You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by pq...@apache.org on 2005/08/20 20:39:08 UTC
svn commit: r234108 - in /httpd/httpd/branches/2.2.x: CHANGES
modules/metadata/mod_setenvif.c
Author: pquerna
Date: Sat Aug 20 11:39:06 2005
New Revision: 234108
URL: http://svn.apache.org/viewcvs?rev=234108&view=rev
Log:
Revert OID() changes to mod_setenvif, and sync() CHANGES
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/modules/metadata/mod_setenvif.c
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/CHANGES?rev=234108&r1=234107&r2=234108&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Sat Aug 20 11:39:06 2005
@@ -1,5 +1,6 @@
-*- coding: utf-8 -*-
-Changes with Apache 2.3.0
+Changes with Apache 2.1.7
+ [Remove entries to the current 2.0 section below, when backported]
*) SECURITY: CAN-2005-2491 (cve.mitre.org):
Fix integer overflows in PCRE in quantifier parsing which could
@@ -31,14 +32,6 @@
*) Remove the base href tag from mod_proxy_ftp, as it breaks relative
links for clients not using an Authorization header. [Graham Leggett,
Jon Snow <jsnow27 gatesec.net>]
-
- *) Teach mod_ssl to use arbitraty OIDs in an SSLRequire directive,
- allowing string-valued client certificate attributes to be used for
- access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
- [Martin Kraemer, David Reid]
-
-Changes with Apache 2.1.7
- [Remove entries to the current 2.0 section below, when backported]
*) mod_cache: Restore the HTTP status of cached responses.
[Hansjoerg Pehofer <hansjoerg.pehofer uibk.ac.at>]
Modified: httpd/httpd/branches/2.2.x/modules/metadata/mod_setenvif.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/modules/metadata/mod_setenvif.c?rev=234108&r1=234107&r2=234108&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/metadata/mod_setenvif.c (original)
+++ httpd/httpd/branches/2.2.x/modules/metadata/mod_setenvif.c Sat Aug 20 11:39:06 2005
@@ -94,7 +94,6 @@
#include "http_log.h"
#include "http_protocol.h"
-#include "mod_ssl.h"
enum special {
SPECIAL_NOT,
@@ -103,8 +102,7 @@
SPECIAL_REQUEST_URI,
SPECIAL_REQUEST_METHOD,
SPECIAL_REQUEST_PROTOCOL,
- SPECIAL_SERVER_ADDR,
- SPECIAL_OID_VALUE
+ SPECIAL_SERVER_ADDR
};
typedef struct {
char *name; /* header name */
@@ -123,8 +121,6 @@
module AP_MODULE_DECLARE_DATA setenvif_module;
-static APR_OPTIONAL_FN_TYPE(ssl_extlist_by_oid) *ssl_extlist_by_oid_func = NULL;
-
/*
* These routines, the create- and merge-config functions, are called
* for both the server-wide and the per-directory contexts. This is
@@ -349,31 +345,6 @@
else if (!strcasecmp(fname, "server_addr")) {
new->special_type = SPECIAL_SERVER_ADDR;
}
- else if (!strncasecmp(fname, "oid(",4)) {
- ap_regmatch_t match[AP_MAX_REG_MATCH];
-
- new->special_type = SPECIAL_OID_VALUE;
-
- /* Syntax check and extraction of the OID as a regex: */
- new->pnamereg = ap_pregcomp(cmd->pool,
- "^oid\\(\"?([0-9.]+)\"?\\)$",
- (AP_REG_EXTENDED // | AP_REG_NOSUB
- | AP_REG_ICASE));
- /* this can never happen, as long as pcre works:
- if (new->pnamereg == NULL)
- return apr_pstrcat(cmd->pool, cmd->cmd->name,
- "OID regex could not be compiled.", NULL);
- */
- if (ap_regexec(new->pnamereg, fname, AP_MAX_REG_MATCH, match, 0) == AP_REG_NOMATCH) {
- return apr_pstrcat(cmd->pool, cmd->cmd->name,
- "OID syntax is: oid(\"1.2.3.4.5\"); error in: ",
- fname, NULL);
- }
- new->pnamereg = NULL;
- /* The name field is used for the stripped oid string */
- new->name = fname = apr_pstrdup(cmd->pool, fname+match[1].rm_so);
- fname[match[1].rm_eo - match[1].rm_so] = '\0';
- }
else {
new->special_type = SPECIAL_NOT;
/* Handle fname as a regular expression.
