apache 2.2.13_webwindy的博客-程序员秘密

技术标签: 转载  Gmail  Bash  Apache  Security  Cache  

Changes with Apache 2.2.13

  *) SECURITY: CVE-2009-2412 (cve.mitre.org)
     Distributed with APR 1.3.8 and APR-util 1.3.9 to fix potential overflow
     in pools and rmm, where size alignment was taking place.
     [Matt Lewis <[email protected]>, Sander Striker]

  *) mod_ssl, ab: improve compatibility with OpenSSL 1.0.0 betas.  Report
     warnings compiling mod_ssl against OpenSSL to the httpd developers.
     [Guenter Knauf]

  *) mod_cgid: Do not add an empty argument when calling the CGI script.
     PR 46380 [Ruediger Pluem]

  *) Fix potential segfaults with use of the legacy ap_rputs() etc
     interfaces, in cases where an output filter fails.  PR 36780.
     [Joe Orton]

Changes with Apache 2.2.12

  *) SECURITY: CVE-2009-1891 (cve.mitre.org)
     Fix a potential Denial-of-Service attack against mod_deflate or other
     modules, by forcing the server to consume CPU time in compressing a
     large file after a client disconnects.  PR 39605.
     [Joe Orton, Ruediger Pluem]

  *) SECURITY: CVE-2009-1195 (cve.mitre.org)
     Prevent the "Includes" Option from being enabled in an .htaccess
     file if the AllowOverride restrictions do not permit it.
     [Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
      Ruediger Pluem, Jeff Trawick]

  *) SECURITY: CVE-2009-1890 (cve.mitre.org)
     Fix a potential Denial-of-Service attack against mod_proxy in a
     reverse proxy configuration, where a remote attacker can force a
     proxy process to consume CPU time indefinitely.  [Nick Kew, Joe Orton]

  *) SECURITY: CVE-2009-1191 (cve.mitre.org)
     mod_proxy_ajp: Avoid delivering content from a previous request which
     failed to send a request body. PR 46949 [Ruediger Pluem]

  *) SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)
     The bundled copy of the APR-util library has been updated, fixing three
     different security issues which may affect particular configurations
     and third-party modules.

  *) mod_include: fix potential segfault when handling back references
     on an empty SSI variable. [Ruediger Pluem, Lars Eilebrecht, Nick Kew]

  *) mod_alias: check sanity in Redirect arguments.
     PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]

  *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
     PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]

  *) mod_rewrite: Remove locking for writing to the rewritelog.
     PR 46942

  *) mod_alias: Ensure Redirect emits HTTP-compliant URLs.
     PR 44020

  *) mod_proxy_http: fix case sensitivity checking transfer encoding
     PR 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]

  *) mod_rewrite: Fix the error string returned by RewriteRule.
     RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
     argument of RewriteRule was not started with "[" or not ended with "]".
     PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]

  *) mod_proxy: Complete ProxyPassReverse to handle balancer URL's.  Given;
       BalancerMember balancer://alias http://example.com/foo
       ProxyPassReverse /bash balancer://alias/bar
     backend url http://example.com/foo/bar/that is now translated /bash/that
     [William Rowe]

  *) New piped log syntax: Use "||process args" to launch the given process
     without invoking the shell/command interpreter.  Use "|$command line"
     (the default behavior of "|command line" in 2.2) to invoke using shell,
     consuming an additional shell process for the lifetime of the logging
     pipe program but granting additional process invocation flexibility.
     [William Rowe]

  *) mod_ssl: Add server name indication support (RFC 4366) and better
     support for name based virtual hosts with SSL. PR 34607
     [Peter Sylvester <peter.sylvester edelweb.fr>,
      Kaspar Brand <asfbugz velox.ch>, Guenter Knauf, Joe Orton,
      Ruediger Pluem]

  *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
     HTML injections and HTTP response splitting.  PR 46837.
     [Geoff Keating <geoffk apple.com>]

