diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/Announcement usr.sbin/httpd/Announcement --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/Announcement Thu Feb 13 12:15:15 2003 +++ usr.sbin/httpd/Announcement Sun Feb 16 16:05:29 2003 @@ -1,25 +1,41 @@ - Apache 1.3.26 Released + Apache 1.3.27 Released The Apache Software Foundation and The Apache Server Project are - pleased to announce the release of version 1.3.26 of the Apache HTTP - Server. This Announcement notes the significant changes in 1.3.26. - Apache 1.3.25 was not released. - - This version of Apache is principally a security and bug fix - release. A summary of the bug fixes is given at the end of this document. - Of particular note is that 1.3.26 addresses and fixes the issues noted - in CAN-2002-0392 (mitre.org) [CERT VU#944335] regarding a vulnerability - in the handling of chunked transfer encoding. We would like to thank - Mark Litchfield of ngssoftware.com for discovering and reporting the - vulnerability. + pleased to announce the release of version 1.3.27 of the Apache HTTP + Server. This Announcement notes the significant changes in 1.3.27 + as compared to 1.3.26. + + This version of Apache is principally a security and bug fix release. + A summary of the bug fixes is given at the end of this document. + Of particular note is that 1.3.27 addresses and fixes 3 security + vulnerabilities. + + CAN-2002-0839 (cve.mitre.org): A vulnerability exists in all versions of + Apache prior to 1.3.27 on platforms using System V shared memory based + scoreboards. This vulnerability allows an attacker who can execute under + the Apache UID to exploit the Apache shared memory scoreboard format and + send a signal to any process as root or cause a local denial of service + attack. We thank iDefense for their responsible notification and + disclosure of this issue. + + CAN-2002-0840 (cve.mitre.org): Apache is susceptible to a cross site + scripting vulnerability in the default 404 page of any web server hosted + on a domain that allows wildcard DNS lookups. We thank Matthew Murphy for + the responsible notification and disclosure of this issue. + + CAN-2002-0843 (cve.mitre.org): There were some possible overflows in ab.c + which could be exploited by a malicious server. Note that this + vulnerability is not in Apache itself, but rather one of the support + programs bundled with Apache. We thank David Wagner for the responsible + notification and disclosure of this issue. - We consider Apache 1.3.26 to be the best version of Apache available + We consider Apache 1.3.27 to be the best version of Apache 1.3 available and we strongly recommend that users of older versions, especially of the 1.1.x and 1.2.x family, upgrade as soon as possible. No further releases will be made in the 1.2.x family. - Apache 1.3.26 is available for download from + Apache 1.3.27 is available for download from http://www.apache.org/dist/httpd/ @@ -35,21 +51,17 @@ http://www.apache.org/mirrors/ - As of Apache 1.3.17, Win32 binary distributions are now based on the - Microsoft Installer (.MSI) technology. This change occurred in order to - resolve the many problems WinME and Win2K users experienced with the - older InstallShield-based installer.exe file. While development - continues to make this new installation method more robust, questions - should be directed at the news:comp.infosystems.www.servers.ms-windows - newsgroup. - As of Apache 1.3.12 binary distributions contain all standard Apache modules as shared objects (if supported by the platform) and include full source code. Installation is easily done by executing the included install script. See the README.bindist and INSTALL.bindist files for a complete explanation. Please note that the binary distributions are only provided for your convenience and current - distributions for specific platforms are not always available. + distributions for specific platforms are not always available. Win32 + binary distributions are based on the Microsoft Installer (.MSI) + technology. While development continues to make this installation method + more robust, questions should be directed to the + news:comp.infosystems.www.servers.ms-windows newsgroup. For an overview of new features introduced after 1.2 please see @@ -65,59 +77,89 @@ of the servers on the Internet are running Apache or one of its variants. - IMPORTANT NOTE FOR WIN32 USERS: Over the years, many users have come - to trust Apache as a secure and stable server. It must be realized - that the current Win32 code has not yet reached the levels of the Unix - version, but is of acceptable quality. Win32 stability or security - problems do not reflect on the Unix version. + IMPORTANT NOTE FOR APACHE USERS: Apache 1.3 was designed for Unix OS + variants. While the ports to non-Unix platforms (such as Win32, Netware + or OS2) are of an acceptable quality, Apache 1.3 is not optimized for + these platforms. Security, stability, or performance issues on these + non-Unix ports do not generally apply to the Unix version, due to + software's Unix origin. + + Apache 2.0 has been structured for multiple operating systems from its + inception, by introducing the Apache Portability Library and MPM modules. + Users on non-Unix platforms are strongly encouraged to move up to + Apache 2.0 for better performance, stability and security on their + platforms. - Apache 1.3.26 Major changes + Apache 1.3.27 Major changes Security vulnerabilities - * Fix the security vulnerability noted in CAN-2002-0392 (mitre.org) - regarding the handling of chunked transfer encoding. + * Fix the security vulnerability noted in CAN-2002-0839 (cve.mitre.org) + regarding ownership permissions of System V shared memory based + scoreboards. The fix resulted in the new ShmemUIDisUser directive. + + * Fix the security vulnerability noted in CAN-2002-0840 (cvs.mitre.org) + regarding a cross-site scripting vulnerability in the default error + page when using wildcard DNS. + + * Fix the security vulnerability noted in CAN-2002-0843 (cve.mitre.org) + regarding some possible overflows in ab.c which could be exploited by + a malicious server. New features - The main new features in 1.3.26 (compared to 1.3.24) are: + The main new features in 1.3.27 (compared to 1.3.26) are: + + * The new ErrorHeader directive has been added. + + * Configuration file globbing can now use simple pattern + matching. - * Add some popular types to the mime types magic file. + * The protocol version (eg: HTTP/1.1) in the request line parsing + is now case insensitive. + + * ap_snprintf() can now distinguish between an output which was + truncated, and an output which exactly filled the buffer. + + * Add ProtocolReqCheck directive, which determines if Apache will + check for a valid protocol string in the request (eg: HTTP/1.1) + and return HTTP_BAD_REQUEST if not valid. Versions of Apache + prior to 1.3.26 would silently ignore bad protocol strings, but + 1.3.26 included a more strict check. This makes it runtime + configurable. + + * Added support for Berkeley-DB/4.x to mod_auth_db. + + * httpd -V will now also print out the compile time defined + HARD_SERVER_LIMIT value. New features that relate to specific platforms: - * Unix: Added a '-F' flag which causes the supervisor process to - no longer fork down and detach and instead stay attached to - the tty - thus making live for automatic restart and exit checking - code easier. + * Support Caldera OpenUNIX 8. + + * Use SysV semaphores by default on OpenBSD. + + * Implemented file locking in mod_rewrite for the NetWare + CLib platform. Bugs fixed - The following bugs were found in Apache 1.3.24 (or earlier) and have - been fixed in Apache 1.3.26: + The following bugs were found in Apache 1.3.26 (or earlier) and have + been fixed in Apache 1.3.27: - * Allow child processes sufficient time for cleanups but making - ap_select in reclaim_child_processes more "resistant" to - signal interupts. - - * Fix for a problem in mod_rewrite which would lead to 400 Bad Request - responses for rewriting rules which resulted in a local path. - Note: This will also reject invalid requests as issued by - Netscape-4.x Roaming Profiles (on a DAV-enabled server) - - * Recognize platform-specific root directories (other than - leading slash) in mod_rewrite for filename rewrite rules. - - * Disallow anything but whitespace on the request line after the - HTTP/x.y protocol string to prevent arbitrary user input from - ending up in the access_log and error_log. Also control characters - are now escaped. - - * A large number of fixes in mod_proxy including: adding support - for dechunking chunked responses, correcting a timeout problem - which would force long or slow POST requests to close after 300 - seconds, adding "X-Forwarded" headers, dealing correctly with the - multiple-cookie header bug, ability to handle unexpected - 100-continue responses sent during PUT or POST commands, and a - change to tighten up the Server header overwrite bugfix. + * mod_proxy fixes: + - The cache in mod_proxy was incorrectly updating the Content-Length + value from 304 responses when doing validation. + - Fix a problem in proxy where headers from other modules were + added to the response headers when this was already done in the + core already. + + * In 1.3.26, a null or all blank Content-Length field would be + triggered as an error; previous versions would silently ignore + this and assume 0. 1.3.27 restores this previous behavior. + + * Win32: Fix one byte buffer overflow in ap_get_win32_interpreter + when a CGI script's #! line does not contain a \r or \n (i.e. + a line feed character) in the first 1023 bytes. The overflow + is always a '\0' (string termination) character. diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/Configure usr.sbin/httpd/Configure --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/Configure Wed Dec 31 19:00:00 1969 +++ usr.sbin/httpd/Configure Sun Feb 16 16:05:29 2003 @@ -0,0 +1,2688 @@ +#!/bin/sh +# $OpenBSD: Configure,v 1.21 2002/10/07 20:23:06 henning Exp $ +## ==================================================================== +## The Apache Software License, Version 1.1 +## +## Copyright (c) 2000-2002 The Apache Software Foundation. All rights +## reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted provided that the following conditions +## are met: +## +## 1. Redistributions of source code must retain the above copyright +## notice, this list of conditions and the following disclaimer. +## +## 2. Redistributions in binary form must reproduce the above copyright +## notice, this list of conditions and the following disclaimer in +## the documentation and/or other materials provided with the +## distribution. +## +## 3. The end-user documentation included with the redistribution, +## if any, must include the following acknowledgment: +## "This product includes software developed by the +## Apache Software Foundation (http://www.apache.org/)." +## Alternately, this acknowledgment may appear in the software itself, +## if and wherever such third-party acknowledgments normally appear. +## +## 4. The names "Apache" and "Apache Software Foundation" must +## not be used to endorse or promote products derived from this +## software without prior written permission. For written +## permission, please contact apache@apache.org. +## +## 5. Products derived from this software may not be called "Apache", +## nor may "Apache" appear in their name, without prior written +## permission of the Apache Software Foundation. +## +## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +## DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR +## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +## SUCH DAMAGE. +## ==================================================================== +## +## This software consists of voluntary contributions made by many +## individuals on behalf of the Apache Software Foundation. For more +## information on the Apache Software Foundation, please see +## . +## +## Portions of this software are based upon public domain software +## originally written at the National Center for Supercomputing Applications, +## University of Illinois, Urbana-Champaign. +## + + + +# Uses 6 supplemental scripts located in ./helpers: +# CutRule: Determines the value for a specified Rule +# GuessOS: Uses uname to determine OS/platform +# PrintPath: generic "type" or "whence" replacement +# TestCompile: Can check for libs and if $(CC) is ANSI +# (i.e., a simple "sanity check") +# mfhead: +# fp2rp: +# slo.sh: + +LANG=C; export LANG +exitcode=0 +trap 'rm -f $tmpfile $tmpfile2 $tmpfile3 $tmpconfig $awkfile; exit $exitcode' 0 1 2 3 15 + +#################################################################### +## Set up some defaults +## +file=Configuration +tmpfile=htconf.$$ +tmpfile2=$tmpfile.2 +tmpfile3=$tmpfile.3 +awkfile=$tmpfile.4 +tmpconfig=$tmpfile.5 +SUBDIRS="ap main" +APLIBDIRS="" +SHELL=/bin/sh + +#################################################################### +## Now handle any arguments, which, for now, is -file +## to select an alternate Configuration file and -v +## to turn on verbose mode +## +while [ "x$1" != "x" ]; do + if [ "x$1" = "x-v" ] ; then + shift 1; + vflag="-v"; + fi + if [ "x$1" = "x-file" ] ; then + shift 1; file=$1; shift 1 + if [ ! -r $file ]; then + echo "$file does not exist or is not readable." + exitcode=1 + exit 1 + fi + else + echo "ERROR: Bad command line option '$1'" + echo " Please read the file INSTALL." + exit 1 + fi +done +if [ ! -r $file ]; then + echo "Can't see or read \"$file\"" + echo "Please copy Configuration.tmpl to $file, edit it for your platform," + echo "and re-run $0 again." + exitcode=1 + exit 1 +fi + +#################################################################### +## Now see if Configuration.tmpl is more recent than $file. If +## so, then we complain and bail out +## +if ls -lt $file Configuration.tmpl | head -1 | \ + grep 'Configuration.tmpl' > /dev/null +then + echo "Configuration.tmpl is more recent than $file;" + echo "Make sure that $file is valid and, if it is, simply" + echo "'touch $file' and re-run $0 again." + exitcode=1 + exit 1 +fi + +echo "Using config file: $file" + +#################################################################### +## From the Configuration file, create a "cleaned-up" version +## that's easy to scan +## + +# Strip comments and blank lines, remove whitespace around +# "=" assignments, change Rules to comments and then remove whitespace +# before Module declarations +sed 's/#.*//' $file | \ + sed '/^[ ]*$/d' | \ + sed 's/[ ]*$//' | \ + sed 's/[ ]*=[ ]*/=/' | \ + sed '/^Rule[ ]*/d' | \ + sed 's/^[ ]*AddModule/AddModule/' | \ + sed 's/^[ ]*%AddModule/%AddModule/' | \ + sed 's/^[ ]*SharedModule/SharedModule/' | \ + sed 's/^[ ]*Module/Module/' | \ + sed 's/^[ ]*%Module/%Module/' > $tmpfile + +# Determine if shared objects are used +using_shlib=`grep '^SharedModule' $tmpfile >/dev/null && echo 1` + +# But perhaps later via apxs when just mod_so is compiled in! +if [ "x$using_shlib" = "x" ]; then + using_shlib=`grep '^AddModule modules/standard/mod_so.o' $tmpfile >/dev/null && echo 1` +fi + +# Only "assignment" ("=") statements and Module lines +# should be left at this point. If there is other stuff +# we bail out +if egrep -v '^%?Module[ ]+[A-Za-z0-9_]+[ ]+[^ ]+$' $tmpfile \ + | egrep -v '^%?AddModule[ ]+[^ ]+$' \ + | egrep -v '^SharedModule[ ]+[^ ]+$' \ + | grep -v = > /dev/null +then + echo "Syntax error --- The configuration file is used only to" + echo "define the list of included modules or to set Makefile" + echo "options or Configure rules, and I don't see that at all:" + egrep -v '^%?Module[ ]+[A-Za-z0-9_]+[ ]+[^ ]+$' $tmpfile \ + | egrep -v '^%?AddModule[ ]+[^ ]+$' \ + | egrep -v '^%?SharedModule[ ]+[^ ]+$' \ + | grep -v = + exitcode=1 + exit 1 +fi + +#################################################################### +## If we find the directory /usr/local/etc/httpd and there is +## no HTTPD_ROOT flag set in the Configuration file we assume +## that the user was using the old default root directory +## and issue a notice about it. +## +if [ "x$file" != "xConfiguration.apaci" ] +then + if [ -d /usr/local/etc/httpd/ ] + then + if egrep '^EXTRA_CFLAGS.*HTTPD_ROOT' $file >/dev/null + then + : + else + echo " | Please note that the default httpd root directory has changed" + echo " | from '/usr/local/etc/httpd/' to '/usr/local/apache/.'" + echo " | You may add '-DHTTPD_ROOT=\\\"/usr/local/etc/httpd\\\"' to EXTRA_CFLAGS" + echo " | in your Configuration file (and re-run Configure) or start" + echo " | httpd with the option '-d /usr/local/etc/httpd' if you still" + echo " | want to use the old root directory for your server." + fi + fi +fi + +#################################################################### +## Start creating the Makefile. We add some comments and +## then fold in the modules that were included in Configuration +## +echo "Creating Makefile" +${SHELL} helpers/mfhead . $file > Makefile + +#################################################################### +## Now we create a stub file, called Makefile.config, which +## just includes those assignments (eg: CC=gcc) in Configuration +## +awk >Makefile.config <$tmpfile ' + BEGIN { + print "##" + print "## Inherited Makefile options from Configure script" + print "## (Begin of automatically generated section)" + print "##" + print "SRCDIR=." + } + /\=/ { print } + ' + +#################################################################### +## Extract the rules. +## +RULE_WANTHSREGEX=`${SHELL} helpers/CutRule WANTHSREGEX $file` +RULE_STATUS=`${SHELL} helpers/CutRule STATUS $file` +RULE_SOCKS4=`${SHELL} helpers/CutRule SOCKS4 $file` +RULE_SOCKS5=`${SHELL} helpers/CutRule SOCKS5 $file` +RULE_IRIXNIS=`${SHELL} helpers/CutRule IRIXNIS $file` +RULE_IRIXN32=`${SHELL} helpers/CutRule IRIXN32 $file` +RULE_PARANOID=`${SHELL} helpers/CutRule PARANOID $file` +RULE_EXPAT=`${SHELL} helpers/CutRule EXPAT $file` +RULE_CYGWIN_WINSOCK=`${SHELL} helpers/CutRule CYGWIN_WINSOCK $file` +RULE_SHARED_CORE=`${SHELL} helpers/CutRule SHARED_CORE $file` +RULE_SHARED_CHAIN=`${SHELL} helpers/CutRule SHARED_CHAIN $file` + +#################################################################### +## Rule SHARED_CORE implies required DSO support +## +if [ "x$RULE_SHARED_CORE" = "xyes" ]; then + using_shlib=1 +fi + +#################################################################### +## Preset some "constants"; +## can be overridden on a per-platform basis below. +## +DBM_LIB="-ldbm" +DB_LIB="-ldb" +SHELL="/bin/sh" +SUBTARGET="target_static" +SHLIB_SUFFIX_NAME="" +SHLIB_SUFFIX_LIST="" +CAT="cat" + +#################################################################### +## Now we determine the OS/Platform automagically, thanks to +## GuessOS, a home-brewed OS-determiner ala config.guess +## +## We adjust CFLAGS, LIBS, LDFLAGS and INCLUDES (and other Makefile +## options) as required. Setting CC and OPTIM here has no effect +## if they were set in Configure. +## +## Also, we set DEF_WANTHSREGEX and to the appropriate +## value for each platform. +## +## As more PLATFORMs are added to Configuration.tmpl, be sure to +## add the required lines below. +## +SHELL="/bin/sh" +PLAT=`${SHELL} helpers/GuessOS` +OSDIR="os/unix" + +case "$PLAT" in + *mint) + OS="MiNT" + CFLAGS="-DMINT" + LIBS="$LIBS -lportlib -lsocket" + DEF_WANTHSREGEX=yes + ;; + *MPE/iX*) + export OS='MPE/iX' + OSDIR='os/mpeix' + CFLAGS="$CFLAGS -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE" + LIBS="$LIBS -lsocket -lsvipc -lcurses" + LDFLAGS="$LDFLAGS -Xlinker \"-WL,cap=ia,ba,ph;nmstack=1024000\"" + CAT="/bin/cat" # built-in cat is badly broken for stdin redirection + ;; + *-apple-aux3*) + OS='A/UX 3.1.x' + CFLAGS="$CFLAGS -DAUX3 -D_POSIX_SOURCE" + LIBS="$LIBS -lposix -lbsd" + LDFLAGS="$LDFLAGS -s" + DEF_WANTHSREGEX=no + ;; + i386-ibm-aix*) + OS='IBM AIX PS/2' + CFLAGS="$CFLAGS -DAIX=1 -U__STR__ -DUSEBCOPY" + DEF_WANTHSREGEX=no + ;; + *-ibm-aix[1-2].*) + OS='IBM AIX 1.x/2.x' + CFLAGS="$CFLAGS -DAIX=1 -DNEED_RLIM_T -U__STR__" + ;; + *-ibm-aix3.*) + OS='IBM AIX 3.x' + CFLAGS="$CFLAGS -DAIX=30 -DNEED_RLIM_T -U__STR__" + ;; + *-ibm-aix4.1) + OS='IBM AIX 4.1' + CFLAGS="$CFLAGS -DAIX=41 -DNEED_RLIM_T -U__STR__" + ;; + *-ibm-aix4.2) + OS='IBM AIX 4.2' + CFLAGS="$CFLAGS -DAIX=42 -U__STR__" + LDFLAGS="$LDFLAGS -lm" + ;; + *-ibm-aix4.3) + OS='IBM AIX 4.3' + CFLAGS="$CFLAGS -DAIX=43 -DUSE_PTHREAD_SERIALIZED_ACCEPT -U__STR__" + LDFLAGS="$LDFLAGS -lm -lpthread" + RULE_SHARED_CORE=no + DEF_SHARED_CORE=no + ;; + *-ibm-aix5.1) + OS='IBM AIX 5.1' + CFLAGS="$CFLAGS -DAIX=51 -DUSE_PTHREAD_SERIALIZED_ACCEPT -U__STR__" + LDFLAGS="$LDFLAGS -lm -lpthread" + RULE_SHARED_CORE=no + DEF_SHARED_CORE=no + ;; + ia64-ibm-aix*) + OS='IBM AIX IA64' + CFLAGS="$CFLAGS -DAIXIA64 -U__STR__" + LDFLAGS="$LDFLAGS -lm" + RULE_SHARED_CORE=no + DEF_SHARED_CORE=no + ;; + *-ibm-aix*) + OS='IBM AIX' + CFLAGS="$CFLAGS -DAIX=1 -U__STR__" + LDFLAGS="$LDFLAGS -lm" + ;; + *-apollo-*) + OS='Apollo Domain' + CFLAGS="$CFLAGS -DAPOLLO" + ;; + *-dg-dgux*) + OS='DG/UX 5.4' + CFLAGS="$CFLAGS -DDGUX" + DEF_WANTHSREGEX=yes + ;; + *OS/2*) + OSDIR="os/os2" + DEF_WANTHSREGEX=yes + OS='EMX OS/2' + CFLAGS="$CFLAGS -DOS2 -DTCPIPV4 -g -Zmt" + LDFLAGS="$LDFLAGS -Zexe -Zmtd -Zsysv-signals -Zbin-files" + LIBS="$LIBS -lsocket -lufc -lbsd" + DBM_LIB="-lgdbm" + SHELL=sh + ;; + *-hi-hiux) + OS='HI-UX' + CFLAGS="$CFLAGS -DHIUX" + ;; + *-hp*-hpux11.*) + OS='HP-UX 11' + CFLAGS="$CFLAGS -DHPUX11" + RANLIB="/bin/true" + LIBS="$LIBS -lm -lpthread" + DEF_WANTHSREGEX=yes + ;; + *-hp*-hpux10.*) + OS='HP-UX 10' + CFLAGS="$CFLAGS -DHPUX10" + RANLIB="/bin/true" + case "$PLAT" in + *-hp-hpux10.01) + # We know this is a problem in 10.01. + # Not a problem in 10.20. Otherwise, who knows? + CFLAGS="$CFLAGS -DSELECT_NEEDS_CAST" + ;; + esac + DEF_WANTHSREGEX=yes + ;; + *-hp*-hpux*) + OS='HP-UX' + CFLAGS="$CFLAGS -DHPUX" + RANLIB="/bin/true" + DEF_WANTHSREGEX=yes + LIBS="$LIBS -lm" + ;; + *-sgi-irix64) + # Note: We'd like to see patches to compile 64-bit, but for now... + echo "You are running 64-bit Irix. For now, we will compile 32-bit" + echo "but if you would care to port to 64-bit, send us the patches." + DEF_WANTHSREGEX=yes + DBM_LIB="" + if [ "x$RULE_IRIXNIS" = "xyes" ]; then + OS='SGI IRIX-64 w/NIS' + CFLAGS="$CFLAGS -DIRIX" + LIBS="$LIBS -lsun" + else + OS='SGI IRIX-64' + CFLAGS="$CFLAGS -DIRIX" + fi + ;; + *-sgi-irix32) + DEF_WANTHSREGEX=yes + DBM_LIB="" + if [ "x$RULE_IRIXN32" = "xyes" ]; then + if [ "x$RULE_IRIXNIS" = "xyes" ]; then + OS='SGI IRIX-32 w/NIS' + else + OS='SGI IRIX-32' + fi + else + if [ "x$RULE_IRIXNIS" = "xyes" ]; then + OS='SGI IRIX w/NIS' + else + OS='SGI IRIX' + fi + fi + CC='cc' + CFLAGS="$CFLAGS -DIRIX" + ;; + *-sgi-irix) + DEF_WANTHSREGEX=yes + DBM_LIB="" + if [ "x$RULE_IRIXNIS" = "xyes" ]; then + OS='SGI IRIX w/NIS' + CFLAGS="$CFLAGS -DIRIX" + LIBS="$LIBS -lsun" + else + OS='SGI IRIX' + CFLAGS="$CFLAGS -DIRIX" + fi + ;; + *-linux20) + DEF_WANTHSREGEX=yes + OS='Linux' + CFLAGS="$CFLAGS -DLINUX=20" + LIBS="$LIBS -lm" + ;; + *-linux22) + # This handles linux 2.2 and above (2.4, ...) + DEF_WANTHSREGEX=yes + OS='Linux' + CFLAGS="$CFLAGS -DLINUX=22" + LIBS="$LIBS -lm" + ;; + *-GNU*) + DEF_WANTHSREGEX=yes + OS='GNU/Hurd' + CFLAGS="$CFLAGS -DHURD" + LIBS="$LIBS -lm -lcrypt" + ;; + *-linux1) + DEF_WANTHSREGEX=yes + OS='Linux' + CFLAGS="$CFLAGS -DLINUX=1" + ;; + *-lynx-lynxos) + OS='LynxOS 2.x' + CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__ -DLYNXOS" + LIBS="$LIBS -lbsd -lcrypt" + DEF_WANTHSREGEX=yes + ;; + *486-*-bsdi*) + OS='BSDI w/486' + CFLAGS="$CFLAGS -m486" + DBM_LIB="" + DB_LIB="" + ;; + *-bsdi3) + if [ "x$using_shlib" = "x1" ] ; then + CC="shlicc2" + fi + ;; + *-bsdi*) + OS='BSDI' + DBM_LIB="" + DB_LIB="" + ;; + *-netbsd*) + OS='NetBSD' + CFLAGS="$CFLAGS -DNETBSD" + LIBS="$LIBS -lcrypt" + DBM_LIB="" + DB_LIB="" + DEF_WANTHSREGEX=no + ;; + *-freebsd*) + PLATOSVERS=`echo $PLAT | sed 's/^.