Remove some 'register' in variable declaration.

htdigest: Fix buffer overflow when reading digest password file with very long lines. PR 54893.

Use apr_file_printf(... "%pm"...) instead of explicit call to apr_strerror

Fortify falsely complained that the sprintf() result was unbounded. We may as well use apr_snprintf() though, as well as comment on the available space for "::\0" (for people like me).

Actually use the whole buffer for reading.

Fix some more overflows spotted by Ruediger Pluem

detab

htdigest: Fix possible overflow in command line processing. htdigest is not supposed to be suid save, therefore not treated as a security issue. CVE-2005-1344 Submitted by: Adam Conrad Reviewed by: Stefan Fritsch

update license header text

Update the copyright year in all .c, .h and .xml files

No functional Change: Removing trailing whitespace. This also means that "blank" lines consisting of just spaces or tabs are now really blank lines

* support/htdigest.c (main): Fix permissions of created files. PR: 33765

Update copyright year to 2005 and standardize on current copyright owner line.

Use standardized names for ISO-8859-1, see http://www.iana.org/assignments/character-sets (Using the name iso8859-1 may still work, because it is aliased in apr-iconv/ccs/charset.aliases)

Remove the OMIT_DELONCLOSE #ifdef since this should happen automatically with the apr_temp_dir_get() function. Submitted by: Guenter Knauf <eflash@gmx.net>

Replace calls to fprintf() with apr_file_printf() submitted by: Guenter Knauf <eflash@gmx.net>

Replace tabs with spaces Submitted by: Guenter Knauf <eflash@gmx.net>

Remove the dependance on external cp/copy commands Submitted by: Guenter Knauf <eflash@gmx.net>

Use apr_temp_dir_get() to get the temporary directory Submitted by: Guenter Knauf <eflash@gmx.net>

fix name of The Apache Software Foundation

fix copyright dates according the first cehck in

apply Apache License, Version 2.0

update license to 2004.

Forward port a fix for a pair of potential buffer overflows in htdigest from 1.3

Restore the ability of htdigest.exe to create files that contain more than one user. On win32 we cannot system("copy") a file, while it's open. PR: PR 12910

finished that boring job: update license to 2003. Happy New Year! ;-))

Continue the Bill Rowe apr_size_t crusade.

avoid colliding with getline() as defined by glibc (it breaks if you need to turn on _GNU_SOURCE)

Correct const'ness of argv in all support apps, and use the new apr_app_initialize over apr_initialize for win32, and other platforms that may wish to tweak 'apr-ized' application support (e.g. Netware?)

Update our copyright for this year.

Updates to allow the utilities to run on NetWare

Add the ability to pass flags to both apr_file_open and apr_mktemp. The reason for this, is that it is very possible to want a temp file that isn't deleted when the file is closed. It also makes sense to have the flags in the apr_file_t if possible.

Switch from tmpnam() to apr_file_mktemp() so that gcc with a recent glibc will shut the hell up about tmpnam() being unsafe. htpasswd.c needs a similar treatment, but it won't be _quite_ as easy since htpasswd has not been completely apr-ized yet.

Silence gcc warning about rv being used when possibly uninitialized. That can only happen if n<=1 (ie, a bad parameter value), so I figure APR_EINVAL is the correct default value.

Fix look in htdigest. Reimplemented getline to work properly with APR. Shuld consider adding apr_file_getline() to APR. Should also consider changing apr_file_getc() to return characters rather than apr_status.

get rid of a warning for missing strXXX prototype. (I only saw this on RH 7.1.)

Update copyright to 2001

*) include "apr_signal.h" when needed *) some other minor include tweaks

renaming various functions for consistency sake see: http://apr.apache.org/~dougm/apr_rename.pl PR: Obtained from: Submitted by: Reviewed by:

When is a void fn(void) not a void fn(void)? It's a win32'ism, since the APR_DECLARE (excluding _NONSTD) uses the pascal convention. Really irrelevant in a function that never needs to clean up (atexit), but the compiler complains. Possible workarounds, but that would break non-c lanaguge code from linking into apr.

get rid of a bogus use of perror()

All the supports now build on APR (+APRUTIL), no reliance on httpd.

Switch to the APR-provided APR_CHARSET_EBCDIC feature test macro.

Force all Apache functions to be linked into the executable, whether they are used or not. This uses the same mechanism that is used for APR and APR-util. This may not be the correct solution, but it works, and that is what I really care about. This also renames CHARSET_EBCDIC to AP_CHARSET_EBCDIC. This is for namespace correctness, but it also makes the exports script a bit easier.

*) Compensate for recent changes in the APR headers. Specifically, some files need to specifically include stdio.h, or a particular apr_*.h header. *) Adjust callers of apr_create_process() to deal with the extra "const" *) Add "const" to args of ap_os_create_privileged_process()

ensure that all cpp directives start with a # in column one PR: 6742

A few more (last?) ap_xlate->apr_xlate changes covering stuff not completely handled in the big apr rename last week.

Fix some problems with the apr conversion so that APACHE_XLATE builds work again.

Remaining cleanup of ap_ -> apr_ and AP_ -> APR_ transformation... see src/lib/apr/apr_compat.h for most details. Also a few minor nits to get Win32 to build. PR: Obtained from: Submitted by: Reviewed by:

prefix libapr functions and types with apr_

serious bug fix: htdigest didn't init the first parm to ap_open(), so ap_open() segfaults thinking it was passed valid storage build portability: make most src/lib/apr/test/Makefile.in compatible with OS/390 make (no -o outfile after infile specified) MD5 translation support: when APR_HAS_XLATE, low-level routines allow translation handle to be specified when CHARSET_EBCDIC, password-specific routines always translate, but client app must set handle before using

Win32: install ab.exe fix dependency in Apache.dsw (ab is dependent on aprlib and ap) fix ab and htdigest projects so that they find all header files define ap_signal() in apr.hw - this is o.k. for casual use as with cmd-line programs use API_VAR_EXPORT as appropriate in getopt.c general: ab doesn't need to declare ap_optarg/ap_optind; fix a warning htdigest needs to call ap_initialize() to avoid segfault at startup

Merge the htdigest.c file from the apr/test directory to the support directory.

Finished move of ap_md5 routines to apr_md5. Removed ap_md5.h. Replaced more magic numbers with MD5_DIGESTSIZE. Yuck. Submitted by: William Rowe, Roy Fielding

Update to Apache Software License version 1.1

Fix all the License issues. Including: s/Apache Group/Apache Software Foundation/ s/1999/2000/ s/Sascha's license/ASF license

Add a status value to ap_log_error and ap_log_rerror. This allows us to use apr_status codes in our error logs. The main advantage of this, is portable error codes. Now, Windows will finally be able to use errno!

These changes allow the support programs to compile on BeOS. The biggest change is in ab.c where the functions that BeOS needs that aren't the standard format are hidden behind a new ab_* define. Tested on FreeBSD and BeOS.

Apache 1.3.9 baseline for the Apache 2.0 repository. Obtained from: Apache 1.3.9 (minus unused files), tag APACHE_1_3_9 Submitted by: Apache Group