  *) mod_include: Prevent a case of SSI timefmt-smashing with filter chains
     including multiple INCLUDES filters. PR 39369 [Joe Orton]

  *) mod_rewrite: When evaluating a proxy rule in directory context, do
     escape the filename by default. PR 46428 [Joe Orton]

  *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
     protocol. [Mladen Turk]

  *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
     to enable stricter checking of remote server certificates.
     [Ruediger Pluem]

  *) mod_substitute: Fix a memory leak. PR 44948
     [Dan Poirier <poirier pobox.com>]

  *) mod_proxy_ajp: Forward remote port information by default.
     [Rainer Jung]

  *) mod_disk_cache/mod_mem_cache: Fix handling of CacheIgnoreHeaders
     directive to correctly remove headers before storing them.
     [Lars Eilebrecht]

  *) mod_deflate: revert changes in 2.2.8 that caused an invalid
     etag to be emitted for on-the-fly gzip content-encoding.
     PR 39727 will require larger fixes and this fix was far more
     harmful than the original code. PR 45023. [Roy T. Fielding]

  *) mod_disk_cache: The module now turns off sendfile support if
     'EnableSendfile off' is defined globally. PR 41218.
     [Lars Eilebrecht, Issac Goldstand]

  *) prefork: Fix child process hang during graceful restart/stop in
     configurations with multiple listening sockets.  PR 42829.  [Joe Orton,
     Jeff Trawick]

  *) mod_ssl: Add SSLRenegBufferSize directive to allow changing the
     size of the buffer used for the request-body where necessary
     during a per-dir renegotiation.  PR 39243.  [Joe Orton]

  *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
     way that per-directory rewrites append the previous notion of PATH_INFO
     to each substitution before evaluating subsequent rules.
     PR38642 [Eric Covener]

  *) mod_authnz_ldap: Reduce number of initialization debug messages and make
     information more clear. PR 46342 [Dan Poirier]

  *) mod_cache: Introduce 'no-cache' per-request environment variable
     to prevent the saving of an otherwise cacheable response.
     [Eric Covener]

  *) core: Translate the status line to ASCII on EBCDIC platforms in
     ap_send_interim_response() and for locally generated "100 Continue"
     responses.  [Eric Covener]

  *) CGI: return 504 (Gateway timeout) rather than 500 when a script
     times out before returning status line/headers.
     PR 42190 [Nick Kew]

  *) prefork: Log an error instead of segfaulting when child startup fails
     due to pollset creation failures.  PR 46467.  [Jeff Trawick]

  *) mod_ext_filter: fix error handling when the filter prog fails to start,
     and introduce an onfail configuration option to abort the request
     or to remove the broken filter and continue.
     PR 41120 [Nick Kew]

  *) mod_include: support generating non-ASCII characters as entities in SSI
     PR 25202 [Nick Kew]

  *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
     [Nick Kew]

  *) mod_rewrite: fix "B" flag breakage by reverting r589343
     PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]

  *) mod_cgid: fix segfault problem on solaris.
     PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>, Jeff Trawick]

  *) mod_ldap: Avoid a segfault when result->rc is checked in uldap_connection_init
     when result is NULL. This could happen if LDAP initialization failed.
     PR 45994.  [Dan Poirier <poirier pobox.com>]

  *) Set Listen protocol to "https" if port is set to 443 and no proto is specified
     (as documented but not implemented). PR 46066  [Dan Poirier <poirier pobox.com>]

  *) mod_cache: Correctly save Content-Encoding of cachable entity. PR 46401
     [Dan Poirier <poirier pobox.com>]

  *) Output -M and -S dumps (modules and vhosts) to stdout instead of stderr.
     PR 42571 and PR 44266 (dup).  [Dan Poirier <poirier pobox.com>]

  *) mod_cache: When an explicit Expires or Cache-Control header is set, cache
     normally non-cacheable response statuses. PR 46346.
     [Alex Polvi <alex polvi.net>]