*freebsd//'` + OS="FreeBSD $PLATOSVERS" + case "$PLATOSVERS" in + [2345]*) + DEF_WANTHSREGEX=no + CFLAGS="$CFLAGS -funsigned-char" + ;; + esac + LIBS="$LIBS -lcrypt" + DBM_LIB="" + DB_LIB="" + ;; + *-openbsd*) + OS='OpenBSD' + DBM_LIB="" + DB_LIB="" + DEF_WANTHSREGEX=no + ;; + *-next-nextstep*) + OS='NeXTStep' + OPTIM='-O' + CFLAGS="$CFLAGS -DNEXT" + DEF_WANTHSREGEX=yes + ;; + *-next-openstep*) + OS='OpenStep/Mach' + CC='cc' + OPTIM='-O' + CFLAGS="$CFLAGS -DNEXT" + DEF_WANTHSREGEX=yes + ;; + *-apple-rhapsody*) + OS='Mac OS X Server' + CFLAGS="$CFLAGS -DDARWIN -DMAC_OS_X_SERVER" + DEF_WANTHSREGEX=yes + ;; + *-apple-darwin*) + OS='Darwin' + CFLAGS="$CFLAGS -DDARWIN" + DEF_WANTHSREGEX=yes + ;; + *-dec-osf*) + OS='DEC OSF/1' + CFLAGS="$CFLAGS -DOSF1" + LIBS="$LIBS -lm" + ;; + *-qnx) + OS='QNX' + CFLAGS="$CFLAGS -DQNX" + LIBS="$LIBS -N128k -lsocket -lunix" + DEF_WANTHSREGEX=yes + ;; + *-qnx32) + CC='cc -F' + OS='QNX32' + CFLAGS="$CFLAGS -DQNX -mf -3" + LIBS="$LIBS -N128k -lsocket -lunix" + DEF_WANTHSREGEX=yes + ;; + *-isc4*) + OS='ISC 4' + CC='gcc' + CFLAGS="$CFLAGS -posix -DISC" + LDFLAGS="$LDFLAGS -posix" + LIBS="$LIBS -linet" + DEF_WANTHSREGEX=yes + ;; + *-sco3*) + OS='SCO 3' + CFLAGS="$CFLAGS -DSCO -Oacgiltz" + LIBS="$LIBS -lPW -lsocket -lmalloc -lcrypt_i" + DEF_WANTHSREGEX=yes + ;; + *-sco5*) + OS='SCO 5' + CFLAGS="$CFLAGS -DSCO5" + LIBS="$LIBS -lsocket -lmalloc -lprot -ltinfo -lx -lm" + DEF_WANTHSREGEX=no + ;; + *-sco_sv*|*-SCO_SV*) + OS='SCO SV' + CFLAGS="$CFLAGS -DSCO" + LIBS="$LIBS -lPW -lsocket -lmalloc -lcrypt_i" + DEF_WANTHSREGEX=yes + ;; + *-solaris2*) + PLATOSVERS=`echo $PLAT | sed 's/^.*solaris2.//'` + OS="Solaris $PLATOSVERS" + CFLAGS="$CFLAGS -DSOLARIS2=$PLATOSVERS" + LIBS="$LIBS -lsocket -lnsl -lpthread" + DBM_LIB="" + case "$PLATOSVERS" in + 2[01234]*) + DEF_WANTHSREGEX=yes + ;; + *) + DEF_WANTHSREGEX=no + ;; + esac + ;; + *-sunos4*) + OS='SunOS 4' + CFLAGS="$CFLAGS -DSUNOS4 -DUSEBCOPY" + DEF_WANTHSREGEX=yes + ;; + *-unixware1) + DEF_WANTHSREGEX=yes + OS='UnixWare 1.x' + CFLAGS="$CFLAGS -DUW=100" + LIBS="$LIBS -lsocket -lnsl -lcrypt" + ;; + *-unixware2) + DEF_WANTHSREGEX=yes + OS='UnixWare 2.x' + CFLAGS="$CFLAGS -DUW=200" + LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen" + ;; + *-unixware211) + OS='UnixWare 2.1.1' + CFLAGS="$CFLAGS -DUW=211" + LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen" + ;; + *-unixware212) + OS='UnixWare 2.1.2' + CFLAGS="$CFLAGS -DUW=212" + LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen" + DBM_LIB="" + ;; + *-unixware7) + OS='UnixWare 7' + CFLAGS="$CFLAGS -DUW=700" + LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen -lresolv" + DBM_LIB="" + ;; + *-OpenUNIX) + OS='OpenUNIX' + CFLAGS="$CFLAGS -DUW=800" + LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen -lresolv" + DBM_LIB="" + ;; + maxion-*-sysv4*) + OS='SVR4' + CFLAGS="$CFLAGS -DSVR4" + DEF_WANTHSREGEX=yes + LIBS="$LIBS -lsocket -lnsl -lc -lgen" + ;; + *-*-powermax*) + OS='SVR4' + CFLAGS="$CFLAGS -DSVR4" + DEF_WANTHSREGEX=yes + LIBS="$LIBS -lsocket -lnsl -lgen" + LD_SHLIB='cc' + LDFLAGS_SHLIB="-Zlink=so" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="-Zlink=dynamic -Wl,-Bexport" + CFLAGS_SHLIB='-Zpic' + ;; + TPF) + OS='TPF' + OSDIR='os/tpf' + CC='c89' + CFLAGS="$CFLAGS -DTPF -DCHARSET_EBCDIC -D_POSIX_SOURCE" + DEF_WANTHSREGEX=yes + LIBS="$LIBS" + SUBTARGET="target_compile_only" + ;; + BS2000*-siemens-sysv4*) + OS='BS2000' + OSDIR='os/bs2000' + # If you are using a CPP before V3.0, delete the -Kno_integer_overflow flag + CC='c89 -XLLML -XLLMK -XL -Kno_integer_overflow' + CFLAGS="$CFLAGS -DCHARSET_EBCDIC -DSVR4 -D_XPG_IV" + DEF_WANTHSREGEX=yes + DBM_LIB="" + ;; + *-siemens-sysv4*) + OS='SVR4' + CFLAGS="$CFLAGS -DSVR4 -D_XPG_IV -DHAS_DLFCN -DUSE_MMAP_FILES -DNEED_UNION_SEMUN" + DEF_WANTHSREGEX=yes + LIBS="$LIBS -lsocket -lnsl -lc" + DBM_LIB="" + ;; + pyramid-pyramid-svr4) + OS='SVR4' + CFLAGS="$CFLAGS -DSVR4 -DNO_LONG_DOUBLE" + DEF_WANTHSREGEX=yes + LIBS="$LIBS -lsocket -lnsl -lc" + ;; + DS/90\ 7000-*-sysv4*) + OS='UXP/DS' + CFLAGS="$CFLAGS -DUXPDS" + LIBS="$LIBS -lsocket -lnsl" + DEF_WANTHSREGEX=yes + ;; + *-tandem-sysv4*) + OS='SVR4' + CFLAGS="$CFLAGS -DSVR4" + LIBS="$LIBS -lsocket -lnsl" + DEF_WANTHSREGEX=yes + ;; + *-ncr-sysv4) + OS='NCR MP/RAS' + CFLAGS="$CFLAGS -DSVR4 -DMPRAS" + LIBS="$LIBS -lsocket -lnsl -lc -L/usr/ucblib -lucb" + DEF_WANTHSREGEX=yes + ;; + *-sysv4*) + OS='SVR4' + CFLAGS="$CFLAGS -DSVR4" + LIBS="$LIBS -lsocket -lnsl -lc" + ;; + 88k-encore-sysv4) + OS='Encore UMAX V' + CFLAGS="$CFLAGS -DSVR4 -DENCORE" + DEF_WANTHSREGEX=yes + LIBS="$LIBS -lPW" + ;; + *-uts*) + PLATOSVERS=`echo $PLAT | sed 's/^.*,//'` + OS='Amdahl UTS $PLATOSVERS' + case "$PLATOSVERS" in + 2*) CFLAGS="$CFLAGS -Xa -eft -DUTS21 -DUSEBCOPY" + LIBS="$LIBS -lsocket -lbsd -la" + DEF_WANTHSREGEX=yes + ;; + *) CFLAGS="$CFLAGS -Xa -DSVR4" + LIBS="$LIBS -lsocket -lnsl" + ;; + esac + ;; + *-ultrix) + OS='ULTRIX' + CFLAGS="-DULTRIX" + DEF_WANTHSREGEX=yes + SHELL="/bin/sh5" + ;; + *powerpc-tenon-machten*) + OS='MachTen PPC' + LDFLAGS="$LDFLAGS -Xlstack=0x14000 -Xldelcsect" + ;; + *-machten*) + OS='MachTen 68K' + LDFLAGS="$LDFLAGS -stack 0x14000" + DEF_WANTHSREGEX=yes + ;; + *convex-v11*) + OS='CONVEXOS11' + CFLAGS="$CFLAGS -ext -DCONVEXOS11" + OPTIM="-O1" # scalar optimization only + CC='cc' + DEF_WANTHSREGEX=yes + ;; + i860-intel-osf1) + DEF_WANTHSREGEX=yes + OS='Paragon OSF/1' + CFLAGS="$CFLAGS -DPARAGON" + ;; + *-sequent-ptx2.*.*) + DEF_WANTHSREGEX=yes + OS='SEQUENT DYNIX/ptx v2.*.*' + CFLAGS="$CFLAGS -DSEQUENT=20 -Wc,-pw" + LIBS="$LIBS -lsocket -linet -lnsl -lc -lseq" + ;; + *-sequent-ptx4.0.*) + DEF_WANTHSREGEX=yes + OS='SEQUENT DYNIX/ptx v4.0.*' + CFLAGS="$CFLAGS -DSEQUENT=40 -Wc,-pw" + LIBS="$LIBS -lsocket -linet -lnsl -lc" + ;; + *-sequent-ptx4.[123].*) + DEF_WANTHSREGEX=yes + OS='SEQUENT DYNIX/ptx v4.1.*/v4.2.*' + CFLAGS="$CFLAGS -DSEQUENT=41 -Wc,-pw" + LIBS="$LIBS -lsocket -lnsl -lc" + ;; + *-sequent-ptx4.4.*) + DEF_WANTHSREGEX=yes + OS='SEQUENT DYNIX/ptx v4.4.*' + CFLAGS="$CFLAGS -DSEQUENT=44 -Wc,-pw" + LIBS="$LIBS -lsocket -lnsl -lc" + ;; + *-sequent-ptx4.5.*) + DEF_WANTHSREGEX=yes + OS='SEQUENT DYNIX/ptx v4.5.*' + CFLAGS="$CFLAGS -DSEQUENT=45 -Wc,-pw" + LIBS="$LIBS -lsocket -lnsl -lc" + ;; + *-sequent-ptx5.0.*) + DEF_WANTHSREGEX=yes + OS='SEQUENT DYNIX/ptx v5.0.*' + CFLAGS="$CFLAGS -DSEQUENT=50 -Wc,-pw" + LIBS="$LIBS -lsocket -lnsl -lc" + ;; + *NEWS-OS*) + DEF_WANTHSREGEX=yes + OS='SONY NEWS-OS' + CFLAGS="$CFLAGS -DNEWSOS" + ;; + *-riscix) + OS='Acorn RISCix' + CFLAGS="$CFLAGS -DRISCIX" + OPTIM="-O" + MAKE="make" + DEF_WANTHSREGEX=yes + ;; + *-BeOS*) + PLATOSVER=`uname -r` + case "$PLATOSVER" in + 5.0.4*) + OS="BeOS BONE" + LIBS="-lbind -lsocket -lbe -lroot" + CFLAGS="$CFLAGS -DBONE" + ;; + *) + OS='BeOS'; + CFLAGS="$CFLAGS -DBEOS" + ;; + esac + DEF_WANTHSREGEX=yes + ;; + 4850-*.*) + OS='NCR MP/RAS' + CFLAGS="$CFLAGS -DSVR4 -DMPRAS" + DEF_WANTHSREGEX=yes + LIBS="$LIBS -lsocket -lnsl -lc -L/usr/ucblib -lucb" + ;; + drs6000*) + OS='DRS6000' + CFLAGS="$CFLAGS -DSVR4" + DEF_WANTHSREGEX=yes + LIBS="$LIBS -lsocket -lnsl -lc -L/usr/ucblib -lucb" + ;; + m88k-*-CX/SX|CYBER) + OS='Cyberguard CX/SX' + CFLAGS="$CFLAGS -D_CX_SX -Xa" + DEF_WANTHSREGEX=yes + CC='cc' + RANLIB='true' + ;; + *-tandem-oss) + OS='Tandem OSS' + CFLAGS="-D_TANDEM_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" + CC='c89' + ;; + *-IBM-OS390*) + OS='OS390' + OSDIR='os/os390' + CC='c89' + CFLAGS="$CFLAGS -DOS390 -DCHARSET_EBCDIC -D_ALL_SOURCE" + DEF_WANTHSREGEX=yes + LIBS="$LIBS" + ;; + *-cygwin*) + OS='Cygwin' + OSDIR="os/cygwin" + CFLAGS="$CFLAGS -DCYGWIN" + DEF_WANTHSREGEX=yes + DBM_LIB="-lgdbm" + LIBS="$LIBS -lcrypt $DBM_LIB" + if [ "x$RULE_CYGWIN_WINSOCK" = "xyes" ]; then + CFLAGS="$CFLAGS -DCYGWIN_WINSOCK" + LIBS="$LIBS -lwsock32" + fi + + ;; + *atheos*) + DEF_WANTSREGEX=yes + OS='AtheOS' + CFLAGS="$CFLAGS -DATHEOS" + LIBS="$LIBS -lcrypt" + ;; + *) # default: Catch systems we don't know about + OS='Unknown and unsupported OS' + echo Sorry, but we cannot grok \"$PLAT\" + echo uname -m + uname -m + echo uname -r + uname -r + echo uname -s + uname -s + echo uname -v + uname -v + echo uname -X + uname -X + echo Ideally, read the file PORTING, do what it says, and send the + echo resulting patches to The Apache Group by filling out a report + echo form at http://bugs.apache.org/. If you don\'t + echo wish to do the port yourself, please submit this output rather + echo than the patches. Thank you. + echo + echo Pressing on with the build process, but all bets are off. + echo Do not be surprised if it fails. If it works, and even + echo if it does not, please contact the above address. + echo + ;; +esac + +#################################################################### +## set this if we haven't +## +if [ "x${MAKE}" = "x" ]; then + MAKE='make'; export MAKE +fi + +#################################################################### +## Show user what OS we came up with +## +echo " + configured for $OS platform" +SUBDIRS="$OSDIR $SUBDIRS" + +#################################################################### +# Continue building the stub file +# Set variables as soon as possible so that TestCompile can use them +## +echo >>Makefile.config "OSDIR=\$(SRCDIR)/$OSDIR" +echo >>Makefile.config "INCDIR=\$(SRCDIR)/include" +echo >>Makefile.config "INCLUDES0=-I\$(OSDIR) -I\$(INCDIR)" +echo >>Makefile.config "SHELL=$SHELL" +echo >>Makefile.config "OS=$OS" + +#################################################################### +## And adjust/override WANTHSREGEX as needed +## +if [ "x$RULE_WANTHSREGEX" = "xdefault" ]; then + if [ "x$DEF_WANTHSREGEX" = "x" ]; then + RULE_WANTHSREGEX=yes + else + RULE_WANTHSREGEX=$DEF_WANTHSREGEX + fi +fi + +#################################################################### +## Now we determine the C-compiler and optimization level +## to use. Settings of CC and OPTIM in Configuration have +## the highest precedence; next comes any settings from +## the above "OS-specific" section. If still unset, +## then we look for a known compiler somewhere in PATH +## + +# First, look for a CC= setting in Configuration (recall, we +# copied these to Makefile.config) +# +# If $TCC is null, then no such line exists in Configuration +# +TCC=`egrep '^CC=' Makefile.config | tail -1 | awk -F= '{print $2}'` +if [ "x$TCC" = "x" ]; then + if [ "x$CC" = "x" ]; then + # At this point, CC is not set in Configuration or above, so we + # try to find one + for compilers in "gcc" "cc" "acc" "c89" + do + lookedfor="$lookedfor $compilers" + if ${SHELL} helpers/PrintPath -s $compilers; then + COMPILER="$compilers" + break + fi + done + if [ "x$COMPILER" = "x" ]; then + echo "Error: could not find any of these C compilers" + echo " anywhere in your PATH: $lookedfor" + echo "Configure terminated" + exitcode=1 + exit 1 + fi + CC=$COMPILER + fi + echo " + setting C compiler to $CC" +fi + +#################################################################### +## Write the value of $CC to Makefile.config... We only do this +## is not done already (ie: a 'CC=' line was in Configuration). +## If there was an entry for it, then set $CC for our own internal +## use. +## +if [ "x$TCC" = "x" ]; then + echo "CC=$CC" >> Makefile.config +else + CC=$TCC +fi + +#################################################################### +## Now check how we can _directly_ run the C pre-processor +## +TCPP=`egrep '^CPP=' Makefile.config | tail -1 | awk -F= '{print $2}'` +if [ "x$TCPP" != "x" ]; then + CPP=`CPP="$TCPP"; export CPP CC; ${SHELL} ./helpers/findcpp.sh` +else + CPP=`export CC; ${SHELL} ./helpers/findcpp.sh` +fi +if [ "x$TCPP" = "x" ]; then + echo "CPP=$CPP" >> Makefile.config +fi +echo " + setting C pre-processor to $CPP" + +#################################################################### +## Now check for existance of non-standard system header files +## and start generation of the ap_config_auto.h header +## +AP_CONFIG_AUTO_H="include/ap_config_auto.h" +echo "/*" >$AP_CONFIG_AUTO_H +echo " * ap_config_auto.h -- Automatically determined configuration stuff" >>$AP_CONFIG_AUTO_H +echo " * THIS FILE WAS AUTOMATICALLY GENERATED - DO NOT EDIT!" >>$AP_CONFIG_AUTO_H +echo " */" >>$AP_CONFIG_AUTO_H +echo "" >>$AP_CONFIG_AUTO_H +echo "#ifndef AP_CONFIG_AUTO_H" >>$AP_CONFIG_AUTO_H +echo "#define AP_CONFIG_AUTO_H" >>$AP_CONFIG_AUTO_H + +echo " + checking for system header files" +CHECK_FOR_HEADERS="dlfcn.h dl.h bstring.h crypt.h unistd.h sys/resource.h sys/select.h sys/processor.h sys/param.h" +( +export CPP +for header in $CHECK_FOR_HEADERS; do + echo "" >>$AP_CONFIG_AUTO_H + echo "/* check: #include <$header> */" >>$AP_CONFIG_AUTO_H + name="`echo $header | sed -e 's:/:_:g' -e 's:\.:_:g' | tr '[a-z]' '[A-Z]'`" + ${SHELL} ./helpers/checkheader.sh $header + if [ $? -eq 0 ]; then + echo "#ifndef HAVE_${name}" >>$AP_CONFIG_AUTO_H + echo "#define HAVE_${name} 1" >>$AP_CONFIG_AUTO_H + echo "#endif" >>$AP_CONFIG_AUTO_H + else + echo "#ifdef HAVE_${name}" >>$AP_CONFIG_AUTO_H + echo "#undef HAVE_${name}" >>$AP_CONFIG_AUTO_H + echo "#endif" >>$AP_CONFIG_AUTO_H + fi +done +) + +#################################################################### +# Special AIX 4.x support: need to check for sys/processor.h +# to decide whether the Processor Binding can be used or not +case "$PLAT" in + *-ibm-aix*) + CPP=$CPP ${SHELL} helpers/checkheader.sh sys/processor.h + if [ $? -eq 0 ]; then + CFLAGS="$CFLAGS -DAIX_BIND_PROCESSOR" + fi + ;; +esac + +#################################################################### +## Look for OPTIM and save for later +## +TOPTIM=`egrep '^OPTIM=' Makefile.config | tail -1 | awk -F= '{print $2}'` +TRANLIB=`egrep '^RANLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'` +TTARGET=`egrep '^TARGET=' Makefile.config | tail -1 | awk -F= '{print $2}'` + +#################################################################### +## Check for user provided flags for shared object support +## +TLD_SHLIB=`egrep '^LD_SHLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'` +TLDFLAGS_SHLIB=`egrep '^LDFLAGS_SHLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'` +TLDFLAGS_MOD_SHLIB=`egrep '^LDFLAGS_MOD_SHLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'` +TLDFLAGS_SHLIB_EXPORT=`egrep '^LDFLAGS_SHLIB_EXPORT=' Makefile.config | tail -1 | awk -F= '{print $2}'` +TCFLAGS_SHLIB=`egrep '^CFLAGS_SHLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'` + +#################################################################### +## Handle TARGET name +## +if [ "x$TTARGET" = "x" ]; then + TARGET=httpd + echo "TARGET=$TARGET" >> Makefile.config +else + TARGET=$TTARGET +fi +if [ "x$TARGET" != "xhttpd" ]; then + echo " + using custom target name: $TARGET" + CFLAGS="$CFLAGS -DTARGET=\\\"$TARGET\\\"" +fi + +#################################################################### +## We adjust now CFLAGS_SHLIB, LDFLAGS_SHLIB and LDFLAGS_SHLIB_EXPORT as +## required. For more platforms just add the required lines below. +## +if [ "x$using_shlib" = "x1" ] ; then + LD_SHLIB="ld" + DEF_SHARED_CORE=no + DEF_SHARED_CHAIN=no + SHLIB_SUFFIX_NAME=so + SHMOD_SUFFIX_NAME=so + SHLIB_SUFFIX_DEPTH=all + SHLIB_EXPORT_FILES=no + SHARED_CORE_EP='lib$(TARGET).ep' + SHCORE_IMPLIB='' + case "$PLAT" in + *MPE/iX*) + LD_SHLIB=ld + LDFLAGS_SHLIB='-b -a archive' + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + ;; + *-linux1) + CFLAGS_SHLIB="-fpic" + LDFLAGS_SHLIB="-Bshareable" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="-rdynamic" + ;; + *-linux2*) + LD_SHLIB="gcc" + CFLAGS_SHLIB="-fpic" + LDFLAGS_SHLIB="-shared" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="-rdynamic" + SHLIB_SUFFIX_DEPTH=0 + ;; + *-freebsd2*) + LD_SHLIB="gcc" + CFLAGS_SHLIB="-fpic" + LDFLAGS_SHLIB="-shared" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="" + SHLIB_SUFFIX_DEPTH=2 + ;; + *-freebsd[3-9]*) + LD_SHLIB="gcc" + CFLAGS_SHLIB="-fpic" + LDFLAGS_SHLIB="-shared" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + OBJFORMAT=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` + if [ "x$OBJFORMAT" = "xelf" ]; then + LDFLAGS_SHLIB_EXPORT="-Wl,-E" + SHLIB_SUFFIX_DEPTH=0 + else + LDFLAGS_SHLIB_EXPORT="" + SHLIB_SUFFIX_DEPTH=2 + fi + ;; + *-openbsd*) + PLATOSVERS=`echo $PLAT | sed 's/^.*openbsd//'` + CFLAGS_SHLIB="-fPIC" + LDFLAGS_SHLIB_EXPORT="" + SHLIB_SUFFIX_DEPTH=2 + case "$PLATOSVERS" in + [01].*|2.[0-7]|2.[0-7].*) + LDFLAGS_SHLIB="-Bshareable" + ;; + *) + LD_SHLIB="gcc" + LDFLAGS_SHLIB="-shared \$(CFLAGS_SHLIB)" + if [ -z "`echo __ELF__ | ${CC} -E - | grep __ELF__`" ]; then + LDFLAGS_SHLIB_EXPORT="-Wl,-E" + fi + ;; + esac + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + ;; + *-netbsd*) + CFLAGS_SHLIB="-fPIC -DPIC" + if echo __ELF__ | ${CC} -E - | grep -q __ELF__; then + LDFLAGS_SHLIB="-Bshareable" + LDFLAGS_SHLIB_EXPORT="" + else + LDFLAGS_SHLIB="-shared" + LDFLAGS_SHLIB_EXPORT="-Wl,-E" + fi + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + SHLIB_SUFFIX_DEPTH=2 + ;; + *-bsdi3) + LD_SHLIB="shlicc2" + LDFLAGS_SHLIB="-r" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + ;; + *-bsdi) + CFLAGS_SHLIB="-fPIC" + LDFLAGS_SHLIB="-shared" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="-rdynamic" + ;; + *-next-openstep*) + LD_SHLIB='cc' + CFLAGS_SHLIB='-dynamic -fno-common' + LDFLAGS_SHLIB='-bundle -undefined warning' + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT='' + SHLIB_SUFFIX_DEPTH=0 + ;; + *-apple-rhapsody* | *-apple-darwin* ) + LD_SHLIB="cc" + CFLAGS_SHLIB="" + case "$PLAT" in + *-apple-rhapsody* | *-apple-darwin1.[0-3]* ) + LDFLAGS_SHLIB='$(EXTRA_LDFLAGS) -bundle -undefined suppress' + ;; + * ) + LDFLAGS_SHLIB='$(EXTRA_LDFLAGS) -bundle -undefined suppress -flat_namespace' + ;; + esac + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="" + SHLIB_SUFFIX_DEPTH=0 + ;; + *-solaris2*) + if [ "x`$CC -v 2>&1 | grep gcc`" != "x" ]; then + CFLAGS_SHLIB="-fPIC" + else + CFLAGS_SHLIB="-KPIC" + fi + LDFLAGS_SHLIB="-G" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="" + SHLIB_SUFFIX_DEPTH=1 + ;; + *-sunos4*) + case $CC in + */gcc|gcc ) CFLAGS_SHLIB="-fPIC" ;; + */acc|acc ) CFLAGS_SHLIB="-pic" ;; + esac + LDFLAGS_SHLIB="-assert pure-text" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="" + ;; + *-sgi-irix32) + case $CC in + */gcc|gcc ) + CFLAGS_SHLIB="-fpic" + N32FLAG="" + ;; + */cc|cc ) + CFLAGS_SHLIB="-KPIC" + N32FLAG="-n32" + ;; + esac + if [ "x$RULE_IRIXN32" = "xyes" ]; then + LDFLAGS_SHLIB="$N32FLAG -shared" + else + LDFLAGS_SHLIB="-shared" + fi + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="" + ;; + *-sgi-irix64) + case $CC in + */gcc|gcc ) + CFLAGS_SHLIB="-fpic" + N32FLAG="" + ;; + */cc|cc ) + CFLAGS_SHLIB="-KPIC" + N32FLAG="-n32" + ;; + esac + if [ "x$RULE_IRIXN32" = "xyes" ]; then + LDFLAGS_SHLIB="$N32FLAG -shared" + else + LDFLAGS_SHLIB="-shared" + fi + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="" + ;; + *-sgi-irix) + case $CC in + */gcc|gcc ) CFLAGS_SHLIB="-fpic" ;; + */cc|cc ) CFLAGS_SHLIB="-KPIC" ;; + esac + LDFLAGS_SHLIB="-shared" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="" + ;; + *-dec-osf*) + case $CC in + */gcc|gcc ) CFLAGS_SHLIB="-fpic" ;; + */cc|cc ) CFLAGS_SHLIB="" ;; + esac + LDFLAGS_SHLIB='-shared -expect_unresolved "*" -s' + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="" + ;; + *-unixware*) + case $CC in + */gcc|gcc ) CFLAGS_SHLIB="-fpic" ;; + */cc|cc ) CFLAGS_SHLIB="-KPIC" ;; + esac + LDFLAGS_SHLIB="-Bdynamic -G" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport" + ;; + *-OpenUNIX*) + case $CC in + */gcc|gcc ) CFLAGS_SHLIB="-fpic" ;; + */cc|cc ) CFLAGS_SHLIB="-KPIC" ;; + esac + LDFLAGS_SHLIB="-Bdynamic -G" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport" + LD_SHLIB=$CC + ;; + *-sco5*) + case $CC in + */gcc*|gcc* ) CFLAGS_SHLIB="-fpic" ;; + */cc*|cc* ) CFLAGS_SHLIB="-KPIC" ;; + esac + LDFLAGS_SHLIB="-G" + LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + SHLIB_SUFFIX_DEPTH=1 + ;; + *-sequent-ptx*) + case $PLAT in + *-sequent-ptx2*) + ;; + *-sequent-ptx4.0*) + ;; + *-sequent-ptx*) + CFLAGS_SHLIB="-KPIC" + LDFLAGS_SHLIB="-G" + LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + ;; + esac + ;; + RM*-siemens-sysv4*) + # MIPS hosts can take advantage of the LDFLAGS_SHLIB_EXPORT switch + case $CC in + */gcc|gcc ) CFLAGS_SHLIB="-fpic" ;; + */cc|cc ) CFLAGS_SHLIB="-KPIC" ;; + esac + LDFLAGS_SHLIB="-G" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="-Wl,-Blargedynsym" + ;; + BS2000-siemens-sysv4*) + CFLAGS_SHLIB="-K PIC" + LDFLAGS_SHLIB="-G" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="" + SHLIB_SUFFIX_DEPTH=0 + DEF_SHARED_CORE=no + ;; + *-siemens-sysv4*) + # Older SINIX machines must be linked as "shared core"-Apache + case $CC in + */gcc|gcc ) CFLAGS_SHLIB="-fpic" ;; + *) CFLAGS_SHLIB="-KPIC" ;; + esac + LDFLAGS_SHLIB="-G" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="" + SHLIB_SUFFIX_DEPTH=0 + DEF_SHARED_CORE=yes + ;; + *-sysv4*) + case $CC in + */gcc|gcc ) CFLAGS_SHLIB="-fpic" ;; + */cc|cc ) CFLAGS_SHLIB="-KPIC" ;; + esac + LDFLAGS_SHLIB="-G" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="" + DEF_SHARED_CORE=yes + ;; + *-hp-hpux9.*) + case $CC in + */gcc|gcc ) CFLAGS_SHLIB="-fpic" ;; + */cc|cc ) CFLAGS_SHLIB="+z" ;; + esac + LDFLAGS_SHLIB="-b" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="-Wl,-E -Wl,-B,deferred" + SHLIB_SUFFIX_NAME=sl + ;; + *-hp-hpux10.*|*-hp-hpux11.*) + case $CC in + */gcc|gcc ) CFLAGS_SHLIB="-fpic" ;; + */cc|cc ) CFLAGS_SHLIB="+z" ;; + esac + LDFLAGS_SHLIB="-b" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="-Wl,-E -Wl,-B,deferred -Wl,+s" + SHLIB_SUFFIX_NAME=sl + ;; + ia64-ibm-aix*) + case $CC in + */gcc|gcc ) CFLAGS_SHLIB="-fpic" ;; + */cc|cc ) CFLAGS_SHLIB="" ;; + esac + LDFLAGS_SHLIB=" -L /usr/lib/ia64l32 -G " + LDFLAGS_MOD_SHLIB="$LDFLAGS_SHLIB -bI:@libexecdir@/httpd.exp -lc" + LDFLAGS_SHLIB="$LDFLAGS_SHLIB -Bexport:\`echo \$@|sed -e 's:\.so\$\$:.exp:'\`" + LDFLAGS_SHLIB="$LDFLAGS_SHLIB -lc" + LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport:\$(SRCDIR)/support/httpd.exp" + SHLIB_EXPORT_FILES=yes + ;; + *-ibm-aix*) + case $CC in + */gcc|gcc ) CFLAGS_SHLIB="-fpic" ;; + */cc|cc ) CFLAGS_SHLIB="" ;; + esac + case $PLAT in + *-ibm-aix4*) + LDFLAGS_SHLIB="-H512 -T512 -bhalt:4 -bM:SRE -bnoentry" + ;; + *-ibm-aix*) + LDFLAGS_SHLIB="-H512 -T512 -bhalt:4 -bM:SRE -e _nostart" + ;; + esac + LDFLAGS_MOD_SHLIB="$LDFLAGS_SHLIB -bI:@libexecdir@/httpd.exp -lc" + LDFLAGS_SHLIB="$LDFLAGS_SHLIB -bI:\$(SRCDIR)/support/httpd.exp " + LDFLAGS_SHLIB="$LDFLAGS_SHLIB -bE:\`echo \$@|sed -e 's:\.so\$\$:.exp:'\`" + LDFLAGS_SHLIB="$LDFLAGS_SHLIB -lc" + LDFLAGS_SHLIB_EXPORT="-Wl,-bE:\$(SRCDIR)/support/httpd.exp" + SHLIB_EXPORT_FILES=yes + ;; + *-*-powermax*) + LD_SHLIB='cc' + LDFLAGS_SHLIB="-Zlink=so" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="-Zlink=dynamic -Wl,-Bexport" + CFLAGS_SHLIB='-Zpic' + ;; + *-OS/2*) + DEF_SHARED_CORE=yes + LDFLAGS_SHLIB="`echo $LDFLAGS|sed -e s/-Zexe//` -Zdll" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + SHLIB_SUFFIX_NAME=dll + SHMOD_SUFFIX_NAME=dll + SHLIB_SUFFIX_DEPTH=0 + LD_SHLIB=$CC + LD_SHCORE_DEF="ApacheCoreOS2.def" + LD_SHCORE_LIBS="$LIBS" + LIBS_SHLIB='$(SRCDIR)/ApacheCoreOS2.a -lsocket -lbsd $(EXTRA_LIBS)' + SHARED_CORE_EP='' + SHCORE_IMPLIB='ApacheCoreOS2.a' + OS_MODULE_INCLUDE='Makefile.OS2' + ;; + *-dgux) + case $CC in + */gcc|gcc ) CFLAGS_SHLIB="-fpic" ;; + esac + DEF_SHARED_CORE=yes + LDFLAGS_SHLIB="-G" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="" + ;; + *-cygwin*) + DEF_SHARED_CORE=yes + LDFLAGS_SHLIB="--export-all" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + SHLIB_SUFFIX_NAME=dll + SHMOD_SUFFIX_NAME=dll + SHLIB_SUFFIX_DEPTH=0 + LD_SHLIB='dllwrap' + LD_SHCORE_DEF='' + LD_SHCORE_LIBS="$LIBS" + LIBS_SHLIB='$(EXTRA_LIBS)' + SHARED_CORE_EP='lib$(TARGET).ep' + SHCORE_IMPLIB='lib$(TARGET).dll' + OS_MODULE_INCLUDE='$(SRCDIR)/modules/standard/Makefile.Cygwin' + ;; + *) + ## ok, no known explict support for shared objects + ## on this platform, but we give not up immediately. + ## We take a second chance by guessing the compiler + ## and linker flags from the Perl installation + ## if it exists. + PERL= + for dir in `echo $PATH | sed -e 's/:/ /g'` + do + if [ -f "$dir/perl5" ]; then + PERL="$dir/perl5" + break + fi + if [ -f "$dir/perl" ]; then + PERL="$dir/perl" + break + fi + done + if [ "x$PERL" != "x" ]; then + # cool, Perl is installed on this platform... + if [ "x`$PERL -V:dlsrc 2>/dev/null | grep dlopen`" != "x" ]; then + # ...and actually uses the dlopen-style interface, + # so we can guess the flags from its knowledge + CFLAGS_SHLIB="`$PERL -V:cccdlflags | cut -d\' -f2`" + LDFLAGS_SHLIB="`$PERL -V:lddlflags | cut -d\' -f2`" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="`$PERL -V:ccdlflags | cut -d\' -f2`" + # but additionally we have to inform the + # user that we are just guessing the flags + echo "" + echo "** WARNING: We have no explicit knowledge about shared object" + echo "** support for your particular platform. But perhaps you have" + echo "** luck: We were able to guess the compiler and linker flags" + echo "** for creating shared objects from your Perl installation." + echo "** If they actually work, please send the following information" + echo "** for inclusion into later releases to new-httpd@apache.org or make" + echo "** a suggestion report at http://bugs.apache.org/:" + echo "** PLATFORM=$PLAT" + echo "** CFLAGS_SHLIB=$CFLAGS_SHLIB" + echo "** LDFLAGS_SHLIB=$LDFLAGS_SHLIB" + echo "** LDFLAGS_SHLIB_EXPORT=$LDFLAGS_SHLIB_EXPORT" + echo "" + fi + fi + ;; + esac +fi + +#################################################################### +## Check if we really have some information to compile +## the shared objects if SharedModule was used. +## +if [ "x$using_shlib" = "x1" ] ; then + if [ "x$TCFLAGS_SHLIB" = "x" -a "x$CFLAGS_SHLIB" = "x" -a \ + "x$TLDFLAGS_SHLIB" = "x" -a "x$LDFLAGS_SHLIB" = "x" ]; then + echo "" + echo "** FAILURE: Sorry, no shared object support available." + echo "** Either compile all modules statically (use AddModule instead" + echo "** of SharedModule in the Configuration file) or at least provide" + echo "** us with the appropriate compiler and linker flags via the" + echo "** CFLAGS_SHLIB, LDFLAGS_SHLIB and LDFLAGS_SHLIB_EXPORT entries" + echo "** in the Configuration file." + echo "" + exit 1 + fi +fi + +#################################################################### +## Now we do some OS specific adjustments... for some OSs, we need +## to adjust CFLAGS and/or OPTIM depending on which compiler we +## are going to use. This is easy, since this can be gleamed from +## Makefile.config +## +case "$OS" in + 'ULTRIX') + case "$CC" in + */cc|cc ) CFLAGS="$CFLAGS -std" ;; + esac + ;; + 'SCO 5') + case "$CC" in + */cc|cc ) CFLAGS="$CFLAGS -K noinline" ;; + esac + ;; + 'HI-UX') + case "$CC" in + */cc|cc ) + CFLAGS="$CFLAGS -Aa -Ae -D_HIUX_SOURCE" + OPTIM=" " + TOPTIM="" + ;; + esac + ;; + 'HP-UX'|'HP-UX 10'|'HP-UX 11') + case "$CC" in + */cc|cc ) + CFLAGS="$CFLAGS -Aa -Ae -D_HPUX_SOURCE" + OPTIM=" " + TOPTIM="" + ;; + esac + ;; + *IRIX-64*) + if [ "x$RULE_IRIXN32" = "xyes" ]; then + case "$CC" in + */cc|cc ) + CFLAGS="$CFLAGS -n32" + LDFLAGS="$LDFLAGS -n32" + ;; + esac + fi + ;; + *IRIX-32*) + if [ "x$RULE_IRIXN32" = "xyes" ]; then + case "$CC" in + */cc|cc ) + CFLAGS="$CFLAGS -n32" + LDFLAGS="$LDFLAGS -n32" + ;; + esac + fi + ;; + IBM?AIX?4.