@@ -504,8 +475,6 @@
* same header. Remember we don't need to strcmp the two header
* names because we made sure the pointers were equal during
* configuration.
- * In the case of SPECIAL_OID_VALUE values, each oid string is
- * dynamically allocated, thus there are no duplicates.
*/
if (b->name != last_name) {
last_name = b->name;
@@ -529,34 +498,6 @@
case SPECIAL_REQUEST_PROTOCOL:
val = r->protocol;
break;
- case SPECIAL_OID_VALUE:
- /* If mod_ssl is not loaded, the accessor function is NULL */
- if (ssl_extlist_by_oid_func != NULL)
- {
- apr_array_header_t *oid_array;
- char **oid_value;
- int j, len = 0;
- char *retval = NULL;
-
- /* The given oid can occur multiple times. Concatenate the values */
- if ((oid_array = ssl_extlist_by_oid_func(r, b->name)) != NULL) {
- oid_value = (char **) oid_array->elts;
- /* pass 1: determine the size of the string */
- for (len=j=0; j < oid_array->nelts; j++) {
- len += strlen(oid_value[j]) + 1; /* +1 for ',' or terminating NIL */
- }
- retval = apr_palloc(r->pool, len);
- /* pass 2: fill the string */
- for (j=0; j < oid_array->nelts; j++) {
- if (j > 0) {
- strcat(retval, ",");
- }
- strcat(retval, oid_value[j]);
- }
- }
- val = retval;
- }
- break;
case SPECIAL_NOT:
if (b->pnamereg) {
/* Matching headers_in against a regex. Iterate through
@@ -627,19 +568,10 @@
return DECLINED;
}
-static int setenvif_post_config(apr_pool_t *pconf, apr_pool_t *plog,
- apr_pool_t *ptemp, server_rec *s)
-{
- ssl_extlist_by_oid_func = APR_RETRIEVE_OPTIONAL_FN(ssl_extlist_by_oid);
- return OK;
-}
-
static void register_hooks(apr_pool_t *p)
{
ap_hook_header_parser(match_headers, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_post_read_request(match_headers, NULL, NULL, APR_HOOK_MIDDLE);
- /* post config handling */
- ap_hook_post_config(setenvif_post_config, NULL, NULL, APR_HOOK_MIDDLE);
}
module AP_MODULE_DECLARE_DATA setenvif_module =
Re: svn commit: r234108 - in /httpd/httpd/branches/2.2.x: CHANGES modules/metadata/mod_setenvif.c
Posted by Colm MacCarthaigh <co...@stdlib.net>.
On Sat, Aug 20, 2005 at 02:38:45PM -0700, Paul Querna wrote:
> > Sounds fine. In related not-a-blocker spirit, where do I find whatever
> > is being used to roll the tarballs? (possibly stupid question). It's
> > rm'ing the \.xml$ files but not xml.ja, xml.ko, xml.de and so on, which
> > in turn invalidates the xml.meta files.
> >
>
> https://svn.apache.org/repos/asf/httpd/httpd/dist/tools/
Thanks.
*adds http://httpd.apache.org/dev/how-to-release.html to list of things
to fix*
--
Colm MacCárthaigh Public Key: colm+pgp@stdlib.net
Re: svn commit: r234108 - in /httpd/httpd/branches/2.2.x: CHANGES
modules/metadata/mod_setenvif.c
Posted by Paul Querna <ch...@force-elite.com>.