版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。



SIP/H.323/MGCP协议详解    摘要:SIP协议是NGN中的重要协议,越来越得到业界的重视。本文通过SIP协议的背景、功能、网络元素、实现机制、以及SIP消息的组成等几个方面对SIP协议做了全方位的概要性介绍,以使读者对SIP有初步的概念和认识。<br /> 一、SIP协议的背景和功能<br />SIP( 会话初始协议)的开发目的是用来帮助提供跨越因特网的高级电话业务。因特网电话(IP电话)正在向一种正式的商业电话模式演进,SIP就是用来确保这种演进实现而需要的NGN(下一代网络)系

JSP父页面传参数到子页面及接收示例_jsp 子页面接收父页面传过来的参数_wurui8的博客-程序员秘密

1、父页面传参数到子页面 复制代码 代码如下://JavaScript代码 $.ajax({ type:"POST", uri:"../student/studentInfo.action", data:{ "date":date, "stuNo":stuNo }, success:function(data){ var params = "?dat

WebRTC内置debug工具,详细参数解读 chrome://webrtc-internals/_diaojin6880的博客-程序员秘密

为了确保这篇文章所写内容尽可能的准确,我决定请来Philipp Hancke来作为此篇文章的共同作者。当你想要找到你WebRTC产品中的问题时,webrtc-internals是一个非常棒的工具,因为你需要用它测试WebRTC以及debug,或者你需要对你的配置进行微调。如何获得webrtc-internals的数据转储(statsdump)...




0 背景WebGL是一种3D绘图协议,其允许JavaScript和OpenGL ES2.0结合在一起,为H5 Canvas提供硬件3D加速渲染,可以借助系统显卡在浏览器里更流畅地显示3D场景和模型。Threejs是一款webGL框架,由于其易用性被广泛应用。Threejs在WebGL的api接口基础上,又进行了一层封装。WebGL原生的api是一种非常低层的接口,需要一些数学和图形学的相关技术。其解决是如何在画布上画图的问题,怎么画点、线、面,怎么上色,怎么贴图,怎么处理光线,视角转动之后怎么换算绘


欢迎关注我的公众号:零零糖。——毕竟还没有一个程序员网红hydra爆破1、安装hydrayum installhydrahydra -l root -P ssh_password.txt 目标机ip ssh -v其中-l 指定用户名,可以使用-L指定用户名字典文件;-p指定密码,-P指定密码字典文件;-v显示详细的执行过程。例如:2、指定用户名和密码字典爆破hydra -l Yoper -P pass.txt ssh -v3、指定..


用java实现文学研究助手_数据结构文学研究助手 C语言代码实现(带源码+解析)..._写手k君的博客-程序员秘密



1,导jar包---ojdbc6.jar2,建立一个分页存储过程create or replace procedure my_page(v_in_tableName in varchar2, v_in_pageNow in number,




关于继承写在前面:昨天的文章发布以后,有朋友在知乎私信我关于父类的继承不是很通透的理解,于是今天决定好好梳理一下关于python中继承的定义.先赘述一下类的定义:类OOP(Object Oriented Programming)即所谓面向对象编程,是一种程序设计思想。OOP把对象作为程序的基本单元,一个对象包含了数据和操作数据的函数。面向对象的程序设计把计算机程序视为一组对象的集合,而每个对象都可...

poj 3628 Bookshelf 2_一起来玩玩呗的博客-程序员秘密

Bookshelf 2Time Limit: 1000MS Memory Limit: 65536KTotal Submissions: 7036 Accepted: 3232DescriptionFarmer John recently bought another bookshelf for the cow libra


前言&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;最近小编在做的项目中要求输入查询内容不需要点击查询内容就可以实现查询功能,下面小编就来介绍一下Angular4怎么实现查询功能。 一、点击查询按钮出现查询内容 &amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;如果是这种情况的话,那么输入框和查询按钮就是分离的,点击查询按钮的时候输入框...