desired random number upper bound is not a power of two ok deraadt@ millert@
* Fix mod_status XSS CVE-2007-6388:martynas2008-01-122-15/+15
| | | | | | | | | | | | | | | A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available. Fix mod_imap XSS CVE-2007-5000: A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible. ok miod@
* fix yacc/lex parallel file generationespie2007-11-241-1/+11
|
* 'expresion' -> 'expression'. Reported by Jung on tech@.krw2007-10-141-2/+2
|
* use strcspn to properly overwrite '\n' in fgets returned buffergilles2007-09-111-10/+4
| | | | ok pyr@, ray@, millert@, moritz@, chl@
* fix CVE-2006-5752martynas2007-08-081-5/+5
| | | | | | | | | | A flaw was found in the mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available. ok miod@, henning@
* fix a variable shadowing problemhenning2007-07-231-3/+3
| | | | PR5549, From: veins@evilkittens.org
* paranoid snprintf length calculation to avoid a possible bufferpvalchev2007-06-011-1/+1
| | | | | overflow in SSL session id parsing (by reaching a negative size arg) ok henning
* another extra test i missed before, from charles longeautedu2007-04-051-1/+1
|
* remove some bogus *p tests from charles longeautedu2007-03-204-6/+6
| | | | ok deraadt millert
* - Pass full buffer to fgets().ray2007-03-061-4/+4
| | | | | | | | | - Use sizeof(buf) instead of BUFSIZ. - Only overwrite '\n'. From Charles Longeau. OK millert@ and moritz@.
* spell address correctly; ok jmc@ henning@david2007-03-012-3/+3
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.