Colm MacCarthaigh wrote:
> On Sat, Aug 20, 2005 at 02:09:40PM -0700, Paul Querna wrote:
>
>>>The code came out, but not the documentation. The oid stuff is still in
>>>mod_setenvif.(xml|html.en), which means a non-existant feature is
>>>documented. Not sure if that's worth rolling a new tarball for.
>>
>>No, I don't think so, we will update the docs on the website to say this
>>feature was added in 2.3.0. I doubt 2.1.7 will be a GA release, but I
>>don't see this as a blocker for BETA.
>
>
> Sounds fine. In related not-a-blocker spirit, where do I find whatever
> is being used to roll the tarballs? (possibly stupid question). It's
> rm'ing the \.xml$ files but not xml.ja, xml.ko, xml.de and so on, which
> in turn invalidates the xml.meta files.
>
https://svn.apache.org/repos/asf/httpd/httpd/dist/tools/
Re: svn commit: r234108 - in /httpd/httpd/branches/2.2.x: CHANGES modules/metadata/mod_setenvif.c
Posted by Colm MacCarthaigh <co...@stdlib.net>.
On Sat, Aug 20, 2005 at 02:09:40PM -0700, Paul Querna wrote:
> > The code came out, but not the documentation. The oid stuff is still in
> > mod_setenvif.(xml|html.en), which means a non-existant feature is
> > documented. Not sure if that's worth rolling a new tarball for.
>
> No, I don't think so, we will update the docs on the website to say this
> feature was added in 2.3.0. I doubt 2.1.7 will be a GA release, but I
> don't see this as a blocker for BETA.
Sounds fine. In related not-a-blocker spirit, where do I find whatever
is being used to roll the tarballs? (possibly stupid question). It's
rm'ing the \.xml$ files but not xml.ja, xml.ko, xml.de and so on, which
in turn invalidates the xml.meta files.
--
Colm MacCárthaigh Public Key: colm+pgp@stdlib.net
Re: svn commit: r234108 - in /httpd/httpd/branches/2.2.x: CHANGES
modules/metadata/mod_setenvif.c
Posted by Paul Querna <ch...@force-elite.com>.
>>-
>>- *) Teach mod_ssl to use arbitraty OIDs in an SSLRequire directive,
>>- allowing string-valued client certificate attributes to be used for
>>- access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
>>- [Martin Kraemer, David Reid]
>
>
> The code came out, but not the documentation. The oid stuff is still in
> mod_setenvif.(xml|html.en), which means a non-existant feature is
> documented. Not sure if that's worth rolling a new tarball for.
No, I don't think so, we will update the docs on the website to say this
feature was added in 2.3.0. I doubt 2.1.7 will be a GA release, but I
don't see this as a blocker for BETA.
-Paul
Re: svn commit: r234108 - in /httpd/httpd/branches/2.2.x: CHANGES modules/metadata/mod_setenvif.c
Posted by Colm MacCarthaigh <co...@stdlib.net>.
On Sat, Aug 20, 2005 at 06:39:08PM -0000, pquerna@apache.org wrote:
> -Changes with Apache 2.3.0
> +Changes with Apache 2.1.7
> + [Remove entries to the current 2.0 section below, when backported]
This line is a bit confusing to non-developers, should it be in a (even
beta) release CHANGES file? (It's a question. rather than a criticism, I
just don't know the answer).
> -
> - *) Teach mod_ssl to use arbitraty OIDs in an SSLRequire directive,
> - allowing string-valued client certificate attributes to be used for
> - access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
> - [Martin Kraemer, David Reid]
The code came out, but not the documentation. The oid stuff is still in
mod_setenvif.(xml|html.en), which means a non-existant feature is
documented. Not sure if that's worth rolling a new tarball for.
--
Colm MacCárthaigh Public Key: colm+pgp@stdlib.net