I've just gotten bitten a few times by versions of
APR and 2.0 getting out of sync (i.e. the deprecated
interface removal and the FNM_PERIOD to APR_FNM_PERIOD
rename).
Does our 2.0 ./configure check (or know) in any way
the version (range/minumum) of APR it expects to be
in place ? Or are there f
We've just been looking at a case of an (admittently) doggy resolver
library which led through non-ASCII chars (as part of some i18n efford)
and hence allowed for alien chars to end up in the log files. Which
royally screwed the operator.
The patch below goes a bit further than the current escapi
Quick patch which allows ENV() variables in config files for the old old
apache 1.3 branch. Posted to stop a certain someone from bugging me about
it.
Have fun.
Dw
Index: src/ApacheCore.def
===
RCS file: /home/cvs/apache-1.3/src/Ap
Needed to do things like PUT and PROPFIND from ab. This patch
may be of use to some. Not in anywhere near to a state to be commited.
Dw
Index: src/support/ab.c
===
RCS file: /home/cvs/apache-1.3/src/support/ab.c,v
retrieving revisio
Jean-Jacques Clar wrote:
There is a memory leak with your patch when running my test.
I need to do more investigation to find out which pieces of memory are
leaking.
No need. I was removing the object from the cache but never cleaning it up. Easy enough to fix.
Bill
Right now we do not verify the nonce using in digest. This means that
an attacker can replay the response from another site or section
on the web site if
-> the users username+password is the same across the site.
-> the realm name is the same
Unfortunately that is often the case (and
On Thu, 18 Dec 2003, Dirk-Willem van Gulik wrote:
> +if (strlen(aconfig->ap_auth_nonce) > 510)
> + return "AuthNonce lenght limited to 510 chars for browser
> compatibility";
s/lenght/length/
> +
> +for(i=0;iap_auth_nonce );i++)
> + if (!ap_isalnum(aconfig->ap_auth_nonce
More complete patch, thanks for the feedback. Other options
include
-> kill mod_digest.c
and/or
-> move mod_auth_digest.c from exp. into standard
as this fix requires a MM bump _or_ so much rewriting that
it may be easier to spend some cycles on mod_auth_digest.c.
Dw
Index: src/Apa
Couldn't the new member be placed at the end of the request rec so
that it's only a minor bump?
+ *) SECURITY - verification as to wether the nonce returned in the
s/wether/whether/
+ "A random value or the servers IP may be a good choise.\n" },
s/choise/choice/
+/* We need to create a no
Over the last few days I have been trying to fix the httpd code to
allow downloads of large files. What I have found is that Apache seems
to be doing everything right but the web browsers have a problem with
large files. If the content-length header is set and the length is over
2 gig, all bro
* "Brad Nicholes" <[EMAIL PROTECTED]> wrote:
> FYI, The results of the different browsers has been interesting.
> IE seems to do OK when downloading a file that is less than 4 gig.
> Netscape 7.1 and Mozilla both show the progress up to the 2 gig point
> and then the number of bytes recieved
--On Thursday, December 18, 2003 4:57 AM -0800 Dirk-Willem van Gulik
<[EMAIL PROTECTED]> wrote:
Does our 2.0 ./configure check (or know) in any way
the version (range/minumum) of APR it expects to be
in place ? Or are there fundamental reasons why this
is not possible ?
I don't believe anyone has
12 matches
Mail list logo