subject:"svn commit\: r1893977 \- in \/httpd\/httpd\/branches\/2.4.x\: .\/ CHANGES include\/ap_mmn.h include\/httpd.h server\/gen_test

Re: svn commit: r1893977 - in /httpd/httpd/branches/2.4.x: ./ CHANGES include/ap_mmn.h include/httpd.h server/gen_test_char.c server/request.c server/util.c

2021-10-07 Thread Yann Ylavic

On Thu, Oct 7, 2021 at 2:31 PM Rainer Jung  wrote:
>
> Am 07.10.2021 um 14:27 schrieb yla...@apache.org:
> > Modified: httpd/httpd/branches/2.4.x/include/ap_mmn.h
> > URL: 
> > http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/include/ap_mmn.h?rev=1893977=1893976=1893977=diff
> > ==
> > --- httpd/httpd/branches/2.4.x/include/ap_mmn.h (original)
> > +++ httpd/httpd/branches/2.4.x/include/ap_mmn.h Thu Oct  7 12:27:43 2021
> > @@ -579,6 +579,9 @@
> >*   ap_proxy_define_worker_ex() to mod_proxy.h
> >* 20120211.116 (2.4.49-dev) add conn_rec->outgoing and 
> > ap_ssl_bind_outgoing()
> >* 20120211.117 (2.4.50-dev) Add ap_pre_connection
> > + * 20210926.1 (2.5.1-dev)  Add ap_unescape_url_ex() and deprecate
> > + * AP_NORMALIZE_DROP_PARAMETERS
> > + *
> >*/
> >
> >   #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
>
> Doesn't this need (a cosmetic) adjustment for 2.4.x?

Yeah, was wrong in original trunk r1893971 too so I fixed both.

Thanks Rainer (and Rüdiger) for noticing.

Re: svn commit: r1893977 - in /httpd/httpd/branches/2.4.x: ./ CHANGES include/ap_mmn.h include/httpd.h server/gen_test_char.c server/request.c server/util.c

2021-10-07 Thread Ruediger Pluem




On 10/7/21 2:27 PM, yla...@apache.org wrote:
> Author: ylavic
> Date: Thu Oct  7 12:27:43 2021
> New Revision: 1893977
> 
> URL: http://svn.apache.org/viewvc?rev=1893977=rev
> Log:
> Merge r1893971 from trunk:
> 
> core: Add ap_unescape_url_ex() for better decoding control, and deprecate
>   unused AP_NORMALIZE_DROP_PARAMETERS flag.
>  
> Submitted by: ylavic
> Reviewed by: ylavic, icing, gbechis
> 
> Modified:
> httpd/httpd/branches/2.4.x/   (props changed)
> httpd/httpd/branches/2.4.x/CHANGES
> httpd/httpd/branches/2.4.x/include/ap_mmn.h
> httpd/httpd/branches/2.4.x/include/httpd.h
> httpd/httpd/branches/2.4.x/server/gen_test_char.c
> httpd/httpd/branches/2.4.x/server/request.c
> httpd/httpd/branches/2.4.x/server/util.c
> 
> Propchange: httpd/httpd/branches/2.4.x/
> --
>   Merged /httpd/httpd/trunk:r1893971
> 
> Modified: httpd/httpd/branches/2.4.x/CHANGES
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1893977=1893976=1893977=diff
> ==
> --- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
> +++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Thu Oct  7 12:27:43 2021
> @@ -1,6 +1,10 @@
>   -*- coding: utf-8 
> -*-
>  Changes with Apache 2.4.51
>  
> +  *) core: Add ap_unescape_url_ex() for better decoding control, and 
> deprecate
> + unused AP_NORMALIZE_DROP_PARAMETERS flag.
> + [Yann Ylavic, Ruediger Pluem, Stefan Eissing, Joe Orton]
> +
>  Changes with Apache 2.4.50
>  
>*) SECURITY: CVE-2021-41773: Path traversal and file disclosure
> 
> Modified: httpd/httpd/branches/2.4.x/include/ap_mmn.h
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/include/ap_mmn.h?rev=1893977=1893976=1893977=diff
> ==
> --- httpd/httpd/branches/2.4.x/include/ap_mmn.h (original)
> +++ httpd/httpd/branches/2.4.x/include/ap_mmn.h Thu Oct  7 12:27:43 2021
> @@ -579,6 +579,9 @@
>   *   ap_proxy_define_worker_ex() to mod_proxy.h
>   * 20120211.116 (2.4.49-dev) add conn_rec->outgoing and 
> ap_ssl_bind_outgoing()
>   * 20120211.117 (2.4.50-dev) Add ap_pre_connection
> + * 20210926.1 (2.5.1-dev)  Add ap_unescape_url_ex() and deprecate
> + * AP_NORMALIZE_DROP_PARAMETERS
> + * 
>   */
>  

This is wrong and needs fixing. I have the below fix in my working copy that I 
can commit instantly:

Index: include/ap_mmn.h
===
--- include/ap_mmn.h(revision 1893979)
+++ include/ap_mmn.h(working copy)
@@ -579,7 +579,7 @@
  *   ap_proxy_define_worker_ex() to mod_proxy.h
  * 20120211.116 (2.4.49-dev) add conn_rec->outgoing and ap_ssl_bind_outgoing()
  * 20120211.117 (2.4.50-dev) Add ap_pre_connection
- * 20210926.1 (2.5.1-dev)  Add ap_unescape_url_ex() and deprecate
+ * 20120211.118 (2.4.51-dev) Add ap_unescape_url_ex() and deprecate
  * AP_NORMALIZE_DROP_PARAMETERS
  *
  */
@@ -589,7 +589,7 @@
 #ifndef MODULE_MAGIC_NUMBER_MAJOR
 #define MODULE_MAGIC_NUMBER_MAJOR 20120211
 #endif
-#define MODULE_MAGIC_NUMBER_MINOR 117 /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 118 /* 0...n */

 /**
  * Determine if the server's current MODULE_MAGIC_NUMBER is at least a


Regards

Rüdiger


>  #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
> 
> Modified: httpd/httpd/branches/2.4.x/include/httpd.h
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/include/httpd.h?rev=1893977=1893976=1893977=diff
> ==
> --- httpd/httpd/branches/2.4.x/include/httpd.h (original)
> +++ httpd/httpd/branches/2.4.x/include/httpd.h Thu Oct  7 12:27:43 2021
> @@ -1741,6 +1741,18 @@ AP_DECLARE(int) ap_unescape_url(char *ur
>   */
>  AP_DECLARE(int) ap_unescape_url_keep2f(char *url, int decode_slashes);
>  
> +#define AP_UNESCAPE_URL_KEEP_UNRESERVED (1u << 0)
> +#define AP_UNESCAPE_URL_FORBID_SLASHES  (1u << 1)
> +#define AP_UNESCAPE_URL_KEEP_SLASHES(1u << 2)
> +
> +/**
> + * Unescape a URL, with options
> + * @param url The url to unescape
> + * @param flags Bitmask of AP_UNESCAPE_URL_* flags
> + * @return 0 on success, non-zero otherwise
> + */
> +AP_DECLARE(int) ap_unescape_url_ex(char *url, unsigned int flags);
> +
>  /**
>   * Unescape an application/x-www-form-urlencoded string
>   * @param query The query to unescape
> @@ -1768,7 +1780,7 @@ AP_DECLARE(void) ap_no2slash_ex(char *na
>  #define AP_NORMALIZE_NOT_ABOVE_ROOT (1u <<  1)
>  #define AP_NORMALIZE_DECODE_UNRESERVED  (1u <<  2)
>  #define AP_NORMALIZE_MERGE_SLASHES  (1u <<  3)
> -#define AP_NORMALIZE_DROP_PARAMETERS(1u <<  4)
> +#define

Re: svn commit: r1893977 - in /httpd/httpd/branches/2.4.x: ./ CHANGES include/ap_mmn.h include/httpd.h server/gen_test_char.c server/request.c server/util.c

2021-10-07 Thread Rainer Jung


Am 07.10.2021 um 14:27 schrieb yla...@apache.org:

Modified: httpd/httpd/branches/2.4.x/include/ap_mmn.h
URL: 
http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/include/ap_mmn.h?rev=1893977=1893976=1893977=diff
==
--- httpd/httpd/branches/2.4.x/include/ap_mmn.h (original)
+++ httpd/httpd/branches/2.4.x/include/ap_mmn.h Thu Oct  7 12:27:43 2021
@@ -579,6 +579,9 @@
   *   ap_proxy_define_worker_ex() to mod_proxy.h
   * 20120211.116 (2.4.49-dev) add conn_rec->outgoing and ap_ssl_bind_outgoing()
   * 20120211.117 (2.4.50-dev) Add ap_pre_connection
+ * 20210926.1 (2.5.1-dev)  Add ap_unescape_url_ex() and deprecate
+ * AP_NORMALIZE_DROP_PARAMETERS
+ *
   */
  
  #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */


Doesn't this need (a cosmetic) adjustment for 2.4.x?

Plus: if a minor bump is needed, this commit contains only a comment change.

Thanks for your intensive work!

Rainer

Re: svn commit: r1893977 - in /httpd/httpd/branches/2.4.x: ./ CHANGES include/ap_mmn.h include/httpd.h server/gen_test_char.c server/request.c server/util.c

Re: svn commit: r1893977 - in /httpd/httpd/branches/2.4.x: ./ CHANGES include/ap_mmn.h include/httpd.h server/gen_test_char.c server/request.c server/util.c

Re: svn commit: r1893977 - in /httpd/httpd/branches/2.4.x: ./ CHANGES include/ap_mmn.h include/httpd.h server/gen_test_char.c server/request.c server/util.c

3 matches

Site Navigation

Mail list logo

Footer information