[123]) + case $CC in + */cc|cc ) + CFLAGS="$CFLAGS -qnogenpcomp -qnousepcomp" + ;; + esac + ;; + 'IBM AIX IA64') + case $CC in + */cc|cc ) + CFLAGS="$CFLAGS -qnogenpcomp -qnousepcomp" + ;; + esac + ;; +esac + +#################################################################### +## OK, now we can write OPTIM +## +if [ "x$TOPTIM" = "x" ]; then + echo "OPTIM=$OPTIM" >> Makefile.config +fi + +#################################################################### +## OK, now handle RANLIB +## +if [ "x$RANLIB" = "x" ]; then + if [ "x$TRANLIB" != "x" ]; then + RANLIB=$TRANLIB + else + if ${SHELL} helpers/PrintPath -s ranlib; then + RANLIB="ranlib" + else + RANLIB="true" + fi + fi +fi + +#################################################################### +## Now we do some general checks and some intelligent Configuration +## control. + +# Use TestCompile to look for various LIBS +case "$PLAT" in + *-linux*) + # newer systems using glibc 2.x need -lcrypt + if ${SHELL} helpers/TestCompile lib crypt; then + LIBS="$LIBS -lcrypt" + fi + ;; + + *-dg-dgux*) + # R4.11MU02 requires -lsocket -lnsl ... no idea if it's earlier or + # later than what we already knew about. PR#732 + if ${SHELL} helpers/TestCompile lib nsl; then + LIBS="$LIBS -lnsl" + TLIB='-lnsl' + fi + if TLIB=$TLIB ${SHELL} helpers/TestCompile lib socket; then + LIBS="-lsocket $LIBS" + fi + ;; + BS2000*-siemens-sysv4*) + # Activate RISC compilation if this is a SR2000 machine + # (test written by Thomas Dorner + # for perl5 port): + ISSR2000="`bs2cmd SHOW-SYSTEM-INFO | grep 'HSI-ATT'`" + case "$ISSR2000" in + *TYPE*SR*) + CFLAGS="$CFLAGS -Krisc_4000" + ;; + esac + # Depending on the BS2000 OS and compiler/crte release, + # -lnsl may be available (or may be not). + # In standard SVR4 systems, -lsocket relies on some symbols + # from -lnsl, so the test for -lnsl must appear first. + if ${SHELL} helpers/TestCompile lib nsl; then + LIBS="$LIBS -lnsl" + TLIB='-lnsl' + fi + if TLIB=$TLIB ${SHELL} helpers/TestCompile lib socket; then + LIBS="-lsocket $LIBS" + fi + # Auto-detect presence of libdl for dynamic loading + if ${SHELL} ./helpers/TestCompile lib dl; then + if ${SHELL} ./helpers/TestCompile func dlopen; then + LIBS="$LIBS -ldl" + TLIB='-ldl' + fi + fi + # Test for the presence of the "union semun": + if TCADDINCL='#include +#include +#include ' ./helpers/TestCompile sizeof "union semun"; then + : Okay, union semun is defined + else + CFLAGS="$CFLAGS -DNEED_UNION_SEMUN" + fi + # Test for the presence of the _rini_struct typedef: + if TCADDINCL='#include ' ${SHELL} ./helpers/TestCompile sizeof _rini_struct; then + CFLAGS="$CFLAGS -DHAVE_RINI_STRUCT" + fi + # Test whether initgroups() must be emulated: + if ${SHELL} helpers/TestCompile func initgroups; then + : + else + CFLAGS="$CFLAGS -DNEED_INITGROUPS" + fi + ;; +esac + +# SOCKS4 support: +# We assume that if they are using SOCKS4, then they've +# adjusted EXTRA_LIBS and/or EXTRA_LDFLAGS as required, +# otherwise we assume "-L/usr/local/lib -lsocks" +if [ "x$RULE_SOCKS4" = "xyes" ]; then + echo " + enabling SOCKS4 support" + CFLAGS="$CFLAGS -DSOCKS -DSOCKS4" + CFLAGS="$CFLAGS -Dconnect=Rconnect -Dselect=Rselect" + CFLAGS="$CFLAGS -Dgethostbyname=Rgethostbyname" + if [ "x`egrep '^EXTRA_L' Makefile.config | grep lsocks`" = "x" ]; then + LIBS="$LIBS -L/usr/local/lib -lsocks" + fi + case $PLAT in + *-solaris2* ) + LIBS="$LIBS -lresolv" + ;; + esac +fi + +# SOCKS5 support: +# We assume that if they are using SOCKS5, then they've +# adjusted EXTRA_LIBS and/or EXTRA_LDFLAGS as required, +# otherwise we assume "-L/usr/local/lib -lsocks5" +if [ "x$RULE_SOCKS5" = "xyes" ]; then + echo " + enabling SOCKS5 support" + CFLAGS="$CFLAGS -DSOCKS -DSOCKS5" + CFLAGS="$CFLAGS -Dconnect=SOCKSconnect -Dselect=SOCKSselect" + CFLAGS="$CFLAGS -Dgethostbyname=SOCKSgethostbyname -Dclose=SOCKSclose" + if [ "x`egrep '^EXTRA_L' Makefile.config | grep lsocks5`" = "x" ]; then + LIBS="$LIBS -L/usr/local/lib -lsocks5" + fi + case $PLAT in + *-solaris2* ) + LIBS="$LIBS -lresolv" + ;; + esac +fi + +#################################################################### +## Find out what modules we want and try and configure things for them +## Module lines can look like this: +## +## Module name_module some/path/mod_name[.[oa]] +## AddModule some/path/mod_name[.[oa]] +## +## In both cases, the some/path can either be an arbitrary path (including +## an absolute path), or a path like "modules/DIR", in which case we _might_ +## auto-generate a Makefile in modules/DIR (see later). +## +## The first case is the original style, where we give the module's +## name as well as it's binary file location - either a .o or .a. +## +## The second format is new, and means we do not repeat the module +## name, which is already part of the module source or definition. +## The way we find the module name (and other optional information about +## the module) is like this: +## +## 1 If extension is not given or is .c, assume .o was given and goto 3 +## 2 If extension is .module, go to D1 +## 3 If extension is .o, look for a corresponding .c file and if +## found, go to C1 +## 4 If no .c file was found, look for a .module file (Apache module +## definition file). If found, go to D1 +## 5 Assume module name is the "name" part of "mod_name", as in +## name_module. +## +## If a C file is found: +## +## C1 Look for module name given by an MODULE: line (e.g. MODULE: name_module) +## If found assume module contains a definition, and go to D1 +## C2 If not found, look for a module name given on the declaration of the +## module structure (e.g. module name_module). +## C3 If neither given, go to 4 above. +## +## If a definition file is found, or a .c file includes a module definition: +## +## D1 Get the module name from the MODULE: name= line +## D2 Get other module options (libraries etc). To be done later. +## +## +## For now, we will convert the AddModule lines into Module format +## lines, so the rest of Configure can do its stuff without too much +## additional hackery. It would be nice to reduce the number of times +## we have to awk the $tmpfile, though. + +## MODFILES contains a list of module filenames (could be .c, .o, .so, .a +## or .module files) from AddModule lines only +## MODDIRS contains a list of subdirectories under 'modules' which +## contain modules we want to build from both AddModule and Module +## lines + +echo " + adding selected modules" + +MODFILES=`awk <$tmpfile '($1 == "AddModule" || $1 == "SharedModule") { printf "%s ", $2 }'` +MODDIRS=`awk < $tmpfile ' + ($1 == "Module" && $3 ~ /^modules\//) { + split ($3, pp, "/") + if (! SEEN[pp[2]]) { + printf "%s ", pp[2] + SEEN[pp[2]] = 1 + } + } + (($1 == "AddModule" || $1 == "SharedModule") && $2 ~ /^modules\//) { + split ($2, pp, "/") + if (! SEEN[pp[2]]) { + printf "%s ", pp[2] + SEEN[pp[2]] = 1 + } + }'` +MODDIRS_NO_SO=`awk < $tmpfile ' + ($1 == "Module" && $3 ~ /^modules\//) { + split ($3, pp, "/") + if (! SEEN[pp[2]]) { + printf "%s ", pp[2] + SEEN[pp[2]] = 1 + } + } + (($1 == "AddModule") && $2 ~ /^modules\//) { + split ($2, pp, "/") + if (! SEEN[pp[2]]) { + printf "%s ", pp[2] + SEEN[pp[2]] = 1 + } + }'` + +# Now autoconfigure each of the modules specified by AddModule. +# Use tmpfile2 for the module definition file, and tmpfile3 for the +# shell commands to be executed for this module. + +for modfile in $MODFILES ; do + rm -f $tmpfile2 $tmpfile3 + modname='' + + ext=`echo $modfile | sed 's/^.*\.//'` + modbase=`echo $modfile | sed 's/\.[^.]*$//'` + if [ "x$ext" = "x$modfile" ]; then ext=o; modbase=$modfile; modfile=$modbase.o; fi + if [ "x$ext" = "x" ] ; then ext=o; modbase=$modfile; fi + if [ "x$ext" = "xc" ] ; then ext=o; fi + + # modbase is the path+filename without extension, ext is the + # extension given, or if none, o + if [ -r $modbase.module ] ; then + $CAT $modbase.module > $tmpfile2 + else + if [ -f $modbase.c ] ; then + # Guess module structure name in case there is no + # module definition in this file + modname=`egrep '^module .*;' $modbase.c | head -1 |\ + sed 's/^module.*[ ][ ]*//' | \ + sed 's/[ ]*;[ ]*$//'` + # Get any module definition part + if grep "MODULE-DEFINITION-" $modbase.c > /dev/null; then + $CAT $modbase.c | \ + sed '1,/MODULE-DEFINITION-START/d;/MODULE-DEFINITION-END/,$d' \ + > $tmpfile2 + fi + fi + fi + if [ -r $tmpfile2 ] ; then + # Read a module definition from .module or .c + modname=`grep "Name:" $tmpfile2 | sed 's/^.*Name:[ ]*//'` + if grep "ConfigStart" $tmpfile2 > /dev/null \ + && grep "ConfigEnd" $tmpfile2 > /dev/null; then + sed '1,/ConfigStart/d;/ConfigEnd/,$d' $tmpfile2 > \ + $tmpfile3 + echo " o $modname uses ConfigStart/End" + if [ "x$RULE_PARANOID" = "xyes" ]; then + sed 's/^/>> /' $tmpfile3 + fi + . ./$tmpfile3 + fi + if grep "Libs:" $tmpfile2 > /dev/null; then + modlibs1=`grep Libs: $tmpfile2 | sed 's/^.*Libs:[ ]*//'` + echo " o $modbase adds libraries: $modlibs1" + modlibs="$modlibs $modlibs1" + fi + rm -f $tmpfile2 $tmpfile3 + if [ "x$ext" != "x$SHMOD_SUFFIX_NAME" ]; then + ext=o + fi + fi + if [ "x$modname" = "x" ] ; then + modname=`echo $modbase | sed 's/^.*\///' | \ + sed 's/^mod_//' | sed 's/^lib//' | sed 's/$/_module/'` + fi + if [ "x$ext" != "x$SHMOD_SUFFIX_NAME" ]; then + echo "Module $modname $modbase.$ext" >>$tmpfile + fi + # optionally generate export file for some linkers + if [ "x$ext" = "x$SHMOD_SUFFIX_NAME" -a "x$SHLIB_EXPORT_FILES" = "xyes" ]; then + echo "$modname" >$modbase.exp + fi +done +# $tmpfile now contains Module lines for all the modules we want + +#################################################################### +## Now HS's POSIX regex implementation if needed/wanted. We do it +## now since AddModule may have changed it +## +if [ "x$RULE_WANTHSREGEX" = "xyes" ]; then + REGLIB="regex/libregex.a" + SUBDIRS="regex $SUBDIRS" + CFLAGS="$CFLAGS -DUSE_HSREGEX" +fi + +#################################################################### +## Extended API (EAPI) support: +## +if [ "x$RULE_EAPI" = "x" ]; then + RULE_EAPI=`${SHELL} helpers/CutRule EAPI $file` +fi +if [ "x$RULE_EAPI" = "xyes" ]; then + echo " + enabling Extended API (EAPI)" + CFLAGS="$CFLAGS -DEAPI" + # some vendor compilers are too restrictive + # for our ap_hook and ap_ctx sources. + case "$OS:$CC" in + *IRIX-32*:*/cc|*IRIX-32*:cc ) + CFLAGS="$CFLAGS -woff 1048,1110,1164" + ;; + esac + # MM Shared Memory Library support for EAPI + if [ "x$EAPI_MM" = "x" ]; then + EAPI_MM=`egrep '^EAPI_MM=' $file | sed -n -e '$p' | awk -F= '{print $2}'` + fi + if [ "x$EAPI_MM" != "x" ]; then + case $EAPI_MM in + SYSTEM|/* ) ;; + * ) for p in . .. ../..; do + if [ -d "$p/$EAPI_MM" ]; then + EAPI_MM="`echo $p/$EAPI_MM | sed -e 's;/\./;/;g'`" + break + fi + done + ;; + esac + if [ "x$EAPI_MM" = "xSYSTEM" ]; then + echo " using MM library for EAPI: (system-wide)" + CFLAGS="$CFLAGS -DEAPI_MM" + __INCLUDES="`mm-config --cflags`" + if [ "x$__INCLUDES" != "x-I/usr/include" ]; then + INCLUDES="$INCLUDES $__INCLUDES" + fi + LDFLAGS="$LDFLAGS `mm-config --ldflags`" + LIBS="$LIBS `mm-config --libs`" + else + if [ -f "$EAPI_MM/.libs/libmm.a" -a -f "$EAPI_MM/mm.h" ]; then + echo " using MM library: $EAPI_MM (source-tree only)" + case $EAPI_MM in + /* ) ;; + * ) EAPI_MM="\$(SRCDIR)/$EAPI_MM" ;; + esac + CFLAGS="$CFLAGS -DEAPI_MM" + INCLUDES="$INCLUDES -I$EAPI_MM" + LDFLAGS="$LDFLAGS -L$EAPI_MM/.libs" + LIBS="$LIBS -lmm" + elif [ -f "$EAPI_MM/bin/mm-config" ]; then + echo " using MM library: $EAPI_MM (installed)" + CFLAGS="$CFLAGS -DEAPI_MM" + INCLUDES="$INCLUDES `$EAPI_MM/bin/mm-config --cflags`" + LDFLAGS="$LDFLAGS `$EAPI_MM/bin/mm-config --ldflags`" + LIBS="$LIBS `$EAPI_MM/bin/mm-config --libs`" + else + echo "Configure:Error: Cannot find MM library under $EAPI_MM" 1>&2 + exit 1 + fi + fi + fi +fi + + +#################################################################### +## Add in the Expat library if needed/wanted. +## + +# set the default, based on whether expat-lite is bundled. if it is present, +# then we can always include expat. +if [ "x$RULE_EXPAT" = "xdefault" ]; then + if [ -d ./lib/expat-lite/ ]; then + RULE_EXPAT=yes + else + RULE_EXPAT=no + fi +fi + +if [ "x$RULE_EXPAT" = "xyes" ]; then + if ${SHELL} ./helpers/TestCompile lib expat; then + echo " + using system Expat" + LIBS="$LIBS -lexpat" + else + if [ ! -d ./lib/expat-lite/ ]; then + echo "ERROR: RULE_EXPAT set to \"yes\" but is not available." + exit 1 + fi + echo " + using builtin Expat" + EXPATLIB="lib/expat-lite/libexpat.a" + APLIBDIRS="expat-lite $APLIBDIRS" + CFLAGS="$CFLAGS -DUSE_EXPAT -I\$(SRCDIR)/lib/expat-lite" + fi +fi + +#################################################################### +## Now the SHARED_CHAIN stuff +## +if [ "x$using_shlib" = "x1" ] ; then + if [ "x$RULE_SHARED_CHAIN" = "xdefault" ] ; then + RULE_SHARED_CHAIN=$DEF_SHARED_CHAIN + fi + if [ "x$RULE_SHARED_CHAIN" = "xyes" ]; then + echo " + enabling DSO files to be linked against others" + # determine libraries which can be safely linked + # to our DSO files, i.e. PIC libraries and shared libraries + extra_ldflags="`grep EXTRA_LDFLAGS= Makefile.config`" + extra_libs="`grep EXTRA_LIBS= Makefile.config`" + eval "`${SHELL} helpers/slo.sh $LDFLAGS $LIBS $extra_ldflags $extra_libs`" + LIBS_SHLIB="$SLO_DIRS_PIC $SLO_LIBS_PIC $SLO_DIRS_DSO $SLO_LIBS_DSO" + fi +fi + +#################################################################### +## Now the SHARED_CORE stuff +## +if [ "x$using_shlib" = "x1" ] ; then + if [ "x$RULE_SHARED_CORE" = "xdefault" ] ; then + RULE_SHARED_CORE=$DEF_SHARED_CORE + fi + if [ "x$RULE_SHARED_CORE" = "xyes" ]; then + DSO_STRING="DSO" + if [ "$OS" = "Cygwin" ]; then + DSO_STRING="DLL" + fi + echo " + enabling generation of Apache core as $DSO_STRING" + # shuffle compiler flags from shlib variant to standard + CFLAGS="$CFLAGS $CFLAGS_SHLIB" + CFLAGS_SHLIB="" + # indicate that Rule SHARED_CORE is active + CFLAGS="$CFLAGS -DSHARED_CORE" + # select the special subtarget for shared core generation + SUBTARGET=target_shared + # determine additional suffixes for libhttpd.so + V=1 R=3 P=27 + if [ "x$SHLIB_SUFFIX_DEPTH" = "x0" ]; then + SHLIB_SUFFIX_LIST="" + fi + if [ "x$SHLIB_SUFFIX_DEPTH" = "x1" ]; then + SHLIB_SUFFIX_LIST="$V" + fi + if [ "x$SHLIB_SUFFIX_DEPTH" = "x2" ]; then + SHLIB_SUFFIX_LIST="$V.$R" + fi + if [ "x$SHLIB_SUFFIX_DEPTH" = "x3" ]; then + SHLIB_SUFFIX_LIST="$V.$R.$P" + fi + if [ "x$SHLIB_SUFFIX_DEPTH" = "xall" ]; then + SHLIB_SUFFIX_LIST="$V $V.$R $V.$R.$P" + fi + fi +fi + +#################################################################### +## Don't force DL emulation, if not necessary. Currently only used +## by os/unix/os.c. +## +if [ "x$using_shlib" != "x1" ] ; then + CFLAGS="$CFLAGS -DNO_DL_NEEDED" +fi + +#################################################################### +## Set the value of the shared libary flags, if they aren't explicitly +## set in the configuration file +## +if [ "x$using_shlib" = "x1" ] ; then + if [ "x$TCFLAGS_SHLIB" = "x" ]; then + echo "CFLAGS_SHLIB=$CFLAGS_SHLIB -DSHARED_MODULE" >> Makefile.config + fi + if [ "x$TLD_SHLIB" = "x" ]; then + echo "LD_SHLIB=$LD_SHLIB" >> Makefile.config + fi + if [ "x$TLDFLAGS_SHLIB" = "x" ]; then + echo "LDFLAGS_SHLIB=$LDFLAGS_SHLIB" >> Makefile.config + fi + if [ "x$TLDFLAGS_SHLIB_EXPORT" = "x" ]; then + echo "LDFLAGS_SHLIB_EXPORT=$LDFLAGS_SHLIB_EXPORT" >> Makefile.config + fi + if [ "x$TLDFLAGS_MOD_SHLIB" = "x" ]; then + echo "LDFLAGS_MOD_SHLIB=$LDFLAGS_MOD_SHLIB" >> Makefile.config + fi + echo "LD_SHCORE_DEF=$LD_SHCORE_DEF" >> Makefile.config + echo "LD_SHCORE_LIBS=$LD_SHCORE_LIBS" >> Makefile.config + echo "SHARED_CORE_EP=$SHARED_CORE_EP" >> Makefile.config + echo "SHCORE_IMPLIB=$SHCORE_IMPLIB" >> Makefile.config +fi + +#################################################################### +## Now create modules.c +## +$CAT > $awkfile <<'EOFM' + BEGIN { + modules[n++] = "core" + pmodules[pn++] = "core" + } + /^Module/ { modules[n++] = $2 ; pmodules[pn++] = $2 } + /^%Module/ { pmodules[pn++] = $2 } + END { + print "/*" + print " * modules.c --- automatically generated by Apache" + print " * configuration script. DO NOT HAND EDIT!!!!!" + print " */" + print "" + print "#include \"httpd.h\"" + print "#include \"http_config.h\"" + print "" + for (i = 0; i < pn; ++i) { + printf ("extern module %s_module;\n", pmodules[i]) + } + print "" + print "/*" + print " * Modules which implicitly form the" + print " * list of activated modules on startup," + print " * i.e. these are the modules which are" + print " * initially linked into the Apache processing" + print " * [extendable under run-time via AddModule]" + print " */" + print "module *ap_prelinked_modules[] = {" + for (i = 0; i < n; ++i) { + printf " &%s_module,\n", modules[i] + } + print " NULL" + print "};" + print "" + print "/*" + print " * Modules which initially form the" + print " * list of available modules on startup," + print " * i.e. these are the modules which are" + print " * initially loaded into the Apache process" + print " * [extendable under run-time via LoadModule]" + print " */" + print "module *ap_preloaded_modules[] = {" + for (i = 0; i < pn; ++i) { + printf " &%s_module,\n", pmodules[i] + } + print " NULL" + print "};" + print "" + } +EOFM +$CAT $tmpfile | sed 's/_module//' | awk -f $awkfile > modules.c + +#################################################################### +## figure out which module dir require use to autocreate a Makefile. +## for these dirs we must not list the object files from the AddModule +## lines individually since the auto-generated Makefile will create +## a library called libMODDIR.a for it (MODDIR is the module dir +## name). We create two variable here: +## +## AUTODIRS Space separated list of module directories, relative to +## src +## AUTOLIBS Space separated list of auto-generated library files +## +for moddir in $MODDIRS +do + if [ -f modules/$moddir/Makefile.tmpl ] ; then + AUTODIRS="$AUTODIRS modules/$moddir" + fi +done +for moddir in $MODDIRS_NO_SO +do + if [ -f modules/$moddir/Makefile.tmpl ] ; then + AUTOLIBS="$AUTOLIBS modules/$moddir/lib$moddir.a" + fi +done + +#################################################################### +## Add the module targets to the Makefile. Do not add individual object +## targets for auto-generated directories. +## +$CAT > $awkfile <> $awkfile <<'EOF2' + for ( key in tmp ) { + autodirs[tmp[key]] = 1 + } + } + /^Module/ { modules[n++] = $3 } + /^%Module/ { modules[n++] = $3 } + END { + print "MODULES= \\" + for (i = 0; i < n; ++i) { + split (modules[i], pp, "/") + dir = pp[1] "/" pp[2] + inthere = 0 + for ( tdir in autodirs ) { + if (tdir == dir) + inthere = 1 + } + if (inthere == 1) + continue + else + printf (" %s \\\n", modules[i]) + } + } +EOF2 +awk -f $awkfile >>Makefile <$tmpfile + +#################################################################### +## Now add the auto-generated library targets. Need to use awk so we +## don't hang a continuation on the last line. +## +$CAT > $awkfile <<'EOF4' + { + z = 0 + split ($0, libs) + for ( lib in libs ) { + if (z != 0) + printf (" \\\n") + z++ + printf (" %s", libs[lib]) + } + } + END { + printf ("\n") + } +EOF4 +echo "$AUTOLIBS" | awk -f $awkfile >>Makefile +echo "" >>Makefile + +#################################################################### +## Now add the target for the main Makefile +## +echo "SUBDIRS=$SUBDIRS lib modules" >> Makefile +echo "SUBTARGET=$SUBTARGET" >> Makefile +echo "SHLIB_SUFFIX_NAME=$SHLIB_SUFFIX_NAME" >> Makefile +echo "SHMOD_SUFFIX_NAME=$SHMOD_SUFFIX_NAME" >> Makefile +echo "SHLIB_SUFFIX_LIST=$SHLIB_SUFFIX_LIST" >> Makefile +echo "SHLIB_EXPORT_FILES=$SHLIB_EXPORT_FILES" >> Makefile +echo "" >> Makefile + +#################################################################### +## Determine GNU Make variant because +## it uses ugly looking built-in directory walk messages +## while we are already using our own messages +## +if [ "x`${MAKE} -v 2>/dev/null | grep 'GNU Make'`" = "x" ]; then + MFLAGS_STATIC= +else + MFLAGS_STATIC=--no-print-directory +fi + +#################################################################### +## Continue building Makefile.config. Fill in all entries except +## for $LIBS at this point. This implies that anything below +## can only alter $LIBS +## +echo "CFLAGS1=$CFLAGS" >>Makefile.config +echo "INCLUDES1=$INCLUDES" >>Makefile.config +echo "LIBS_SHLIB=$LIBS_SHLIB" >>Makefile.config +echo "LDFLAGS1=$LDFLAGS" >>Makefile.config +echo "MFLAGS_STATIC=$MFLAGS_STATIC" >>Makefile.config +echo "REGLIB=$REGLIB" >>Makefile.config +echo "EXPATLIB=$EXPATLIB" >>Makefile.config +echo "RANLIB=$RANLIB" >>Makefile.config + +#################################################################### +## Some OS-related stuff for the DSO mechanism: +## Finding the vendor DSO functions +## +if [ "x$using_shlib" = "x1" ] ; then + DL_LIB="" + case $PLAT in + ia64-ibm-aix* ) + DL_LIB="-ldl" + ;; + *-ibm-aix* ) + DL_LIB="-lld" + ;; + *-sequent-ptx* ) + case $PLAT in + *-sequent-ptx2*) + ;; + *-sequent-ptx4.0*) + ;; + *-sequent-ptx*) + DL_LIB="-ldl" + ;; + esac + ;; + *-hp-hpux*) + if ${SHELL} helpers/TestCompile func shl_load; then + : + else + if ${SHELL} helpers/TestCompile lib dld; then + DL_LIB="-ldld" + fi + fi + ;; + * ) + if ${SHELL} helpers/TestCompile func dlopen; then + : + else + if ${SHELL} helpers/TestCompile lib dl; then + DL_LIB="-ldl" + fi + fi + ;; + esac + if [ "x$DL_LIB" != "x" ]; then + LIBS="$LIBS $DL_LIB" + echo " + using $DL_LIB for vendor DSO support" + fi +fi + +#################################################################### +## More building ap_config_auto.h +## +## We check the sizeof various data types +## +echo " + checking sizeof various data types" +AP_TYPE_QUAD=`${SHELL} helpers/TestCompile -r sizeof 'long long'` +if [ "x$AP_TYPE_QUAD" = "x" ]; then + AP_TYPE_QUAD="unknown_quad" + AP_LONGEST_LONG="long" +else + AP_LONGEST_LONG="long long" +fi + +echo "" >>$AP_CONFIG_AUTO_H +echo "/* determine: longest possible integer type */" >>$AP_CONFIG_AUTO_H +echo "#ifndef AP_LONGEST_LONG" >>$AP_CONFIG_AUTO_H +echo "#define AP_LONGEST_LONG $AP_LONGEST_LONG" >>$AP_CONFIG_AUTO_H +echo "#endif" >>$AP_CONFIG_AUTO_H + +#################################################################### +## More building ap_config_auto.h +## +## Check for availability of isinf() and isnan() +## +if ${SHELL} ./helpers/TestCompile func isinf ; then + echo "" >>$AP_CONFIG_AUTO_H + echo "/* determine: isinf() found in libc */ " >>$AP_CONFIG_AUTO_H + echo "#ifndef HAVE_ISINF" >>$AP_CONFIG_AUTO_H + echo "#define HAVE_ISINF 1" >>$AP_CONFIG_AUTO_H + echo "#endif" >>$AP_CONFIG_AUTO_H +elif ${SHELL} ./helpers/TestCompile lib m isinf ; then + echo "" >>$AP_CONFIG_AUTO_H + echo "/* determine: isinf() found in libm */ " >>$AP_CONFIG_AUTO_H + echo "#ifndef HAVE_ISINF" >>$AP_CONFIG_AUTO_H + echo "#define HAVE_ISINF 1" >>$AP_CONFIG_AUTO_H + echo "#endif" >>$AP_CONFIG_AUTO_H + LIBS="$LIBS -lm" + ADDED_LM="yes" +fi + +if ${SHELL} ./helpers/TestCompile func isnan ; then + echo "" >>$AP_CONFIG_AUTO_H + echo "/* determine: isnan() found in libc */ " >>$AP_CONFIG_AUTO_H + echo "#ifndef HAVE_ISNAN" >>$AP_CONFIG_AUTO_H + echo "#define HAVE_ISNAN 1" >>$AP_CONFIG_AUTO_H + echo "#endif" >>$AP_CONFIG_AUTO_H +elif ${SHELL} ./helpers/TestCompile lib m isnan ; then + echo "" >>$AP_CONFIG_AUTO_H + echo "/* determine: isnan() found in libm */ " >>$AP_CONFIG_AUTO_H + echo "#ifndef HAVE_ISNAN" >>$AP_CONFIG_AUTO_H + echo "#define HAVE_ISNAN 1" >>$AP_CONFIG_AUTO_H + echo "#endif" >>$AP_CONFIG_AUTO_H + if [ "x$ADDED_LM" != "xyes" ]; then + LIBS="$LIBS -lm" + fi +fi + +## We check for the endianess of the machine +## +AP_BYTE_ORDER=`${SHELL} helpers/TestCompile -r byteorder` +if [ "x$AP_BYTE_ORDER" = "x21" ]; then + AP_BYTE_ORDER="21" # big endian +else + AP_BYTE_ORDER="12" # little endian +fi + +echo "" >>$AP_CONFIG_AUTO_H +echo "/* determine: byte order of machine (12: little endian, 21: big endian) */" >>$AP_CONFIG_AUTO_H +echo "#ifndef AP_BYTE_ORDER" >>$AP_CONFIG_AUTO_H +echo "#define AP_BYTE_ORDER $AP_BYTE_ORDER" >>$AP_CONFIG_AUTO_H +echo "#endif" >>$AP_CONFIG_AUTO_H + +## +## Now compare the sizes of off_t to long +## +AP_TYPE_OFF_T=`${SHELL} helpers/TestCompile -r sizeof off_t` +if [ "x$AP_TYPE_OFF_T" = "x" ]; then + AP_TYPE_OFF_T="unknown_off_t" +fi + +AP_TYPE_LONG=`${SHELL} helpers/TestCompile -r sizeof long` +if [ "x$AP_TYPE_LONG" = "x" ]; then + AP_TYPE_LONG="unknown_long" +fi + +if [ "x$AP_TYPE_OFF_T" != "x$AP_TYPE_LONG" ]; then + echo "" >>$AP_CONFIG_AUTO_H + echo "/* determine: is off_t a quad */" >>$AP_CONFIG_AUTO_H + echo "#ifndef AP_OFF_T_IS_QUAD" >>$AP_CONFIG_AUTO_H + echo "#define AP_OFF_T_IS_QUAD 1" >>$AP_CONFIG_AUTO_H + echo "#endif" >>$AP_CONFIG_AUTO_H +else + echo "" >>$AP_CONFIG_AUTO_H + echo "/* determine: is off_t a quad */" >>$AP_CONFIG_AUTO_H + echo "#ifdef AP_OFF_T_IS_QUAD" >>$AP_CONFIG_AUTO_H + echo "#undef AP_OFF_T_IS_QUAD" >>$AP_CONFIG_AUTO_H + echo "#endif" >>$AP_CONFIG_AUTO_H +fi + +## +## Now see of void * is as big as a quad (long long) +## +AP_TYPE_VOID_P=`${SHELL} helpers/TestCompile -r sizeof 'void *'` +if [ "x$AP_TYPE_VOID_P" = "x" ]; then + AP_TYPE_VOID_P="unknown_void_p" +fi + +if [ "x$AP_TYPE_VOID_P" = "x$AP_TYPE_QUAD" ]; then + echo "" >>$AP_CONFIG_AUTO_H + echo "/* determine: is void * a quad */" >>$AP_CONFIG_AUTO_H + echo "#ifndef AP_VOID_P_IS_QUAD" >>$AP_CONFIG_AUTO_H + echo "#define AP_VOID_P_IS_QUAD 1" >>$AP_CONFIG_AUTO_H + echo "#endif" >>$AP_CONFIG_AUTO_H +else + echo "" >>$AP_CONFIG_AUTO_H + echo "/* determine: is void * a quad */" >>$AP_CONFIG_AUTO_H + echo "#ifdef AP_VOID_P_IS_QUAD" >>$AP_CONFIG_AUTO_H + echo "#undef AP_VOID_P_IS_QUAD" >>$AP_CONFIG_AUTO_H + echo "#endif" >>$AP_CONFIG_AUTO_H +fi + +#################################################################### +## Finish building ap_config_auto.h +## +## We pick out all -D's from CFLAGS and insert them as defines into +## ap_config_auto.h so they are available to external modules needing to +## include Apache header files. +## +TEXTRA_CFLAGS=`egrep '^EXTRA_CFLAGS=' Makefile.config | tail -1 |\ + sed -e 's;^EXTRA_CFLAGS=;;' -e 's;\`.*\`;;'` +tmpstr=`echo $CFLAGS $TEXTRA_CFLAGS |\ + sed -e 's;[ ]\([+-]\);!\1;g' -e 's/\([^\\\]\)"/\1/g' -e 's/\\\"/\"/g'` +OIFS="$IFS" +IFS='!' +for cflag in $tmpstr; do + echo "$cflag" >>$tmpconfig +done +IFS="$OIFS" +awk >>$AP_CONFIG_AUTO_H <$tmpconfig ' + /^-D.*/ { + i = index($0, "=") + if (i > 0) { + define = substr($0, 3, i-3) + value = substr($0, i+1, length($0)-i) + } + else { + define = substr($0, 3, length($0)-2) + value = "1"; + } + printf ("\n/* build flag: %s */\n", $0) + printf ("#ifndef %s\n#define %s %s\n#endif\n", define, define, value) + } +' + +# finish header file +echo "" >>$AP_CONFIG_AUTO_H +echo "#endif /* AP_CONFIG_AUTO_H */" >>$AP_CONFIG_AUTO_H + +#################################################################### +## Finish creating the Makefile.config file +## +echo "LIBS1=$modlibs $LIBS">> Makefile.config +echo "##" >> Makefile.config +echo "## (End of automatically generated section)">> Makefile.config +echo "##" >> Makefile.config +echo "" >> Makefile.config + +#################################################################### +## Use TestCompile to see if $(CC) is ANSI and as a "final" sanity +## check +## + +if [ "x$OS" = "xTPF" ] ; then + : +else + echo " + doing sanity check on compiler and options" + if ${SHELL} ./helpers/TestCompile $vflag sanity; then + : + else + if [ "x$vflag" = "x-v" ] ; then + WHEREERR="above" + else + WHEREERR="below" + fi + echo "** A test compilation with your Makefile configuration" + echo "** failed. The $WHEREERR error output from the compilation" + echo "** test will give you an idea what is failing. Note that" + echo "** Apache requires an ANSI C Compiler, such as gcc. " + echo "" + echo "======== Error Output for sanity check ========" + (${SHELL} ./helpers/TestCompile -v sanity) 2>&1 + echo "============= End of Error Report =============" + echo "" + echo " Aborting!" + exitcode=1 + exit 1 + fi +fi + +#################################################################### +## Now (finish) creating the makefiles +## + +# ./Makefile +$CAT Makefile.config >> Makefile +sed -e "s#@@Configuration@@#$file#" "Makefile.tmpl" >>Makefile + +# xxx/Makefile +MAKEDIRS="support $SUBDIRS" +for dir in $MAKEDIRS ; do + echo Creating Makefile in $dir + ${SHELL} helpers/mfhead $dir $file > $dir/Makefile + $CAT Makefile.config $dir/Makefile.tmpl |\ + sed -e "s:^SRCDIR=.*:SRCDIR=`${SHELL} helpers/fp2rp $dir`:" >> $dir/Makefile +done + +#################################################################### +## Now create the lib/Makefile +## +${SHELL} helpers/mfhead modules $file > lib/Makefile +$CAT Makefile.config | sed -e 's:^SRCDIR=.*:SRCDIR=..:' >> lib/Makefile + +$CAT << EOF >> lib/Makefile +APLIBS=$APLIBDIRS +CFLAGS=\$(OPTIM) \$(CFLAGS1) \$(EXTRA_CFLAGS) + +default: all + +all clean distclean depend :: + @for i in \$(APLIBS) ""; do \\ + if [ "x\$\$i" != "x" ]; then \\ + echo "===> \$(SDP)lib/\$\$i"; \\ + (cd \$\$i && \$(MAKE) \$(MFLAGS_STATIC) SDP='\$(SDP)' CC='\$(CC)' AUX_CFLAGS='\$(CFLAGS)' RANLIB='\$(RANLIB)' \$@) || exit 1; \\ + echo "<=== \$(SDP)lib/\$\$i"; \\ + fi; \\ + done + +EOF + +#################################################################### +## Now create the lib/xxx/Makefile +## + +for dir in $APLIBDIRS ; do + echo Creating Makefile in lib/$dir + ${SHELL} helpers/mfhead lib/$dir $file > lib/$dir/Makefile + $CAT Makefile.config lib/$dir/Makefile.tmpl |\ + sed -e "s:^SRCDIR=.*:SRCDIR=`${SHELL} helpers/fp2rp lib/$dir`:" >> lib/$dir/Makefile +done + +#################################################################### +## Now create the modules/Makefile +## +${SHELL} helpers/mfhead modules $file > modules/Makefile +$CAT Makefile.config | sed -e 's:^SRCDIR=.*:SRCDIR=..:' >> modules/Makefile + +$CAT << EOF >> modules/Makefile +MODULES=$MODDIRS +CFLAGS=\$(OPTIM) \$(CFLAGS1) \$(EXTRA_CFLAGS) + +default: all + +all clean distclean depend :: + @for i in \$(MODULES) ""; do \\ + if [ "x\$\$i" != "x" ]; then \\ + echo "===> \$(SDP)modules/\$\$i"; \\ + case "x\$(OS)" in \\ + xOS390 | xTPF) (cd \$\$i && \$(MAKE) SDP='\$(SDP)' OPTIM='\$(OPTIM)' \$@) || exit 1;; \\ + *) (cd \$\$i && \$(MAKE) \$(MFLAGS_STATIC) SDP='\$(SDP)' CC='\$(CC)' AUX_CFLAGS='\$(CFLAGS)' RANLIB='\$(RANLIB)' OPTIM='\$(OPTIM)' \$@) || exit 1;; \\ + esac; \\ + echo "<=== \$(SDP)modules/\$\$i"; \\ + fi; \\ + done + +EOF + +#################################################################### +## Now create modules/xxx/Makefile +## +for moddir in $AUTODIRS ; do + echo "Creating Makefile in $moddir" + + ${SHELL} helpers/mfhead $moddir $file > $moddir/Makefile + $CAT Makefile.config |\ + sed -e "s:^SRCDIR=.*:SRCDIR=`${SHELL} helpers/fp2rp $moddir`:" >> $moddir/Makefile + $CAT << 'EOF' >> $moddir/Makefile +## +## Default Makefile options from Configure script +## (Begin of automatically generated section) +## +CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS) +LIBS=$(EXTRA_LIBS) $(LIBS1) +INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES) +LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS) +INCDIR=$(SRCDIR)/include +EOF + if [ -f $moddir/Makefile.libdir ]; then + basedir=`echo $moddir | sed 's@^[^/]*/@@g'` + awk >> $moddir/Makefile < $tmpfile ' + ($2 ~ /^modules\/'$basedir'\//) { + split($2, pp, "/"); + split(pp[3], parts, "."); + libext=parts[2]; + } + END { + printf "LIBEXT=%s\n", libext; + }' + # it's responsible for the rest of its Makefile... + else + basedir=`echo $moddir | sed 's@^[^/]*/@@g'` + OBJS=`awk < $tmpfile ' + ($1 == "Module" && $3 ~ /^modules\/'$basedir'\//) { + split ($3, pp, "/") + printf "%s ", pp[3] + } + '` + echo "OBJS=$OBJS" >> $moddir/Makefile + if [ "x$OBJS" != "x" ]; then + echo "LIB=lib$basedir.a" >> $moddir/Makefile + else + # essential! + echo "LIB=" >> $moddir/Makefile + fi + awk >> $moddir/Makefile < $tmpfile ' + ($1 == "SharedModule" && $2 ~ /^modules\/'$basedir'\//) { + split($2, pp, "/") + shlibs=shlibs " " pp[3] + so=pp[3] + split(pp[3], parts, ".") + base=parts[1] + objspic=objspic " " base ".lo" + } + END { + printf "SHLIBS=%s\n", shlibs; + printf "OBJS_PIC=%s\n", objspic; + }' + + $CAT << 'EOF' >> $moddir/Makefile + +all: lib shlib + +lib: $(LIB) + +shlib: $(SHLIBS) + +dummy $(LIB): $(OBJS) + rm -f $@ + ar cr $@ $(OBJS) + $(RANLIB) $@ + +.SUFFIXES: .o .so .dll + +.c.o: + $(CC) -c $(INCLUDES) $(CFLAGS) $< + +.c.so: + $(CC) -c $(INCLUDES) $(CFLAGS) $(CFLAGS_SHLIB) $< && mv $*.o $*.lo + $(LD_SHLIB) $(LDFLAGS_SHLIB) -o $@ $*.lo $(LIBS_SHLIB) + +clean: + rm -f $(LIB) $(OBJS) $(SHLIBS) $(OBJS_PIC) + +distclean: clean + rm -f Makefile + +# NOT FOR END USERS! +depend: + cp Makefile.tmpl Makefile.tmpl.bak \ + && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \ + && gcc -MM $(INCLUDES) $(CFLAGS) *.c >> Makefile.new \ + && sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \ + -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \ + > Makefile.tmpl \ + && rm Makefile.new + +EOF + fi + + if [ "x$OS_MODULE_INCLUDE" != "x" ]; then + echo "include $OS_MODULE_INCLUDE" >> $moddir/Makefile + fi + + $CAT << 'EOF' >> $moddir/Makefile +## +## (End of automatically generated section) +## +EOF + $CAT >> $moddir/Makefile < $moddir/Makefile.tmpl + +done + diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/INSTALL.SSL usr.sbin/httpd/INSTALL.SSL --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/INSTALL.SSL Thu Feb 13 12:15:15 2003 +++ usr.sbin/httpd/INSTALL.SSL Sun Feb 16 16:05:29 2003 @@ -391,7 +391,7 @@ above. The reason just is that Apache pre-configures the installed configuration file for direct use (at least as long the APACI option --without-confadjust is not used). For using the official - ports (80 for HTTP and 443 for HTTPS) root priviledges are required + ports (80 for HTTP and 443 for HTTPS) root privileges are required under run-time, so APACI assumes that it has to use alternate ports (8080 for HTTP and 8443 for HTTPS) if the built and installation is done under non-root users. diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/Makefile.bsd-wrapper usr.sbin/httpd/Makefile.bsd-wrapper --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/Makefile.bsd-wrapper Thu Feb 13 12:15:15 2003 +++ usr.sbin/httpd/Makefile.bsd-wrapper Sun Feb 16 16:05:29 2003 @@ -40,6 +40,7 @@ CONFIG_ARGS= --with-layout="OpenBSD" --enable-module="ssl" \ --enable-module="keynote" \ --enable-suexec --suexec-caller="www" \ + --enable-rule=INET6 \ --suexec-docroot="${HTTPD_HTDOCSDIR}" \ --suexec-logfile="/var/log/suexec_log" --suexec-userdir="public_html" \ --suexec-uidmin="1000" --suexec-gidmin="1000" \ @@ -98,30 +99,30 @@ # modules that come with Apache. .if ${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "i386" || \ -${MACHINE_ARCH} == "m68k" || ${MACHINE_ARCH} == "powerpc" || \ -${MACHINE_ARCH} == "sparc" || ${MACHINE_ARCH} == "sparc64" + ${MACHINE_ARCH} == "m68k" || ${MACHINE_ARCH} == "powerpc" || \ + ${MACHINE_ARCH} == "sparc" || ${MACHINE_ARCH} == "sparc64" CONFIG_ARGS+= ${DSO_MODULE_ARGS} INSTALL_MODULES= \ -src/modules/experimental/mod_mmap_static.so \ -src/modules/experimental/mod_auth_digest.so \ -src/modules/extra/mod_define.so \ -src/modules/proxy/libproxy.so \ -src/modules/standard/mod_vhost_alias.so \ -src/modules/standard/mod_log_agent.so \ -src/modules/standard/mod_info.so \ -src/modules/standard/mod_log_referer.so \ -src/modules/standard/mod_mime_magic.so \ -src/modules/standard/mod_speling.so \ -src/modules/standard/mod_rewrite.so \ -src/modules/standard/mod_auth_dbm.so \ -src/modules/standard/mod_auth_anon.so \ -src/modules/standard/mod_auth_db.so \ -src/modules/standard/mod_digest.so \ -src/modules/standard/mod_cern_meta.so \ -src/modules/standard/mod_usertrack.so \ -src/modules/standard/mod_unique_id.so \ -src/modules/standard/mod_expires.so \ -src/modules/standard/mod_headers.so + src/modules/experimental/mod_mmap_static.so \ + src/modules/experimental/mod_auth_digest.so \ + src/modules/extra/mod_define.so \ + src/modules/proxy/libproxy.so \ + src/modules/standard/mod_vhost_alias.so \ + src/modules/standard/mod_log_agent.so \ + src/modules/standard/mod_info.so \ + src/modules/standard/mod_log_referer.so \ + src/modules/standard/mod_mime_magic.so \ + src/modules/standard/mod_speling.so \ + src/modules/standard/mod_rewrite.so \ + src/modules/standard/mod_auth_dbm.so \ + src/modules/standard/mod_auth_anon.so \ + src/modules/standard/mod_auth_db.so \ + src/modules/standard/mod_digest.so \ + src/modules/standard/mod_cern_meta.so \ + src/modules/standard/mod_usertrack.so \ + src/modules/standard/mod_unique_id.so \ + src/modules/standard/mod_expires.so \ + src/modules/standard/mod_headers.so .endif PERLPATH= /usr/bin/perl @@ -229,6 +230,7 @@ MANUALFILES= \ manual/howto/auth.html \ + manual/howto/htaccess.html \ manual/howto/cgi.html.en \ manual/howto/cgi.html.html \ manual/howto/cgi.html.ja.jis \ @@ -438,11 +440,13 @@ manual/mod/mod_actions.html.en \ manual/mod/mod_actions.html.html \ manual/mod/mod_actions.html.ja.jis \ - manual/mod/mod_alias.html \ + manual/mod/mod_alias.html.en \ + manual/mod/mod_alias.html.ja.jis \ manual/mod/mod_asis.html.en \ manual/mod/mod_asis.html.html \ manual/mod/mod_asis.html.ja.jis \ - manual/mod/mod_auth.html \ + manual/mod/mod_auth.html.en \ + manual/mod/mod_auth.html.ja.jis \ manual/mod/mod_auth_anon.html \ manual/mod/mod_auth_db.html \ manual/mod/mod_auth_dbm.html \ @@ -791,7 +795,8 @@ prereq: ${.OBJDIR}/config.status ${.OBJDIR}/config.status : ${.OBJDIR}/config.layout - @cd ${.OBJDIR} && CC="${CC}" LD_SHLIB="${CC}" OPTIM="${CFLAGS}" \ + @cd ${.OBJDIR} && CC="${CC}" LD_SHLIB="${CC}" \ + OPTIM="${CFLAGS} ${COPTS}" \ PATH="/sbin:/usr/sbin:/bin:/usr/bin" \ sh configure ${CONFIG_ARGS} diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/README.v6 usr.sbin/httpd/README.v6 --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/README.v6 Wed Dec 31 19:00:00 1969 +++ usr.sbin/httpd/README.v6 Sun Feb 16 16:13:29 2003 @@ -0,0 +1,173 @@ +IPv6-ready apache 1.3.x +KAME Project +$Id: README.v6,v 1.1 2003/02/16 21:13:29 odin Exp $ + +This patchkit enables apache 1.3.x to perform HTTP connection over IPv6. +Most of optional modules are left unchanged, i.e. some of them won't support +IPv6, and some of them may not compile. + + +CAVEAT: This patchkit may change some of apache module API, to avoid +IPv4-dependent structure member variable (like use of u_long to hold +IPv4 address, or whatever). Therefore, it is almost impossible for the +IPv6 patch to be used with other module patches, at the same time +(including mod_ssl, mod_perl and others). We have no plan to fix it. + +http://www.imasy.or.jp/~ume/ipv6/test/ has an experimental patch against +mod_ssl, which makes SSL over IPv6 work with the patch. + + +Basically you can write IPv6 address where IPv4 address fits. + +extra command-line argument: + -4 Assume IPv4 address on ambiguous directives + -6 Assume IPv6 address on ambiguous directives (default) + + The above two can be used, for example, to disambiguate + "BindAddress *". + +base commands: + Listen + Listen is expanded to take one or two arguments. + Listen port + Listen address:port + Listen address port + This is to let you specify "Listen :: 80", since "Listen :::80" + won't work. + +mod_access: + deny from + allow from + "deny from" and "allow from" supports IPv6 addresses, under the + following forms: + {deny,allow} from v6addr + {deny,allow} from v6addr/v6mask + {deny,allow} from v6addr/prefixlen + Also, wildcard ("*") and string hostname matches IPv6 hosts as well. + +mod_proxy: + ProxyRequests on + http/ftp proxying for both IPv4 and IPv6 is possible. + Access control functions (NoProxy) are not updated yet. + + NOTE: for security reasons, we recommend you to filter out + outsider's access to your proxy, by directives like below: + + order deny,allow + deny from all + allow from 10.0.0.0/8 + allow from 3ffe:9999:8888:7777::/64 + + +virtual host: + If you would like to this feature, you must describe 'Listen' + part on configuration file explicitly. like below: + Listen :: 80 + Listen 0.0.0.0 80 + + NameVirtualHost + NameVirtualHost is expanded to take one more two arguments. + NameVirtualHost address + NameVirtualHost address:port + NameVirtualHost address port + This is to let you specify IPv6 address into address part. + + Note that, if colon is found in the specified address string, + the code will to resolve the address in the following way: + 1. try to resolve as address:port (most of IPv6 address fails) + 2. if (1) is failed, try to resolve as address only + If there's ambiguity, i.e. 3ffe:0501::1:2, the address may not be + parsed as you expect (3ffe:0501::1 with port 2, or 3ffe:0501::1:2 + with default port). To get the right effect you are encouraged + to specify it without ambiguity. In IPv6 case "address port" + (specify address and port separated by a space) is the safest way. + + + If you would like to specify IPv6 numeric address in host part, + use bracketed format like below: + + Note: Now we DO NOT handle old non-bracketed format, + + so configuration file must be updated. + Note: The following is bad example to specify host ::1 port 80. + This will treated as host ::1:80. + + +logresolve (src/support) + error statistics in nameserver cache code is omitted. + +mod_unique_id + Originally mod_unique_id used IPv4 address as a seed for UNIQUE_ID, + and took IPv4 address registered onto DNS for the hostname (UNIX + hostname taken by gethostname(3)). Therefore, this does not work + for IPv6-only hosts as they do not have IPv4 address for them. + + Now, UNIQUE_ID can be generated using IPv6 address. IPv6 address can + be used as the seed for UNIQUE_ID. + Because of this, UNIQUE_ID will be longer than normal apache. This + may cause problem with some of the CGI scripts. + The preference of the addresses is based on the order returned + by getaddrinfo(). If your getaddrinfo() returns IPv4 address, IPv4 + adderss will be used as a seed. + Note that some of IPv6 addresses are "scoped"; If you happened to use + link-local or site-local address as a seed, the UNIQUE_ID may not be + worldwide unique. + + If longer UNIQUE_ID causes a problem, define SHORT_UNIQUE_ID in + mod_unique_id.c. In this case, length of UNIQUE_ID will be kept the + same. However, for IPv6 addresses mod_unique_id.c will use the last + 32bit (not the whole 128bit) as the seed. Therefore, there can be + collision in UNIQUE_ID. + + The behavior should be improved in the near future; we welcome your + inputs. + +Modules known to be incompatible with IPv6 + (please report us) + +configure + Configure has extra option, --enable-rule=INET6. if the option + is specified, IPv6 code will be enabled. + +configuration file + We do not support IPv4 mapped address (IPv6 address format like + ::ffff:10.1.1.1) in configuration file. + +This kit assumes that you have working(*) getaddrinfo() and getnameinfo() +library functions. Even if you don't have one, don't panic. We have +included last-resort version (which support IPv4 only) into the kit. +For more complete implementation you might want to check BIND 8.2. +(*) NOTE: we have noticed that some of IPv6 stack is shipped with broken +getaddrinfo(). In such cases, you should get and install BIND 8.2. + +When compiling this kit onto IPv6, you may need to specify some additional +library paths or cpp defs (like -linet6 or -DINET6). +Now you don't have to specify --enable-rule=INET6. The "configure" script +will give you some warnings if the IPv6 stack is not known to the +"configure" script. Currently, the following IPv6 stacks are supported: +- KAME IPv6 stack, http://www.kame.net/ + use configure.v6 for convenience, +- Linux IPv6 stack, http://www.linux.org/ + use configure.v6 for convenience. +- Solaris 8 IPv6 stack, http://www.sun.com/ + use configure.v6 for convenience. +To disable IPv6 support, specify --disable-rule=INET6 to the "configure" +script. + +Acknowledgements + Thanks to all people submitted patches/fixes for this patch kit, + including: + "Chris P. Ross" + +Author contacts + Jun-ichiro itojun Hagino, KAME project + http://www.kame.net/ + mailto:core@kame.net +Linux Port + Arkadiusz Miskiewicz, Polish Linux Distribution project (IPv6) + http://www.pld.org.pl/ + mailto:pld-list@pld.org.pl + Satoshi SHIDA, Linux IPv6 Users Group JP + http://www.v6.linux.or.jp/ + YOSHIFUJI Hideaki, USAGI Project + http://www.linux-ipv6.org/ diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/conf/httpd.conf usr.sbin/httpd/conf/httpd.conf --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/conf/httpd.conf Thu Feb 13 12:15:03 2003 +++ usr.sbin/httpd/conf/httpd.conf Sun Feb 16 16:05:28 2003 @@ -669,11 +669,10 @@ # AddType allows you to tweak mime.types without actually editing it, or to # make certain files to be certain types. # -# For example, the PHP3 module (not part of the Apache distribution) +# For example, the PHP module (not part of the Apache distribution) # will typically use: # -#AddType application/x-httpd-php3 .phtml -#AddType application/x-httpd-php3-source .phps +#AddType application/x-httpd-php .php # # AddHandler allows you to map certain file extensions to "handlers", diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/conf/httpd.conf-dist usr.sbin/httpd/conf/httpd.conf-dist --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/conf/httpd.conf-dist Thu Feb 13 12:15:03 2003 +++ usr.sbin/httpd/conf/httpd.conf-dist Sun Feb 16 16:05:28 2003 @@ -174,6 +174,11 @@ #Listen 3000 #Listen 12.34.56.78:80 +# Listen can take two arguments. +# (this is an extension for supporting IPv6 addresses) +#Listen :: 80 +#Listen 0.0.0.0 80 + # # BindAddress: You can support virtual hosts with this option. This directive # is used to tell the server which IP address to listen to. It can either @@ -777,6 +782,7 @@ # make certain files to be certain types. # AddType application/x-tar .tgz + AddType image/x-icon .ico # # AddHandler allows you to map certain file extensions to "handlers", @@ -1180,7 +1186,7 @@ # This enables optimized SSL connection renegotiation handling when SSL # directives are used in per-directory context. #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire - + SSLOptions +StdEnvVars diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/configure usr.sbin/httpd/configure --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/configure Thu Feb 13 12:15:15 2003 +++ usr.sbin/httpd/configure Sun Feb 16 16:05:28 2003 @@ -1601,14 +1601,15 @@ if [ "x$verbose" = "xyes" ]; then vflag="-v"; fi +exec 4>&1 rc=`if [ "x$quiet" = "xyes" ]; then (cd $src; ${SHELL} ./Configure ${vflag} -file Configuration.apaci >/dev/null; echo $? >&3; ); else (cd $src; (${SHELL} ./Configure ${vflag} -file Configuration.apaci; echo $? >&3; ) |\ sed -e '/^Using config file:.*/d' \ -e "s:Makefile in :Makefile in $src\\/:" \ - -e "s:Makefile\$:Makefile in $src:") -fi 3>&1 1>&2` + -e "s:Makefile\$:Makefile in $src:" >&4 ) +fi 3>&1` ## Ugly. So far, we've only used -eq, so just in case, use this ## stupid code unless we're *sure* that -ne is also available diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/index.html usr.sbin/httpd/htdocs/index.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/index.html Thu Feb 13 12:15:09 2003 +++ usr.sbin/httpd/htdocs/index.html Sun Feb 16 16:05:21 2003 @@ -7,7 +7,7 @@ diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/bind.html.ja.jis usr.sbin/httpd/htdocs/manual/bind.html.ja.jis --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/bind.html.ja.jis Thu Feb 13 12:15:08 2003 +++ usr.sbin/httpd/htdocs/manual/bind.html.ja.jis Sun Feb 16 16:05:20 2003 @@ -9,8 +9,8 @@ - +
[APACHE DOCUMENTATION] @@ -87,15 +87,15 @@

$BJ#?t$N(B Listen $B%G%#%l%/%F%#%V$K$h$j!"(Blisten $B$9$k%"%I%l%9$H%]!<%H$r(B $B$$$/$D$b;XDj$9$k$3$H$b=PMh$^$9!#(B - $B%j%9%H$5$l$?%"%I%l%9$H%]!<%HA4$F$KBP$7$F1~Ez$7$^$9!#(B

+ $B%j%9%H$5$l$?%"%I%l%9$H%]!<%H$9$Y$F$KBP$7$F1~Ez$7$^$9!#(B

-

$BNc$($P!"%]!<%H(B 80 $B$H(B 8000 $B$NN>J}$KBP$7$F$N@\B3$r +

$B$?$H$($P!"%]!<%H(B 80 $B$H(B 8000 $B$NN>J}$KBP$7$F$N@\B3$r 

    Listen 80
    Listen 8000
$B$H$7$^$9!#(B - 2 $B$D$N;XDj$5$l$?%$%s%?%U%'!<%9$H%]!<%HHV9f$KBP$7$F$N@\B3$r Listen 192.170.2.1:80 Listen 192.170.2.5:8000 @@ -108,7 +108,7 @@ $B$o$1$G$O$"$j$^$;$s!#$=$l$i$O%a%$%s$N(B Apache $B%G!<%b%s%W%m%;%9$,$I$N%"%I%l%9(B $B$r%P%$%s%I$7!"$I$N%]!<%H$r(B listen $B$9$k$N$+$H$$$&$3$H$r;XDj$7$^$9!#(B <VirtualHost> - $B%G%#%l%/%F%#%V$,A4$/;H$o$l$J$$>l9g$O!"l9g$O!"/bin/httpd is started it has to dynamicly link cyghttpd.dll while runtime. That is why you have to place the shared core DLL - cyghttpd.dll to the same direcotry where + cyghttpd.dll to the same directory where httpd.exe resides, i.e. /usr/local/apache/bin or an other place in your $PATH.

diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/env.html.en usr.sbin/httpd/htdocs/manual/env.html.en --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/env.html.en Thu Feb 13 12:15:07 2003 +++ usr.sbin/httpd/htdocs/manual/env.html.en Sun Feb 16 16:05:20 2003 @@ -264,6 +264,21 @@

This disables KeepAlive when set.

+ +

suppress-error-charset

+

Available in versions after 1.3.26 and 2.0.40

+

When Apache issues a redirect in response to a client request, + the response includes some actual text to be displayed in case + the client can't (or doesn't) automatically follow the redirection. + Apache ordinarily labels this text according to the character set + which it uses, which is ISO-8859-1.

+

However, if the redirection is to a page that uses a different + character set, some broken browser versions will try to use the + character set from the redirection text rather than the actual page. + This can result in Greek, for instance, being incorrectly rendered.

+

Setting this environment variable causes Apache to omit the character + set for the redirection text, and these broken browsers will then correctly + use that of the destination page.

Examples

diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/env.html.html usr.sbin/httpd/htdocs/manual/env.html.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/env.html.html Thu Feb 13 12:15:07 2003 +++ usr.sbin/httpd/htdocs/manual/env.html.html Sun Feb 16 16:05:20 2003 @@ -266,6 +266,21 @@

This disables KeepAlive when set.

+ +

suppress-error-charset

+

Available in versions after 1.3.26 and 2.0.40

+

When Apache issues a redirect in response to a client request, + the response includes some actual text to be displayed in case + the client can't (or doesn't) automatically follow the redirection. + Apache ordinarily labels this text according to the character set + which it uses, which is ISO-8859-1.

+

However, if the redirection is to a page that uses a different + character set, some broken browser versions will try to use the + character set from the redirection text rather than the actual page. + This can result in Greek, for instance, being incorrectly rendered.

+

Setting this environment variable causes Apache to omit the character + set for the redirection text, and these broken browsers will then correctly + use that of the destination page.

Examples

diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/howto/auth.html usr.sbin/httpd/htdocs/manual/howto/auth.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/howto/auth.html Thu Feb 13 12:15:07 2003 +++ usr.sbin/httpd/htdocs/manual/howto/auth.html Sun Feb 16 16:05:18 2003 @@ -314,9 +314,10 @@ that the web server itself can read the file. For example, if your server is configured to run as user nobody and group nogroup, then you should set permissions on the - file so that only that user can read the file:

+ file so that only the webserver can read the file and only + root can write to it:

-chown nobody.nogroup /usr/local/apache/passwd/passwords
+chown root.nogroup /usr/local/apache/passwd/passwords
 chmod 640 /usr/local/apache/passwd/passwords
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/howto/htaccess.html usr.sbin/httpd/htdocs/manual/howto/htaccess.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/howto/htaccess.html Wed Dec 31 19:00:00 1969 +++ usr.sbin/httpd/htdocs/manual/howto/htaccess.html Sun Feb 16 16:05:18 2003 @@ -0,0 +1,422 @@ + + + + + + + Apache Tutorial: .htaccess files + + + +
+ [APACHE DOCUMENTATION] + +

Apache HTTP Server Version 1.3

+
+ + + +

.htaccess files

+ + + + + +
-[OpenBSD]
+[OpenBSD]
 Apache
+ + + + + +
Related Modules
+
+ core
+ mod_auth
+ mod_cgi
+ mod_includes
+ mod_mine
+ 		Related Directives
+
+ AccessFileName
+ AllowOverride
+ Options
+ AddHandler
+ SetHandler
+ AuthType
+ AuthName
+ AuthUserFile
+ AuthGroupFile
+ Require
+
+
+ +

What they are/How to use them

+ +

.htaccess files (or "distributed configuration files") + provide a way to make configuration changes on a per-directory basis. A + file, containing one or more configuration directives, is placed in a + particular document directory, and the directives apply to that + directory, and all subdirectories thereof.

+ +

Note: If you want to call your .htaccess file something + else, you can change the name of the file using the AccessFileName + directive. For example, if you would rather call the file + .config then you can put the following in your server + configuration file:

+ +
+ + + + +
AccessFileName .config
+
+ +

What you can put in these files is determined by the AllowOverride + directive. This directive specifies, in categories, what directives + will be honored if they are found in a .htaccess file. If + a directive is permitted in a .htaccess file, the + documentation for that directive will contain an Override section, + specifying what value must be in AllowOverride in order + for that directive to be permitted.

+ +

For example, if you look at the documentation for the AddDefaultCharset + directive, you will find that it is permitted in .htaccess + files. (See the Context line in the directive summary.) The Override line reads + "FileInfo". Thus, you must have at least + "AllowOverride FileInfo" in order for this directive to be + honored in .htaccess files.

+ +

Example:

+ +
+ + + + + + + + + + + + +
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
+
+ +

If you are unsure whether a particular directive is permitted in a + .htaccess file, look at the documentation for that + directive, and check the Context line for ".htaccess."

+ +

When (not) to use .htaccess files

+ +

In general, you should never use .htaccess files unless + you don't have access to the main server configuration file. There is, + for example, a prevailing misconception that user authentication should + always be done in .htaccess files. This is simply not the + case. You can put user authentication configurations in the main server + configuration, and this is, in fact, the preferred way to do + things.

+ +

.htaccess files should be used in a case where the + content providers need to make configuration changes to the server on a + per-directory basis, but do not have root access on the server system. + In the event that the server administrator is not willing to make + frequent configuration changes, it might be desirable to permit + individual users to make these changes in .htaccess files + for themselves. This is particularly true, for example, in cases where + ISPs are hosting multiple user sites on a single machine, and want + their users to be able to alter their configuration.

+ +

However, in general, use of .htaccess files should be + avoided when possible. Any configuration that you would consider + putting in a .htaccess file, can just as effectively be + made in a <Directory> + section in your main server configuration file.

+ +

There are two main reasons to avoid the use of + .htaccess files.

+ +

The first of these is performance. When AllowOverride + is set to allow the use of .htaccess files, Apache will + look in every directory for .htaccess files. Thus, + permitting .htaccess files causes a performance hit, + whether or not you actually even use them! Also, the + .htaccess file is loaded every time a document is + requested.

+ +

Further note that Apache must look for .htaccess files + in all higher-level directories, in order to have a full complement of + directives that it must apply. (See section on how + directives are applied.) Thus, if a file is requested out of a + directory /www/htdocs/example, Apache must look for the + following files:

+ +
+ + + + +
/.htaccess
+ /www/.htaccess
+ /www/htdocs/.htaccess
+ /www/htdocs/example/.htaccess
+
+ +

And so, for each file access out of that directory, there are 4 + additional file-system accesses, even if none of those files are + present. (Note that this would only be the case if .htaccess files were + enabled for /, which is not usually the case.)

+ +

The second consideration is one of security. You are permitting + users to modify server configuration, which may result in changes over + which you have no control. Carefully consider whether you want to give + your users this privilege.

+ +

Note that it is completely equivalent to put a .htaccess file in a + directory /www/htdocs/example containing a directive, and + to put that same directive in a Directory section <Directory + /www/htdocs/example> in your main server configuration:

+ +

.htaccess file in /www/htdocs/example:

+ +
+ + + + +
AddType text/example .exm +
+
+ +

httpd.conf

+ +
+ + + + +
<Directory + /www/htdocs/example>
+ AddType text/example .exm
+ </Directory>
+
+ +

However, putting this configuration in your server configuration + file will result in less of a performance hit, as the configuration is + loaded once when Apache starts, rather than every time a file is + requested.

+ +

The use of .htaccess files can be disabled completely + by setting the AllowOverride directive to "none"

+ +
+ + + + +
AllowOverride None
+
+ +

How directives are applied

+ +

The configuration directives found in a .htaccess file + are applied to the directory in which the .htaccess file + is found, and to all subdirectories thereof. However, it is important + to also remember that there may have been .htaccess files + in directories higher up. Directives are applied in the order that they + are found. Therefore, a .htaccess file in a particular + directory may override directives found in .htaccess files + found higher up in the directory tree. And those, in turn, may have + overridden directives found yet higher up, or in the main server + configuration file itself.

+ +

Example:

+ +

In the directory /www/htdocs/example1 we have a + .htaccess file containing the following:

+ +
+ + + + +
Options +ExecCGI
+
+ +

(Note: you must have "AllowOverride Options" in effect + to permit the use of the "Options" directive in + .htaccess files.)

+ +

In the directory /www/htdocs/example1/example2 we have + a .htaccess file containing:

+ +
+ + + + +
Options Includes
+
+ +

Because of this second .htaccess file, in the directory + /www/htdocs/example1/example2, CGI execution is not + permitted, as only Options Includes is in effect, which + completely overrides any earlier setting that may have been in + place.

+ +

Authentication example

+ +

If you jumped directly to this part of the document to find out how + to do authentication, it is important to note one thing. There is a + common misconception that you are required to use + .htaccess files in order to implement password + authentication. This is not the case. Putting authentication directives + in a <Directory> section, in your main server + configuration file, is the preferred way to implement this, and + .htaccess files should be used only if you don't have + access to the main server configuration file. See above for a + discussion of when you should and should not use .htaccess + files.

+ +

Having said that, if you still think you need to use a + .htaccess file, you may find that a configuration such as + what follows may work for you.

+ +

You must have "AllowOverride AuthConfig" in effect for + these directives to be honored.

+ +

.htaccess file contents:

+ +
+ + + + +
AuthType Basic
+ AuthName "Password Required"
+ AuthUserFile /www/passwords/password.file
+ AuthGroupFile /www/passwords/group.file
+ Require Group admins
+
+ +

Note that AllowOverride AuthConfig must be in effect + for these directives to have any effect.

+ +

Please see the authentication tutorial for a + more complete discussion of authentication and authorization.

+ +

Server side includes example

+ +

Another common use of .htaccess files is to enable + Server Side Includes for a particular directory. This may be done with + the following configuration directives, placed in a + .htaccess file in the desired directory:

+ +
+ + + + +
Options +Includes
+ AddType text/html shtml
+ AddHandler server-parsed shtml
+
+ +

Note that AllowOverride Options and AllowOverride + FileInfo must both be in effect for these directives to have any + effect.

+ +

Please see the SSI tutorial for a more + complete discussion of server-side includes.

+ +

CGI example

+ +

Finally, you may wish to use a .htaccess file to permit + the execution of CGI programs in a particular directory. This may be + implemented with the following configuration:

+ +
+ + + + +
Options +ExecCGI
+ AddHandler cgi-script cgi pl
+
+ +

Alternately, if you wish to have all files in the given directory be + considered to be CGI programs, this may be done with the following + configuration:

+ +
+ + + + +
Options +ExecCGI
+ SetHandler cgi-script
+
+ +

Note that AllowOverride Options must be in effect for + these directives to have any effect.

+ +

Please see the CGI tutorial for a more + complete discussion of CGI programming and configuration.

+ +

Troubleshooting

+ +

When you put configuration directives in a .htaccess + file, and you don't get the desired effect, there are a number of + things that may be going wrong.

+ +

Most commonly, the problem is that AllowOverride is not + set such that your configuration directives are being honored. Make + sure that you don't have a AllowOverride None in effect + for the file scope in question. A good test for this is to put garbage + in your .htaccess file and reload. If a server error is + not generated, then you almost certainly have AllowOverride + None in effect.

+ +

If, on the other hand, you are getting server errors when trying to + access documents, check your Apache error log. It will likely tell you + that the directive used in your .htaccess file is not permitted. + Alternately, it may tell you that you had a syntax error, which you + will then need to fix.

+ + + diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/howto/ssi.html.ja.jis usr.sbin/httpd/htdocs/manual/howto/ssi.html.ja.jis --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/howto/ssi.html.ja.jis Thu Feb 13 12:15:07 2003 +++ usr.sbin/httpd/htdocs/manual/howto/ssi.html.ja.jis Sun Feb 16 16:05:18 2003 @@ -7,7 +7,7 @@ Apache $B%A%e!<%H%j%"%k(B: Server Side Includes $BF~Lg(B - +

$B$3$N;XDj$O!"%U%!%$%k$r(B SSI $B%G%#%l%/%F%#%V$G2r@O$5$;$k$3$H$r5v2D$9$k(B - $B$H$$$&$3$H$r(B Apache $B$KEA$($^$9!#(B

+ $B$H$$$&$3$H$r(B Apache $B$KEA$($^$9!#(B + $B$[$H$s$I$N@_Dj$G$O$*8_$$$r>e=q$-$G$-$k!"J#?t$N(B + Options $B$,$"$k$3$H$K(B + $BCm0U$7$F$/$@$5$$!#$*$=$i$/!"@_Dj$,:G8e$KI>2A$5$l$k$3$H$r(B + $BJ]>Z$5$l$k$?$a$K!"(BSSI $B$r;HMQ$7$?$$%G%#%l%/%H%j$K(B Options + $B%G%#%l%/%F%#%V$rE,MQ$9$kI,MW$,$"$k$G$7$g$&!#(B

$BA4$F$N%U%!%$%k$,(B SSI $B%G%#%l%/%F%#%V$G2r@O$5$l$k$H$$$&$o$1$G$O$"$j$^$;$s!#(B $B$I$N%U%!%$%k$,2r@O$5$l$k$+$r(B Apache $B$KEA$($kI,MW$,$"$j$^$9!#(B @@ -320,7 +325,7 @@

timefmt $B=q<0$K$D$$$F$N$h$j>\:Y$K$D$$$F$O!"$*9%$_$N8!:w%5%$%H$K9T$-!"(B - ctime $B$G8!:w$7$F$_$F$/$@$5$$!#J8K!$OF1$8$G$9!#(B

+ strftime $B$G8!:w$7$F$_$F$/$@$5$$!#J8K!$OF1$8$G$9!#(B

+
  • Why am I getting "module + module-name is not compatible with this version of + Apache" messages in my error log?
    • + @@ -418,6 +422,11 @@
  • Why do my Options directives not have the desired effect?
    • +
  • How can I change the information + that Apache returns about itself in the headers?
    • + +
  • Why do I see requests for other sites + appearing in my log files?
    • @@ -1891,10 +1900,10 @@ can safely ignore these error messages as they do not affect Apache. ApacheWeek has an article - with more information.

    + with more information.

    - Why am I getting server restart +
  • Why am I getting server restart messages periodically, when I did not restart the server?

    Problem: You are noticing restart messages in your error log, @@ -1909,7 +1918,26 @@

    Check your cron jobs to see when/if your server logs are being rotated. Compare the time of rotation to the error menage time. If they are the same, you can somewhat safely assume that the - restart is due to your server logs being rotated.

    + restart is due to your server logs being rotated.

    +
    • + +
  • Why am I getting + "module module-name is not compatible with this version + of Apache" messages in my error log? + +

    Module Magic Number (MMN) is a constant defined in Apache + source that is associated with binary compatibility of + modules. It is changed when internal Apache structures, + function calls and other significant parts of API change in + such a way that binary compatiblity cannot be guaranteed any + more. On MMN change, all third party modules have to be at + least recompiled, sometimes even slightly changed in order + to work with the new version of Apache.

    + +

    If you're getting the above error messages, contact the + vendor of the module for the new binary, or compile it if + you have access to the source code.

    +
    • @@ -2520,9 +2548,25 @@

    To turn on automatic directory indexing, find the Options directive that applies to the directory and add the Indexes - keyword. To turn off automatic directory indexing, remove + keyword. For example:

    + +
    + <Directory /path/to/directory>
    +    Options +Indexes
    + </Directory> +
    + +

    To turn off automatic directory indexing, remove the Indexes keyword from the appropriate - Options line.

    + Options line. To turn off directory listing + for a particular subdirectory, you can use + Options -Indexes. For example:

    + +
    + <Directory /path/to/directory>
    +    Options -Indexes
    + </Directory> +
    @@ -2560,6 +2604,132 @@ <Directory> section.

    + + +
  • How can I change + the information that Apache returns about itself in the + headers? + +

    When a client connects to Apache, part of the information returned in + the headers is the name "Apache" Additional information that can be sent + is the version number, such as "1.3.26", the operating system, and a + list of non-standard modules you have installed.

    + +

    For example:

    + +
    +Server: Apache/1.3.26 (Unix) mod_perl/1.26 +
    + +

    Frequently, people want to remove this information, under the mistaken + understanding that this will make the system more secure. This is + probably not the case, as the same exploits will likely be attempted + regardless of the header information you provide.

    + +

    There are, however, two answers to this question: the correct answer, + and the answer that you are probably looking for.

    + +

    The correct answer to this question is that you should use the + ServerTokens directive to alter the quantity of information which is + passed in the headers. Setting this directive to Prod will + pass the least possible amount of information:

    + +
    +Server: Apache +
    + +

    The answer you are probably looking for is how to make Apache lie + about what what it is, ie send something like:

    + +
    +Server: Bob's Happy HTTPd Server +
    + +

    In order to do this, you will need to modify the Apache source code and + rebuild Apache. This is not advised, as it is almost certain not to + provide you with the added security you think that you are gaining. The + exact method of doing this is left as an exercise for the reader, as we + are not keen on helping you do something that is intrinsically a bad + idea.

    + +
    • + +
  • Why do I see requests + for other sites appearing in my log files? + +

    A an access_log entry showing this situation could look + like this:

    + +
    63.251.56.142 - - + [25/Jul/2002:12:48:04 -0700] "GET http://www.yahoo.com/ + HTTP/1.0" 200 1456
    + +

    The question is: why did a request for + www.yahoo.com come to your server instead of + Yahoo's server? And why does the response have a status + code of 200 (success)?

    + +

    This is usually the result of malicious clients trying to + exploit open proxy servers to access a website without + revealing their true location. If you find entries like this + in your log, the first thing to do is to make sure you have + properly configured your server not to proxy for unknown + clients. If you don't need to provide a proxy server at all, + you should simply assure that the ProxyRequests + directive is not set on. + If you do need to run a proxy server, then you must ensure + that you secure your + server properly so that only authorized clients can use + it.

    + +

    If your server is configured properly, then the attempt to + proxy through your server will fail. If you see a status + code of 404 (file not found) in the log, then + you know that the request failed. If you see a status code + of 200 (success), that does not necessarily mean + that the attempt to proxy succeeded. RFC2616 section 5.1.2 + mandates that Apache must accept requests with absolute URLs + in the request-URI, even for non-proxy requests. Since + Apache has no way to know all the different names that your + server may be known under, it cannot simply reject hostnames + it does not recognize. Instead, it will serve requests for + unknown sites locally by stripping off the hostname and using + the default server or virtual host. Therefore you can + compare the size of the file (1456 in the above example) to + the size of the corresponding file in your default server. + If they are the same, then the proxy attempt failed, since a + document from your server was delivered, not a document from + www.yahoo.com.

    + +

    If you wish to prevent this type of request entirely, then + you need to let Apache know what hostnames to accept and what + hostnames to reject. You do this by configuring name-virtual + hosts, where the first listed host is the default host that + will catch and reject unknown hostnames. For example:

    + +
    +
    +NameVirtualHost *
+
+<VirtualHost *>
+  ServerName default.only
+  <Location />
+    Order allow,deny
+    Deny from all
+  </Location>
+</VirtualHost>
+
+<VirtualHost *>
+  ServerName realhost1.example.com
+  ServerAlias alias1.example.com alias2.example.com
+  DocumentRoot /path/to/site1
+</VirtualHost>
+
+...
+
    +
    +
    • diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html Thu Feb 13 12:15:04 2003 +++ usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html Sun Feb 16 16:05:18 2003 @@ -6,7 +6,6 @@ Connections in FIN_WAIT_2 and Apache - @@ -254,10 +253,7 @@ patch available for adding a timeout to the FIN_WAIT_2 state; it was originally intended for BSD/OS, but should be adaptable to most systems using BSD networking code. You - need kernel source code to be able to use it. If you do - adapt it to work for any other systems, please drop me a - note at marc@apache.org.

    + need kernel source code to be able to use it.

    Compile without using lingering_close()

    @@ -332,16 +328,9 @@ Off".

    -
  • - Feedback If you have any information to add to this page, - please contact me at marc@apache.org. - -

    -
  • - Appendix +

    Appendix

    Below is a message from Roy Fielding, one of the authors of HTTP/1.1.

    diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/misc/perf.html usr.sbin/httpd/htdocs/manual/misc/perf.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/misc/perf.html Thu Feb 13 12:15:04 2003 +++ usr.sbin/httpd/htdocs/manual/misc/perf.html Sun Feb 16 16:05:18 2003 @@ -37,6 +37,8 @@
  • HPUX
    • +
  • IRIX
    • +
  • Linux
  • Solaris
    • @@ -75,6 +77,14 @@
    +

    IRIX

    + +

    An SGI document covering tuning of IRIX 6.2 through 6.5 is + available from Stanford.

    + +
    +

    Linux

    There are no known problems with heavily loaded systems running Linux kernels 2.0.32 or later. Earlier kernels have some @@ -82,6 +92,7 @@ eliminate various security and denial of service attacks.
    +

    Solaris 2.4

    The Solaris 2.4 TCP implementation has a few inherent limitations that only became apparent under heavy loads. This @@ -165,8 +176,10 @@

    More welcome!

    - If you have tips to contribute, send mail to apache@apache.org + If you have tips to contribute, please submit them to + the Apache Bug + Database. +

    Apache HTTP Server Version 1.3

    diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html Thu Feb 13 12:15:04 2003 +++ usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html Sun Feb 16 16:05:18 2003 @@ -1686,7 +1686,7 @@
    How can we transform a static page foo.html into a dynamic variant - foo.cgi in a seemless way, i.e. without notice + foo.cgi in a seamless way, i.e. without notice by the browser/user.
    Solution:
    diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/misc/security_tips.html usr.sbin/httpd/htdocs/manual/misc/security_tips.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/misc/security_tips.html Thu Feb 13 12:15:04 2003 +++ usr.sbin/httpd/htdocs/manual/misc/security_tips.html Sun Feb 16 16:05:18 2003 @@ -54,7 +54,7 @@ directive to serve hits. As is the case with any command that root executes, you must take care that it is protected from modification by non-root users. Not only must the files - themselves be writeable only by root, but so must the + themselves be writable only by root, but so must the directories, and parents of all directories. For example, if you choose to place ServerRoot in /usr/local/apache then it is suggested that you @@ -91,11 +91,11 @@ either executes or writes on then you open your system to root compromises. For example, someone could replace the httpd binary so that the next time you start it, it will execute some - arbitrary code. If the logs directory is writeable (by a + arbitrary code. If the logs directory is writable (by a non-root user), someone could replace a log file with a symlink to some other system file, and then root might overwrite that file with arbitrary data. If the log files themselves are - writeable (by a non-root user), then someone may be able to + writable (by a non-root user), then someone may be able to overwrite the log itself with bogus data.

    diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/misc/tutorials.html usr.sbin/httpd/htdocs/manual/misc/tutorials.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/misc/tutorials.html Thu Feb 13 12:15:04 2003 +++ usr.sbin/httpd/htdocs/manual/misc/tutorials.html Sun Feb 16 16:05:18 2003 @@ -32,14 +32,6 @@

    Installation & Getting Started

    Basic Configuration

    @@ -65,20 +62,17 @@ Apache DevCenter)
  • - Using .htaccess Files with Apache (ApacheToday)
    • - -
  • - Setting Up Virtual Hosts (ApacheToday)
    • - -
  • Maximum Apache: Configure Apache (CNET Builder.com)
  • Getting More Out of Apache (Developer Shed)
    • + +
  • Using + .htaccess Files with Apache (Ken Coar)
    • +

    Security

    @@ -104,19 +98,10 @@ href="http://linux.com/security/newsitem.phtml?sid=12&aid=3667"> Securing Apache - Access Control (Linux.com) -
  • Apache Authentication - Part 1 - - Part 2 - - Part 3 - - Part 4 (ApacheToday)
    • -
  • - mod_access: Restricting Access by Host (ApacheToday)
    • + href="http://apache-server.com/tutorials/LPsuexec.html">Using + Apache with suexec on Linux (Ken Coar) +

    Logging

    @@ -131,25 +116,11 @@ Visitor Information: Customising Your Logfiles (Apacheweek) -
  • Apache Guide: Logging - Part 1 - - Part 2 - - Part 3 - - Part 4 - - Part 5 (ApacheToday)

    • CGI and SSI

    Other Features

    @@ -190,13 +155,12 @@ Apache Imagemaps (Apacheweek)
  • - Keeping Your Images from Adorning Other Sites - (ApacheToday)
    • - -
  • Language Negotiation Notes (Alan J. Flavell)
    • + +
  • Preventing + Image 'Theft' (Ken Coar)

    • If you have a pointer to an accurate and well-written diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/core.html.en usr.sbin/httpd/htdocs/manual/mod/core.html.en --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/core.html.en Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/core.html.en Sun Feb 16 16:05:19 2003 @@ -140,6 +140,8 @@

  • Port
    • +
  • ProtocolReqCheck
    • +
  • Require
  • ResourceConfig
    • @@ -175,6 +177,8 @@
  • ServerType
    • +
  • ShmemUIDisUser
    • +
  • StartServers
  • ThreadsPerChild
    • @@ -267,7 +271,7 @@ Syntax: AccessConfig - file-path|directory-path
    + file-path|directory-path|wildcard-path
    Default: AccessConfig conf/access.conf
    @@ -306,9 +310,16 @@

    If AccessConfig points to a directory, rather than a file, Apache will read all files in that directory, and any - subdirectory, and parse those as configuration files. Note that - any file in the specified directory will be loaded as a - configuration file, so make sure that you don't have stray files in + subdirectory, and parse those as configuration files. +

    +

    Alternatively you can use a wildcard to limit the scope; i.e + to only *.conf files. +

    +

    Note that by default any file in the specified + directory will be loaded as a configuration file. +

    +

    + So make sure that you don't have stray files in this directory by mistake, such as temporary files created by your editor, for example.

    @@ -390,6 +401,13 @@ AddDefaultCharset utf-8 +

    Note: This will not have any effect on the + Content-Type and character set for default Apache-generated + status pages (such as '404 Not Found' or '301 Moved Permanently') + because those have an actual character set (that in which the + hard-coded page content is written) and don't need to have a default + applied.

    +

    AddModule @@ -553,7 +571,7 @@
    AuthName "Top Secret"
    -

    The string provided for the AuthRealm is what will +

    The string provided for the AuthName is what will appear in the password dialog provided by most browsers.

    See also: FileETag -INode', the setting for that subdirectory (which will be inherited by any sub-subdirectories that don't override it) will be equivalent to - 'FileETag MTime Size'. + 'FileETag MTime Size'.

    @@ -1592,8 +1610,7 @@

    This directive enables RFC1413-compliant logging of the remote user name for each connection, where the client machine runs identd or something similar. This information is logged in - the access log. Boolean is either on or - off.

    + the access log.

    The information should not be trusted in any way except for rudimentary usage tracking.

    @@ -1710,7 +1727,7 @@

    Include directive

    Syntax: Include - file-path|directory-path
    + file-path|directory-path|wildcard-path
    Context: server config
    Include points to a directory, rather than a file, Apache will read all files in that directory, and any subdirectory, and parse those as configuration files.

    - +

    By using a wildcard this can be further limited to, say, + just the '*.conf' files. +

    Examples:

    -
    Include /usr/local/apache/conf/ssl.conf
    Include /usr/local/apache/conf/vhosts/ @@ -2158,7 +2176,7 @@ See Also:     Setting which addresses and ports Apache uses
    See Also: Known + href="http://httpd.apache.org/info/known_bugs.html#listenbug">Known Bugs

    @@ -2906,6 +2924,34 @@ major security attack.

    +

    ProtocolReqCheck + directive

    + + Syntax: ProtocolReqCheck + on|off
    + Default: ProtocolReqCheck + on
    + Context: server config +
    + Status: core
    + Compatibility: + ProtocolReqCheck is only available in Apache 1.3.27 and later. + +

    This directive enables strict checking of the Protocol field + in the Request line. Versions of Apache prior to 1.3.26 would + silently accept bogus Protocols (such as HTTP-1.1) + and assume HTTP/1.0. Instead, now the Protocol field + must be valid. If the pre-1.3.26 behavior is desired or required, + it can be enabled via setting ProtocolReqCheck off. +

    + +
    +

    Require directive

    Syntax: ResourceConfig - file-path|directory-path
    + file-path|directory-path|wildcard-path
    Default: ResourceConfig conf/srm.conf
    @@ -3013,11 +3059,19 @@

    If ResourceConfig points to a directory, rather than a file, Apache will read all files in that directory, and any - subdirectory, and parse those as configuration files. Note that - any file in the specified directory will be loaded as a - configuration file, so make sure that you don't have any stray files - in this directory by mistake, such as temporary files created by - your editor, for example.

    + subdirectory, and parse those as configuration files. +

    +

    Alternatively you can use a wildcard to limit the scope; i.e + to only *.conf files. +

    +

    Note that by default any file in the specified + directory will be loaded as a configuration file. +

    +

    + So make sure that you don't have stray files in + this directory by mistake, such as temporary files created by your + editor, for example.

    +

    See also AccessConfig.

    @@ -3546,6 +3600,39 @@ only option.

    +

    ShmemUIDisUser + directive

    + + Syntax: ShmemUIDisUser + on|off
    + Default: ShmemUIDisUser + off
    + Context: server config
    + Status: core
    + Compatibility: + ShmemUIDisUser directive is only available in Apache 1.3.27 and later. + +

    The ShmemUIDisUser directive controls whether Apache will change + the uid and gid ownership of System V shared memory + based scoreboards to the server settings of User and + Group. Releases of Apache up to 1.3.26 would do + this by default. Since the child processes are already attached to the + shared memory segment, this is not required for normal usage of Apache and + so to prevent possible abuse, Apache will no longer do that. The old + behavior may be required for special cases, however, which can be implemented + by setting this directive to on.

    + +

    This directive has no effect on non-System V based scoreboards, such as + mmap. +

    + +
    +

    StartServers directive

    @@ -3682,20 +3769,27 @@ to the same server. With UseCanonicalName on (and in all versions prior to 1.3) Apache will use the ServerName and Port - directives to construct a canonical name for the server. This + directives to construct the canonical name for the server. This name is used in all self-referential URLs, and for the values of SERVER_NAME and SERVER_PORT in CGIs.

    +

    For example, if ServerName is set to + www.example.com and Port is set to + 9090, then the canonical name of the server is + www.example.com:9090. In the event that + Port has its default value of 80, the + :80 is ommitted from the canonical name. +

    With UseCanonicalName off Apache will form self-referential URLs using the hostname and port supplied by the client if any are supplied (otherwise it will use the - canonical name). These values are the same that are used to - implement name based - virtual hosts, and are available with the same clients. The - CGI variables SERVER_NAME and - SERVER_PORT will be constructed from the client - supplied values as well.

    + canonical name, as defined above). These values are the same + that are used to implement name based virtual hosts, + and are available with the same clients. The CGI variables + SERVER_NAME and SERVER_PORT will be + constructed from the client supplied values as well.

    An example where this may be useful is on an intranet server where you have users connecting to the machine using short @@ -3705,10 +3799,12 @@ slash then Apache will redirect them to http://www.domain.com/splat/. If you have authentication enabled, this will cause the user to have to - reauthenticate twice (once for www and once again - for www.domain.com). But if - UseCanonicalName is set off, then Apache will - redirect to http://www/splat/.

    + authenticate twice (once for www and once again + for www.domain.com -- see the FAQ on this subject for + more information). But if UseCanonicalName + is set off, then Apache will redirect to + http://www/splat/.

    There is a third option, UseCanonicalName DNS, which is intended for use with mass IP-based virtual hosting to diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/core.html.fr usr.sbin/httpd/htdocs/manual/mod/core.html.fr --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/core.html.fr Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/core.html.fr Sun Feb 16 16:05:19 2003 @@ -2114,7 +2114,7 @@ Voir aussi: Configurer les ports et adresses utilisée par Apache
    Voir aussi : Bogues + href="http://httpd.apache.org/info/known_bugs.html#listenbug">Bogues connus

    diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/core.html.html usr.sbin/httpd/htdocs/manual/mod/core.html.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/core.html.html Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/core.html.html Sun Feb 16 16:05:18 2003 @@ -142,6 +142,8 @@
  • Port
    • +
  • ProtocolReqCheck
    • +
  • Require
  • ResourceConfig
    • @@ -177,6 +179,8 @@
  • ServerType
    • +
  • ShmemUIDisUser
    • +
  • StartServers
  • ThreadsPerChild
    • @@ -269,7 +273,7 @@ Syntax: AccessConfig - file-path|directory-path
    + file-path|directory-path|wildcard-path
    Default: AccessConfig conf/access.conf
    @@ -308,9 +312,16 @@

    If AccessConfig points to a directory, rather than a file, Apache will read all files in that directory, and any - subdirectory, and parse those as configuration files. Note that - any file in the specified directory will be loaded as a - configuration file, so make sure that you don't have stray files in + subdirectory, and parse those as configuration files. +

    +

    Alternatively you can use a wildcard to limit the scope; i.e + to only *.conf files. +

    +

    Note that by default any file in the specified + directory will be loaded as a configuration file. +

    +

    + So make sure that you don't have stray files in this directory by mistake, such as temporary files created by your editor, for example.

    @@ -392,6 +403,13 @@ AddDefaultCharset utf-8
    +

    Note: This will not have any effect on the + Content-Type and character set for default Apache-generated + status pages (such as '404 Not Found' or '301 Moved Permanently') + because those have an actual character set (that in which the + hard-coded page content is written) and don't need to have a default + applied.

    +

    AddModule @@ -555,7 +573,7 @@
    AuthName "Top Secret"
    -

    The string provided for the AuthRealm is what will +

    The string provided for the AuthName is what will appear in the password dialog provided by most browsers.

    See also: FileETag -INode', the setting for that subdirectory (which will be inherited by any sub-subdirectories that don't override it) will be equivalent to - 'FileETag MTime Size'. + 'FileETag MTime Size'.

    @@ -1594,8 +1612,7 @@

    This directive enables RFC1413-compliant logging of the remote user name for each connection, where the client machine runs identd or something similar. This information is logged in - the access log. Boolean is either on or - off.

    + the access log.

    The information should not be trusted in any way except for rudimentary usage tracking.

    @@ -1712,7 +1729,7 @@

    Include directive

    Syntax: Include - file-path|directory-path
    + file-path|directory-path|wildcard-path
    Context: server config
    Include points to a directory, rather than a file, Apache will read all files in that directory, and any subdirectory, and parse those as configuration files.

    - +

    By using a wildcard this can be further limited to, say, + just the '*.conf' files. +

    Examples:

    -
    Include /usr/local/apache/conf/ssl.conf
    Include /usr/local/apache/conf/vhosts/ @@ -2160,7 +2178,7 @@ See Also:     Setting which addresses and ports Apache uses
    See Also: Known + href="http://httpd.apache.org/info/known_bugs.html#listenbug">Known Bugs

    @@ -2908,6 +2926,34 @@ major security attack.

    +

    ProtocolReqCheck + directive

    + + Syntax: ProtocolReqCheck + on|off
    + Default: ProtocolReqCheck + on
    + Context: server config +
    + Status: core
    + Compatibility: + ProtocolReqCheck is only available in Apache 1.3.27 and later. + +

    This directive enables strict checking of the Protocol field + in the Request line. Versions of Apache prior to 1.3.26 would + silently accept bogus Protocols (such as HTTP-1.1) + and assume HTTP/1.0. Instead, now the Protocol field + must be valid. If the pre-1.3.26 behavior is desired or required, + it can be enabled via setting ProtocolReqCheck off. +

    + +
    +

    Require directive

    Syntax: ResourceConfig - file-path|directory-path
    + file-path|directory-path|wildcard-path
    Default: ResourceConfig conf/srm.conf
    @@ -3015,11 +3061,19 @@

    If ResourceConfig points to a directory, rather than a file, Apache will read all files in that directory, and any - subdirectory, and parse those as configuration files. Note that - any file in the specified directory will be loaded as a - configuration file, so make sure that you don't have any stray files - in this directory by mistake, such as temporary files created by - your editor, for example.

    + subdirectory, and parse those as configuration files. +

    +

    Alternatively you can use a wildcard to limit the scope; i.e + to only *.conf files. +

    +

    Note that by default any file in the specified + directory will be loaded as a configuration file. +

    +

    + So make sure that you don't have stray files in + this directory by mistake, such as temporary files created by your + editor, for example.

    +

    See also AccessConfig.

    @@ -3548,6 +3602,39 @@ only option.

    +

    ShmemUIDisUser + directive

    + + Syntax: ShmemUIDisUser + on|off
    + Default: ShmemUIDisUser + off
    + Context: server config
    + Status: core
    + Compatibility: + ShmemUIDisUser directive is only available in Apache 1.3.27 and later. + +

    The ShmemUIDisUser directive controls whether Apache will change + the uid and gid ownership of System V shared memory + based scoreboards to the server settings of User and + Group. Releases of Apache up to 1.3.26 would do + this by default. Since the child processes are already attached to the + shared memory segment, this is not required for normal usage of Apache and + so to prevent possible abuse, Apache will no longer do that. The old + behavior may be required for special cases, however, which can be implemented + by setting this directive to on.

    + +

    This directive has no effect on non-System V based scoreboards, such as + mmap. +

    + +
    +

    StartServers directive

    @@ -3684,20 +3771,27 @@ to the same server. With UseCanonicalName on (and in all versions prior to 1.3) Apache will use the ServerName and Port - directives to construct a canonical name for the server. This + directives to construct the canonical name for the server. This name is used in all self-referential URLs, and for the values of SERVER_NAME and SERVER_PORT in CGIs.

    +

    For example, if ServerName is set to + www.example.com and Port is set to + 9090, then the canonical name of the server is + www.example.com:9090. In the event that + Port has its default value of 80, the + :80 is ommitted from the canonical name. +

    With UseCanonicalName off Apache will form self-referential URLs using the hostname and port supplied by the client if any are supplied (otherwise it will use the - canonical name). These values are the same that are used to - implement name based - virtual hosts, and are available with the same clients. The - CGI variables SERVER_NAME and - SERVER_PORT will be constructed from the client - supplied values as well.

    + canonical name, as defined above). These values are the same + that are used to implement name based virtual hosts, + and are available with the same clients. The CGI variables + SERVER_NAME and SERVER_PORT will be + constructed from the client supplied values as well.

    An example where this may be useful is on an intranet server where you have users connecting to the machine using short @@ -3707,10 +3801,12 @@ slash then Apache will redirect them to http://www.domain.com/splat/. If you have authentication enabled, this will cause the user to have to - reauthenticate twice (once for www and once again - for www.domain.com). But if - UseCanonicalName is set off, then Apache will - redirect to http://www/splat/.

    + authenticate twice (once for www and once again + for www.domain.com -- see the FAQ on this subject for + more information). But if UseCanonicalName + is set off, then Apache will redirect to + http://www/splat/.

    There is a third option, UseCanonicalName DNS, which is intended for use with mass IP-based virtual hosting to diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/directives.html.en usr.sbin/httpd/htdocs/manual/mod/directives.html.en --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/directives.html.en Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/directives.html.en Sun Feb 16 16:05:19 2003 @@ -220,6 +220,8 @@

  • DefaultType
    • +
  • Define +
  • Deny
  • <Directory>
    • @@ -400,6 +402,8 @@
  • Port
    • +
  • ProtocolReqCheck
    • +
  • ProxyBlock
  • ProxyDomain
    • @@ -534,6 +538,30 @@ href="mod_setenvif.html#SetEnvIfNoCase">SetEnvIfNoCase
  • SetHandler
    • + +
  • ShmemUIDisUser
    • + +
  • SSLPassPhraseDialog +
  • SSLMutex +
  • SSLRandomSeed +
  • SSLSessionCache +
  • SSLSessionCacheTimeout +
  • SSLEngine +
  • SSLProtocol +
  • SSLCipherSuite +
  • SSLCertificateFile +
  • SSLCertificateKeyFile +
  • SSLCACertificatePath +
  • SSLCACertificateFile +
  • SSLCARevocationPath +
  • SSLCARevocationFile +
  • SSLVerifyClient +
  • SSLVerifyDepth +
  • SSLLog +
  • SSLLogLevel +
  • SSLOptions +
  • SSLRequireSSL +
  • SSLRequire
  • StartServers
    • diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/directives.html.html usr.sbin/httpd/htdocs/manual/mod/directives.html.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/directives.html.html Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/directives.html.html Sun Feb 16 16:05:19 2003 @@ -402,6 +402,8 @@
  • Port
    • +
  • ProtocolReqCheck
    • +
  • ProxyBlock
  • ProxyDomain
    • @@ -536,6 +538,8 @@ href="mod_setenvif.html#SetEnvIfNoCase">SetEnvIfNoCase
  • SetHandler
    • + +
  • ShmemUIDisUser
  • StartServers
    • diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/directives.html.ja.jis usr.sbin/httpd/htdocs/manual/mod/directives.html.ja.jis --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/directives.html.ja.jis Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/directives.html.ja.jis Sun Feb 16 16:05:19 2003 @@ -7,7 +7,7 @@ Apache $B%G%#%l%/%F%#%V(B - + @@ -397,6 +397,8 @@
  • PidFile
  • Port
    • + +
  • ProtocolReqCheck
  • ProxyBlock
    • diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html.en usr.sbin/httpd/htdocs/manual/mod/index-bytype.html.en --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html.en Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/index-bytype.html.en Sun Feb 16 16:05:19 2003 @@ -254,6 +254,11 @@
    Experimental file caching, mapping files into memory to improve performace
    + +
    mod_ssl Apache 1.3 with mod_ssl + applied
    + +
    Apache SSL interface to OpenSSL

    Development

    diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/index.html.en usr.sbin/httpd/htdocs/manual/mod/index.html.en --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/index.html.en Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/index.html.en Sun Feb 16 16:05:19 2003 @@ -101,6 +101,10 @@
    Support for Netscape-like cookies. Replaced in Apache 1.2 by mod_usertrack
    +
    mod_define
    + +
    Variable Definition for Arbitrary Directives
    +
    mod_digest Apache 1.1 and up
    @@ -214,6 +218,11 @@
    mod_speling Apache 1.3 and up
    + +
    mod_ssl Apache 1.3 with mod_ssl + applied
    + +
    Apache SSL interface to OpenSSL
    Automatically correct minor typos in URLs
    diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_access.html.en usr.sbin/httpd/htdocs/manual/mod/mod_access.html.en --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_access.html.en Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/mod_access.html.en Sun Feb 16 16:05:19 2003 @@ -52,7 +52,7 @@

    Both host-based access restrictions and password-based authentication may be implemented simultaneously. In that case, - the Satisfy directive is used + the Satisfy directive is used to determine how the two sets of restrictions interact.

    In general, access restriction directives apply to all diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_access.html.html usr.sbin/httpd/htdocs/manual/mod/mod_access.html.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_access.html.html Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/mod_access.html.html Sun Feb 16 16:05:19 2003 @@ -54,7 +54,7 @@

    Both host-based access restrictions and password-based authentication may be implemented simultaneously. In that case, - the Satisfy directive is used + the Satisfy directive is used to determine how the two sets of restrictions interact.

    In general, access restriction directives apply to all diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_access.html.ja.jis usr.sbin/httpd/htdocs/manual/mod/mod_access.html.ja.jis --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_access.html.ja.jis Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/mod_access.html.ja.jis Sun Feb 16 16:05:19 2003 @@ -7,7 +7,7 @@ Apache module mod_access - + diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.en usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.en --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.en Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.en Sun Feb 16 16:05:19 2003 @@ -30,7 +30,7 @@ mod_actions.c
    Module Identifier: - actions_module
    + action_module
    Compatibility: Available in Apache 1.1 and later.

    diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.html usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.html Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.html Sun Feb 16 16:05:19 2003 @@ -32,7 +32,7 @@ mod_actions.c
    Module Identifier: - actions_module
    + action_module
    Compatibility: Available in Apache 1.1 and later.

    diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.ja.jis usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.ja.jis --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.ja.jis Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.ja.jis Sun Feb 16 16:05:19 2003 @@ -7,7 +7,7 @@ Module mod_actions - + @@ -30,7 +30,7 @@ mod_actions.c
    $B%b%8%e!<%k<1JL;R(B: - actions_module
    + action_module
    $B8_49@-(B: Apache 1.1 $B0J9_$G$N$_;HMQ2DG=!#(B

    diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html usr.sbin/httpd/htdocs/manual/mod/mod_alias.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/mod_alias.html Sun Feb 16 16:05:19 2003 @@ -1,395 +0,0 @@ - - - - - - - Apache module mod_alias - - - - -
    - [APACHE DOCUMENTATION] - -

    Apache HTTP Server Version 1.3

    -
    - - -

    Module mod_alias

    - -

    This module provides for mapping different parts of the host - filesystem in the document tree, and for URL redirection.

    - -

    Status: Base
    - Source File: mod_alias.c
    - Module Identifier: - alias_module

    - -

    Summary

    - -

    The directives contained in this module allow for - manipulation and control of URLs as requests arrive at the - server. The Alias and ScriptAlias - directives are used to map between URLs and filesystem paths. - This allows for content which is not directly under the DocumentRoot to - be served as part of the web document tree. The - ScriptAlias directive has the additional effect of - marking the target directory as containing only CGI - scripts.

    - -

    The Redirect directives are used to instruct - clients to make a new request with a different URL. They are - often used when a resource has moved to a new location.

    - -

    A more powerful and flexible set of directives for - manipulating URLs is contained in the mod_rewrite - module.

    - -

    Directives

    - - -
    - -

    Alias directive

    - -

    - Syntax: Alias URL-path - file-path|directory-path
    - Context: server config, virtual - host
    - Status: Base
    - Module: mod_alias

    - -

    The Alias directive allows documents to be stored in the - local filesystem other than under the DocumentRoot. URLs with a - (%-decoded) path beginning with url-path will be - mapped to local files beginning with - directory-filename.

    - -

    Example:

    - -
    - Alias /image /ftp/pub/image -
    - -

    A request for http://myserver/image/foo.gif would cause the - server to return the file /ftp/pub/image/foo.gif.

    - -

    Note that if you include a trailing / on the - url-path then the server will require a trailing / in - order to expand the alias. That is, if you use Alias - /icons/ /usr/local/apache/icons/ then the url - /icons will not be aliased.

    - -

    Note that you may need to specify additional <Directory> - sections which cover the destination of aliases. - Aliasing occurs before <Directory> sections - are checked, so only the destination of aliases are affected. - (Note however <Location> - sections are run through once before aliases are performed, so - they will apply.)

    - -

    See also ScriptAlias.

    -
    - -

    AliasMatch

    - -

    Syntax: AliasMatch regex - file-path|directory-path
    - Context: server config, virtual - host
    - Status: Base
    - Module: mod_alias
    - Compatibility: Available in - Apache 1.3 and later

    - -

    This directive is equivalent to Alias, - but makes use of standard regular expressions, instead of - simple prefix matching. The supplied regular expression is - matched against the URL-path, and if it matches, the server - will substitute any parenthesized matches into the given string - and use it as a filename. For example, to activate the - /icons directory, one might use:

    -
    -    AliasMatch ^/icons(.*) /usr/local/apache/icons$1
-
    -
    - -

    Redirect - directive

    - -

    - Syntax: Redirect - [status] URL-path URL
    - Context: server config, virtual - host, directory, .htaccess
    - Override: FileInfo
    - Status: Base
    - Module: mod_alias
    - Compatibility: The directory - and .htaccess context's are only available in versions 1.1 and - later. The status argument is only available in Apache - 1.2 or later.

    - -

    The Redirect directive maps an old URL into a new one. The - new URL is returned to the client which attempts to fetch it - again with the new address. URL-path a (%-decoded) - path; any requests for documents beginning with this path will - be returned a redirect error to a new (%-encoded) URL beginning - with URL.

    - -

    Example:

    - -
    - Redirect /service http://foo2.bar.com/service -
    - -

    If the client requests http://myserver/service/foo.txt, it - will be told to access http://foo2.bar.com/service/foo.txt - instead.

    - -

    Note: Redirect directives take precedence - over Alias and ScriptAlias directives, irrespective of their - ordering in the configuration file. Also, URL-path - must be an absolute path, not a relative path, even when used - with .htaccess files or inside of <Directory> - sections.

    - -

    If no status argument is given, the redirect will - be "temporary" (HTTP status 302). This indicates to the client - that the resource has moved temporarily. The status - argument can be used to return other HTTP status codes:

    - -
    -
    permanent
    - -
    Returns a permanent redirect status (301) indicating that - the resource has moved permanently.
    - -
    temp
    - -
    Returns a temporary redirect status (302). This is the - default.
    - -
    seeother
    - -
    Returns a "See Other" status (303) indicating that the - resource has been replaced.
    - -
    gone
    - -
    Returns a "Gone" status (410) indicating that the - resource has been permanently removed. When this status is - used the url argument should be omitted.
    -
    - -

    Other status codes can be returned by giving the numeric - status code as the value of status. If the status is - between 300 and 399, the url argument must be present, - otherwise it must be omitted. Note that the status must be - known to the Apache code (see the function - send_error_response in http_protocol.c).

    - -

    Example:

    - - 
    -    Redirect permanent /one http://example.com/two
    
-    Redirect 303 /two http://example.com/other
-
    -
    - -

    RedirectMatch

    - -

    Syntax: RedirectMatch - [status] regex URL
    - Context: server config, virtual - host, directory, .htaccess
    - Override: FileInfo
    - Status: Base
    - Module: mod_alias
    - Compatibility: Available in - Apache 1.3 and later

    - -

    This directive is equivalent to Redirect, but makes use of standard - regular expressions, instead of simple prefix matching. The - supplied regular expression is matched against the URL-path, - and if it matches, the server will substitute any parenthesized - matches into the given string and use it as a filename. For - example, to redirect all GIF files to like-named JPEG files on - another server, one might use:

    -
    -    RedirectMatch (.*)\.gif$ http://www.anotherserver.com$1.jpg
-
    -
    - -

    RedirectTemp - directive

    - -

    - Syntax: RedirectTemp - URL-path URL
    - Context: server config, virtual - host, directory, .htaccess
    - Override: FileInfo
    - Status: Base
    - Module: mod_alias
    - Compatibility: This directive - is only available in Apache 1.2 and later

    - -

    This directive makes the client know that the Redirect is - only temporary (status 302). Exactly equivalent to - Redirect temp.

    -
    - -

    RedirectPermanent - directive

    - -

    - Syntax: RedirectPermanent - URL-path URL
    - Context: server config, virtual - host, directory, .htaccess
    - Override: FileInfo
    - Status: Base
    - Module: mod_alias
    - Compatibility: This directive - is only available in Apache 1.2 and later

    - -

    This directive makes the client know that the Redirect is - permanent (status 301). Exactly equivalent to Redirect - permanent.

    -
    - -

    ScriptAlias - directive

    - -

    - Syntax: ScriptAlias - URL-path file-path|directory-path
    - Context: server config, virtual - host
    - Status: Base
    - Module: mod_alias

    - -

    The ScriptAlias directive has the same behavior as the Alias directive, except that in addition it - marks the target directory as containing CGI scripts that will be - processed by mod_cgi's cgi-script - handler. URLs with a (%-decoded) path beginning with - URL-path will be mapped to scripts beginning with the - second argument which is a full pathname in the local - filesystem.

    - -

    Example:

    - -
    - ScriptAlias /cgi-bin/ /web/cgi-bin/ -
    - -

    A request for http://myserver/cgi-bin/foo would cause the - server to run the script /web/cgi-bin/foo.

    -
    - -

    ScriptAliasMatch

    - -

    Syntax: ScriptAliasMatch - regex file-path|directory-path
    - Context: server config, virtual - host
    - Status: Base
    - Module: mod_alias
    - Compatibility: Available in - Apache 1.3 and later

    - -

    This directive is equivalent to ScriptAlias, but makes use of standard - regular expressions, instead of simple prefix matching. The - supplied regular expression is matched against the URL-path, - and if it matches, the server will substitute any parenthesized - matches into the given string and use it as a filename. For - example, to activate the standard /cgi-bin, one - might use:

    -
    -    ScriptAliasMatch ^/cgi-bin(.*) /usr/local/apache/cgi-bin$1
-
    -
    - -

    Apache HTTP Server Version 1.3

    - Index - Home - - - - diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html.en usr.sbin/httpd/htdocs/manual/mod/mod_alias.html.en --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html.en Wed Dec 31 19:00:00 1969 +++ usr.sbin/httpd/htdocs/manual/mod/mod_alias.html.en Sun Feb 16 16:05:19 2003 @@ -0,0 +1,395 @@ + + + + + + + Apache module mod_alias + + + + +
    + [APACHE DOCUMENTATION] + +

    Apache HTTP Server Version 1.3

    +
    + + +

    Module mod_alias

    + +

    This module provides for mapping different parts of the host + filesystem in the document tree, and for URL redirection.

    + +

    Status: Base
    + Source File: mod_alias.c
    + Module Identifier: + alias_module

    + +

    Summary

    + +

    The directives contained in this module allow for + manipulation and control of URLs as requests arrive at the + server. The Alias and ScriptAlias + directives are used to map between URLs and filesystem paths. + This allows for content which is not directly under the DocumentRoot to + be served as part of the web document tree. The + ScriptAlias directive has the additional effect of + marking the target directory as containing only CGI + scripts.

    + +

    The Redirect directives are used to instruct + clients to make a new request with a different URL. They are + often used when a resource has moved to a new location.

    + +

    A more powerful and flexible set of directives for + manipulating URLs is contained in the mod_rewrite + module.

    + +

    Directives

    + + +
    + +

    Alias directive

    + +

    + Syntax: Alias URL-path + file-path|directory-path
    + Context: server config, virtual + host
    + Status: Base
    + Module: mod_alias

    + +

    The Alias directive allows documents to be stored in the + local filesystem other than under the DocumentRoot. URLs with a + (%-decoded) path beginning with url-path will be + mapped to local files beginning with + directory-filename.

    + +

    Example:

    + +
    + Alias /image /ftp/pub/image +
    + +

    A request for http://myserver/image/foo.gif would cause the + server to return the file /ftp/pub/image/foo.gif.

    + +

    Note that if you include a trailing / on the + url-path then the server will require a trailing / in + order to expand the alias. That is, if you use Alias + /icons/ /usr/local/apache/icons/ then the url + /icons will not be aliased.

    + +

    Note that you may need to specify additional <Directory> + sections which cover the destination of aliases. + Aliasing occurs before <Directory> sections + are checked, so only the destination of aliases are affected. + (Note however <Location> + sections are run through once before aliases are performed, so + they will apply.)

    + +

    See also ScriptAlias.

    +
    + +

    AliasMatch

    + +

    Syntax: AliasMatch regex + file-path|directory-path
    + Context: server config, virtual + host
    + Status: Base
    + Module: mod_alias
    + Compatibility: Available in + Apache 1.3 and later

    + +

    This directive is equivalent to Alias, + but makes use of standard regular expressions, instead of + simple prefix matching. The supplied regular expression is + matched against the URL-path, and if it matches, the server + will substitute any parenthesized matches into the given string + and use it as a filename. For example, to activate the + /icons directory, one might use:

    +
    +    AliasMatch ^/icons(.*) /usr/local/apache/icons$1
+
    +
    + +

    Redirect + directive

    + +

    + Syntax: Redirect + [status] URL-path URL
    + Context: server config, virtual + host, directory, .htaccess
    + Override: FileInfo
    + Status: Base
    + Module: mod_alias
    + Compatibility: The directory + and .htaccess context's are only available in versions 1.1 and + later. The status argument is only available in Apache + 1.2 or later.

    + +

    The Redirect directive maps an old URL into a new one. The + new URL is returned to the client which attempts to fetch it + again with the new address. URL-path a (%-decoded) + path; any requests for documents beginning with this path will + be returned a redirect error to a new (%-encoded) URL beginning + with URL.

    + +

    Example:

    + +
    + Redirect /service http://foo2.bar.com/service +
    + +

    If the client requests http://myserver/service/foo.txt, it + will be told to access http://foo2.bar.com/service/foo.txt + instead.

    + +

    Note: Redirect directives take precedence + over Alias and ScriptAlias directives, irrespective of their + ordering in the configuration file. Also, URL-path + must be an absolute path, not a relative path, even when used + with .htaccess files or inside of <Directory> + sections.

    + +

    If no status argument is given, the redirect will + be "temporary" (HTTP status 302). This indicates to the client + that the resource has moved temporarily. The status + argument can be used to return other HTTP status codes:

    + +
    +
    permanent
    + +
    Returns a permanent redirect status (301) indicating that + the resource has moved permanently.
    + +
    temp
    + +
    Returns a temporary redirect status (302). This is the + default.
    + +
    seeother
    + +
    Returns a "See Other" status (303) indicating that the + resource has been replaced.
    + +
    gone
    + +
    Returns a "Gone" status (410) indicating that the + resource has been permanently removed. When this status is + used the url argument should be omitted.
    +
    + +

    Other status codes can be returned by giving the numeric + status code as the value of status. If the status is + between 300 and 399, the url argument must be present, + otherwise it must be omitted. Note that the status must be + known to the Apache code (see the function + send_error_response in http_protocol.c).

    + +

    Example:

    + + 
    +    Redirect permanent /one http://example.com/two
    
+    Redirect 303 /two http://example.com/other
+
    +
    + +

    RedirectMatch

    + +

    Syntax: RedirectMatch + [status] regex URL
    + Context: server config, virtual + host, directory, .htaccess
    + Override: FileInfo
    + Status: Base
    + Module: mod_alias
    + Compatibility: Available in + Apache 1.3 and later

    + +

    This directive is equivalent to Redirect, but makes use of standard + regular expressions, instead of simple prefix matching. The + supplied regular expression is matched against the URL-path, + and if it matches, the server will substitute any parenthesized + matches into the given string and use it as a filename. For + example, to redirect all GIF files to like-named JPEG files on + another server, one might use:

    +
    +    RedirectMatch (.*)\.gif$ http://www.anotherserver.com$1.jpg
+
    +
    + +

    RedirectTemp + directive

    + +

    + Syntax: RedirectTemp + URL-path URL
    + Context: server config, virtual + host, directory, .htaccess
    + Override: FileInfo
    + Status: Base
    + Module: mod_alias
    + Compatibility: This directive + is only available in Apache 1.2 and later

    + +

    This directive makes the client know that the Redirect is + only temporary (status 302). Exactly equivalent to + Redirect temp.

    +
    + +

    RedirectPermanent + directive

    + +

    + Syntax: RedirectPermanent + URL-path URL
    + Context: server config, virtual + host, directory, .htaccess
    + Override: FileInfo
    + Status: Base
    + Module: mod_alias
    + Compatibility: This directive + is only available in Apache 1.2 and later

    + +

    This directive makes the client know that the Redirect is + permanent (status 301). Exactly equivalent to Redirect + permanent.

    +
    + +

    ScriptAlias + directive

    + +

    + Syntax: ScriptAlias + URL-path file-path|directory-path
    + Context: server config, virtual + host
    + Status: Base
    + Module: mod_alias

    + +

    The ScriptAlias directive has the same behavior as the Alias directive, except that in addition it + marks the target directory as containing CGI scripts that will be + processed by mod_cgi's cgi-script + handler. URLs with a (%-decoded) path beginning with + URL-path will be mapped to scripts beginning with the + second argument which is a full pathname in the local + filesystem.

    + +

    Example:

    + +
    + ScriptAlias /cgi-bin/ /web/cgi-bin/ +
    + +

    A request for http://myserver/cgi-bin/foo would cause the + server to run the script /web/cgi-bin/foo.

    +
    + +

    ScriptAliasMatch

    + +

    Syntax: ScriptAliasMatch + regex file-path|directory-path
    + Context: server config, virtual + host
    + Status: Base
    + Module: mod_alias
    + Compatibility: Available in + Apache 1.3 and later

    + +

    This directive is equivalent to ScriptAlias, but makes use of standard + regular expressions, instead of simple prefix matching. The + supplied regular expression is matched against the URL-path, + and if it matches, the server will substitute any parenthesized + matches into the given string and use it as a filename. For + example, to activate the standard /cgi-bin, one + might use:

    +
    +    ScriptAliasMatch ^/cgi-bin(.*) /usr/local/apache/cgi-bin$1
+
    +
    + +

    Apache HTTP Server Version 1.3

    + Index + Home + + + + diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html.ja.jis usr.sbin/httpd/htdocs/manual/mod/mod_alias.html.ja.jis --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html.ja.jis Wed Dec 31 19:00:00 1969 +++ usr.sbin/httpd/htdocs/manual/mod/mod_alias.html.ja.jis Sun Feb 16 16:05:19 2003 @@ -0,0 +1,397 @@ + + + + + + Apache module mod_alias + + + + + +
    + [APACHE DOCUMENTATION] + +

    Apache HTTP Server Version 1.3

    +
    + + +

    mod_alias $B%b%8%e!<%k(B

    + +

    $B$3$N%b%8%e!<%k$O!"%[%9%H%U%!%$%k%7%9%F%`>e$N$$$m$$$m$J0c$&>l=j$r(B + $B%I%-%e%a%s%H%D%j!<$K%^%C%W$9$k5!G=$H!"(B + URL $B$N%j%@%$%l%/%H$r9T$J$&5!G=$rDs6!$7$^$9!#(B

    + +

    $B%9%F!<%?%9(B: Base
    + $B%=!<%9%U%!%$%k(B: mod_alias.c
    + $B%b%8%e!<%k<1JL;R(B: + alias_module

    + +

    $B35MW(B

    + +

    $B$3$N%b%8%e!<%k$N%G%#%l%/%F%#%V$O%5!<%P$K%j%/%(%9%H$,E~Ce$7$?$H$-$K(B + URL $B$NA`:n$d@)8f$r$9$k$3$H$r2DG=$K$7$^$9!#(BAlias + $B%G%#%l%/%F%#%V$H(B ScriptAlias $B%G%#%l%/%F%#%V$O(B + URL $B$H%U%!%$%k%7%9%F%`$N%Q%9$r%^%C%W$9$k$?$a$K;HMQ$5$l$^$9!#$3$l$O(B + DocumentRoot + $B$N2<$K$J$$%I%-%e%a%s%H$r%&%'%V$N%I%-%e%a%s%H%D%j!<$N0lIt$H$7$F(B + $BAw$i$l$k$h$&$K$7$^$9!#(BScriptAlias + $B%G%#%l%/%F%#%V$K$O%^%C%W@h$N%G%#%l%/%H%j$,(B CGI + $B%9%/%j%W%H$N$_$G$"$k$3$H$r<($9$H$$$&DI2C$N8z2L$,$"$j$^$9!#(B +

    + +

    Redirect $B%G%#%l%/%F%#%V$O%/%i%$%"%s%H$K0c$C$?(B + URL $B$K?7$7$$%j%/%(%9%H$rAw$k$h$&$K;X<($7$^$9!#$3$l$O!"(B + $B%j%=!<%9$,?7$7$$>l=j$K0\F0$7$?$H$-$K$h$/;HMQ$5$l$^$9!#(B

    + +

    URL $B$rA`:n$9$k$?$a$N$h$j6/NO$G=@Fp$J%G%#%l%/%F%#%V72$O(B mod_rewrite + $B%b%8%e!<%k$K$"$j$^$9!#(B +

    + +

    $B%G%#%l%/%F%#%V(B

    + + +
    + +

    Alias $B%G%#%l%/%F%#%V(B

    + +

    + $B9=J8(B: Alias URL-path + file-path|directory-path
    + $B%3%s%F%-%9%H(B: + $B%5!<%P@_Dj%U%!%$%k!"%P!<%A%c%k%[%9%H(B
    + $B%9%F!<%?%9(B: Base
    + $B%b%8%e!<%k(B: mod_alias

    + +

    Alias $B%G%#%l%/%F%#%V$O%I%-%e%a%s%H$r%m!<%+%k%U%!%$%k%7%9%F%`$N(B + DocumentRoot + $B0J30$N>l=j$KJ]4I$9$k$3$H$r2DG=$K$7$^$9!#(BUrl-path + (% $B$,I|9f$5$l$?(B) $B$G;O$^$k%Q%9$N(B URL $B$O(B + directory-filename + $B$G;O$^$k%m!<%+%k%U%!%$%k$K%^%C%W$5$l$^$9!#(B

    + +

    $BNc(B:

    + +
    + Alias /image /ftp/pub/image +
    + +

    http://myserver/image/foo.gif $B$X$N%j%/%(%9%H$KBP$7$F!"%5!<%P$O(B + $B%U%!%$%k(B /ftp/pub/image/foo.gif $B$rJV$7$^$9!#(B

    + +

    $B$b$7(B url-path $B$N:G8e$K(B / + $B$r=q$$$?$J$i!"%5!<%P$O%(%$%j%"%9$rE83+$9$k$?$a$K:G8e$N(B / + $B$rMW5a$9$k$H$$$&$3$H$KCm0U$7$F$/$@$5$$!#$9$J$o$A!"(BAlias /icons/ + /usr/local/apache/icons/ $B$H$$$&$b$N$r;HMQ$7$F$$$k$H!"(B + /icons $B$H$$$&(B url $B$O%(%$%j%"%9$5$l$^$;$s!#(B

    + +

    $B%(%$%j%"%9$N(B$B9T$-@h(B$B$r4^$s$G$$$k(B <Directory> + $B%;%/%7%g%s$rDI2C$9$kI,MW$,$"$k$+$b$7$l$J$$$3$H$KCm0U$7$F$/$@$5$$!#(B + $B%(%$%j%"%9$NE83+$O(B <Directory> + $B%;%/%7%g%s$rD4$Y$kA0$K9T$J$o$l$^$9$N$G!"(B + $B%(%$%j%"%9$N9T$-@h$N(B <Directory> $B%;%/%7%g%s$N$_(B + $B8z2L$,$"$j$^$9!#(B + ($B$7$+$7!"(B<Location> + $B%;%/%7%g%s$O%(%$%j%"%9$,=hM}$5$l$kA0$K + +

    ScriptAlias + $B$b;2>H$7$F$/$@$5$$!#(B

    +
    + +

    AliasMatch

    + +

    $B9=J8(B: AliasMatch regex + file-path|directory-path
    + $B%3%s%F%-%9%H(B: + $B%5!<%P@_Dj%U%!%$%k!"%P!<%A%c%k%[%9%H(B
    + $B%9%F!<%?%9(B: Base
    + $B%b%8%e!<%k(B: mod_alias
    + $B8_49@-(B: Apache 1.3 + $B0J9_$G;HMQ2DG=(B

    +

    $B$3$N%G%#%l%/%F%#%V$O(B Alias + $B$H$[$H$s$IF1$8$G$9$,!"4JC1$J@hF,$+$i$N%^%C%A$r9T$J$&$N$G$O$J$/!"(B + $BI8=`@55,I=8=$rMxMQ$7$^$9!#$3$3$G;XDj$5$l$?@55,I=8=$H(B URL-path + $B$,9g$&$+$I$&$+$rD4$Y!"9g$&>l9g$O3g8L$G3g$i$l$?%^%C%A$r(B + $BM?$($i$l$?J8;zNs$GCV$-49$(!"$=$l$r%U%!%$%kL>$H$7$F;HMQ$7$^$9!#$?$H$($P!"(B + /icons $B%G%#%l%/%H%j$r;HMQ$9$k$h$&$K$9$k(B + $B$?$a$K$O0J2<$N$h$&$J$b$N$,;HMQ$G$-$^$9(B:

    +
    +    AliasMatch ^/icons(.*) /usr/local/apache/icons$1
+
    +
    + +

    Redirect + $B%G%#%l%/%F%#%V(B

    + +

    + $B9=J8(B: Redirect [status] + URL-path URL
    + $B%3%s%F%-%9%H(B: + $B%5!<%P@_Dj%U%!%$%k!"%P!<%A%c%k%[%9%H!"(B + $B%G%#%l%/%H%j!"(B.htaccess
    + $B>e=q$-(B: FileInfo
    + $B%9%F!<%?%9(B: Base
    + $B%b%8%e!<%k(B: mod_alias
    + $B8_49@-(B: $B%G%#%l%/%H%j$H(B + .htaccess $B$N%3%s%F%-%9%H$O(B 1.1 $B0J9_$N$_!#(BStatus + $B0z?t$O(B Apache 1.2 $B0J9_!#(B

    + +

    Redirect $B%G%#%l%/%F%#%V$O8E$$(B URL $B$r?7$7$$$b$N$X%^%C%W$7$^$9!#(B + $B?7$7$$(B URL $B$,%/%i%$%"%s%H$KJV$5$l$^$9!#$=$7$F!"(B + $B%/%i%$%"%s%H$O?7$7$$%"%I%l%9$r$b$&0l2sURL-path (% $B$,I|9f$5$l$?(B) $B%Q%9$G;O$^$k%I%-%e%a%s%H$X$N(B + $B$9$Y$F$N%j%/%(%9%H$O(B URL $B$G;O$^$k?7$7$$(B + (% $B$,Id9f2=$5$l$?(B) URL $B$X$N%j%@%$%l%/%H%(%i!<$,JV$5$l$^$9!#(B

    + +

    $BNc(B:

    + +
    + Redirect /service http://foo2.bar.com/service +
    + +

    $B%/%i%$%"%s%H$O(B http://myserver/service/foo.txt + $B$X$N%j%/%(%9%H$r9T$J$&$H!"Be$o$j$K(B http://foo2.bar.com/service/foo.txt + $B$r%"%/%;%9$9$k$h$&$K9p$2$i$l$^$9!#(B

    + +

    $BCm0U(B: + $B@_Dj%U%!%$%kCf$N=gHV$K4X$o$i$:!"(BRedirect $B%G%#%l%/%F%#%V$O(B Alias + $B%G%#%l%/%F%#%V$H(B ScriptAlias $B%G%#%l%/%F%#%V$h$j$bM%@h$5$l$^$9!#(B + $B$^$?!"(B.htaccess $B%U%!%$%k$d(B <Directory> + $B%;%/%7%g%s$NCf$G;H$o$l$F$$$?$H$7$F$b!"(BURL-path + $B$OAjBP%Q%9$G$O$J$/!"@dBP%Q%9$G$J$1$l$P$J$j$^$;$s!#(B

    + +

    $B$b$7(B status $B0z?t$,M?$($i$l$F$$$J$1$l$P!"%j%@%$%l%/%H$O(B + "temporary" (HTTP $B%9%F!<%?%9(B 302) $B$K$J$j$^$9!#$3$l$O%/%i%$%"%s%H$K(B + $B%j%=!<%9$,0l;~E*$K0\F0$7$?$H$$$&$3$H$r<($7$^$9!#(BStatus + $B0z?t$O(B $BB>$N(B HTTP $B$N%9%F!<%?%9%3!<%I$rJV$9$?$a$K;HMQ$9$k$3$H$,$G$-$^$9(B:

    + +
    +
    permanent
    + +
    $B1J5W$K%j%@%$%l%/%H$r$9$k%9%F!<%?%9(B (301) $B$rJV$7$^$9!#(B + $B$3$l$O%j%=!<%9$,1J5W$K0\F0$7$?$H$$$&$3$H$r0UL#$7$^$9!#(B
    + +
    temp
    + +
    $B0l;~E*$J%j%@%$%l%/%H%9%F!<%?%9(B (302) + $B$rJV$7$^$9!#$3$l$,%G%U%)%k%H$G$9!#(B
    + +
    seeother
    + +
    "See Other" $B%9%F!<%?%9(B (303) $B$rJV$7$^$9!#(B + $B$3$l$O%j%=!<%9$,B>$N$b$N$GCV$-49$($i$l$?$3$H$r0UL#$7$^$9!#(B
    + +
    gone
    + +
    "Gone" $B%9%F!<%?%9(B (410) $B$rJV$7$^$9!#$3$l$O%j%=!<%9$,1J5W$K(B + $B:o=|$5$l$?$3$H$r0UL#$7$^$9!#$3$N%9%F!<%?%9$,;HMQ$5$l$?>l9g!"(B + url $B0z?t$O>JN,$5$l$J$1$l$P$J$j$^$;$s!#(B
    +
    + +

    Status $B$NCM$K%9%F!<%?%9%3!<%I$r?tCM$GM?$($k$3$H$G(B + $BB>$N%9%F!<%?%9%3!<%I$bJV$9$3$H$,$G$-$^$9!#%9%F!<%?%9$,(B 300 $B$H(B 399 + $B$N4V$K$"$k>l9g!"(Burl $B0z?t$OB8:_$7$F$$$J$1$l$P$$$1$^$;$s!#(B + $B$=$NB>$N>l9g$O>JN,$5$l$F$$$J$1$l$P$J$j$^$;$s!#$?$@$7!"(B + $B%9%F!<%?%9$O(B Apache $B$N%3!<%I$,CN$C$F$$$k$b$N$G$"$kI,MW$,$"$j$^$9(B + (http_protocol.c $B$N4X?t(B send_error_response + $B$r8+$F$/$@$5$$(B)$B!#(B

    +

    $BNc(B:

    + + 
    +    Redirect permanent /one http://example.com/two
    
+    Redirect 303 /two http://example.com/other
+
    +
    + +

    RedirectMatch

    + +

    $B9=J8(B: RedirectMatch + [status] regex URL
    + $B%3%s%F%-%9%H(B: $B%5!<%P@_Dj%U%!%$%k!"(B + $B%P!<%A%c%k%[%9%H!"%G%#%l%/%H%j!"(B.htaccess
    + $B>e=q$-(B: FileInfo
    + $B%9%F!<%?%9(B: Base
    + $B%b%8%e!<%k(B: mod_alias
    + $B8_49@-(B: Apache 1.3 + $B0J9_$G;HMQ2DG=!#(B

    + +

    $B$3$N%G%#%l%/%F%#%V$O(B Redirect + $B$H$[$H$s$IF1$8$G$9$,!"4JC1$J@hF,$+$i$N%^%C%A$r9T$J$&$N$G$O$J$/!"(B + $BI8=`@55,I=8=$rMxMQ$7$^$9!#$3$3$G;XDj$5$l$?@55,I=8=$H(B URL-path + $B$,9g$&$+$I$&$+$rD4$Y!"9g$&>l9g$O3g8L$G3g$i$l$?%^%C%A$r(B + $BM?$($i$l$?J8;zNs$GCV$-49$(!"$=$l$r%U%!%$%kL>$H$7$F;HMQ$7$^$9!#(B + $B$?$H$($P!"$9$Y$F$N(B GIF $B%U%!%$%k$rJL%5!<%P$NF1MM$JL>A0$N(B JPEG + $B%U%!%$%k$K%j%@%$%l%/%H$9$k$K$O!"0J2<$N$h$&$J$b$N$r;H$$$^$9(B: +

    +
    +    RedirectMatch (.*)\.gif$ http://www.anotherserver.com$1.jpg
+
    +
    + +

    RedirectTemp + $B%G%#%l%/%F%#%V(B

    + +

    + $B9=J8(B: RedirectTemp URL-path + URL
    + $B%3%s%F%-%9%H(B: $B%5!<%P@_Dj%U%!%$%k!"(B + $B%P!<%A%c%k%[%9%H!"%G%#%l%/%H%j!"(B.htaccess
    + $B>e=q$-(B: FileInfo
    + $B%9%F!<%?%9(B: Base
    + $B%b%8%e!<%k(B: mod_alias
    + $B8_49@-(B: + $B$3$N%G%#%l%/%F%#%V$O(B Apache 1.2 $B0J9_$G$N$_;HMQ2DG=(B

    + +

    $B$3$N%G%#%l%/%F%#%V$O%/%i%$%"%s%H$K(B Redirect + $B$,0l;~E*$J$b$N$G$"$k(B ($B%9%F!<%?%9(B 302) $B$3$H$rCN$i$;$^$9!#(B + Redirect temp $B$H$^$C$?$/F1$8$G$9!#(B

    +
    + +

    RedirectPermanent + $B%G%#%l%/%F%#%V(B

    + +

    + $B9=J8(B: RedirectPermanent + URL-path URL
    + $B%3%s%F%-%9%H(B: $B%5!<%P@_Dj%U%!%$%k!"(B + $B%P!<%A%c%k%[%9%H!"%G%#%l%/%H%j!"(B.htaccess
    + $B>e=q$-(B: FileInfo
    + $B%9%F!<%?%9(B: Base
    + $B%b%8%e!<%k(B: mod_alias
    + $B8_49@-(B: + $B$3$N%G%#%l%/%F%#%V$O(B Apache 1.2 $B0J9_$G$N$_;HMQ2DG=!#(B

    + +

    $B$3$N%G%#%l%/%F%#%V$O%/%i%$%"%s%H$K(B Redirect $B$,1J5WE*$J$b$N(B + ($B%9%F!<%?%9(B 301) $B$G$"$k$3$H$rCN$i$;$^$9!#(B + Redirect premanent $B$H$^$C$?$/F1$8$G$9!#(B

    +
    + +

    ScriptAlias + $B%G%#%l%/%F%#%V(B

    + +

    + $B9=J8(B: ScriptAlias URL-path + file-path|directory-path
    + $B%3%s%F%-%9%H(B: + $B%5!<%P@_Dj%U%!%$%k!"%P!<%A%c%k%[%9%H(B
    + $B%9%F!<%?%9(B: Base
    + $B%b%8%e!<%k(B: mod_alias

    + +

    ScriptAlias $B%G%#%l%/%F%#%V$O!"BP>]%G%#%l%/%H%j$K(B + mod_cgi $B$N(B cgi-script + $B%O%s%I%i$G=hM}$5$l$k(B CGI + $B%9%/%j%W%H$,$"$k$3$H$r<($90J30$O(B + Alias + $B%G%#%l%/%F%#%V$HF1$8?6$kIq$$$r$7$^$9!#(BURL-path + (% $B$,I|9f$5$l$?(B) $B%Q%9$G(B $B;O$^$k(B URL $B$O%m!<%+%k$N%U%!%$%k%7%9%F%`$N(B + $B%U%k%Q%9$G$"$kFsHVL\$N0z?t$K%^%C%W$5$l$^$9!#(B

    + +

    $BNc(B:

    + +
    + ScriptAlias /cgi-bin/ /web/cgi-bin/ +
    + +

    http://myserver/cgi-bin/foo $B$X$N%j%/%(%9%H$KBP$7$F%5!<%P$O%9%/%j%W%H(B + /web/cgi-bin/foo $B$r +

    + +

    ScriptAliasMatch

    + +

    $B9=J8(B: ScriptAliasMatch regex + file-path|directory-path
    + $B%3%s%F%-%9%H(B: + $B%5!<%P@_Dj%U%!%$%k!"%P!<%A%c%k%[%9%H(B
    + $B%9%F!<%?%9(B: Base
    + $B%b%8%e!<%k(B: mod_alias
    + $B8_49@-(B: Apache 1.3 + $B0J9_$G;HMQ2DG=(B

    + +

    $B$3$N%G%#%l%/%F%#%V$O(B ScriptAlias + $B$H$[$H$s$IF1$8$G$9$,!"4JC1$J@hF,$+$i$N%^%C%A$r9T$J$&$N$G$O$J$/!"(B + $BI8=`@55,I=8=$rMxMQ$7$^$9!#$3$3$G;XDj$5$l$?@55,I=8=$H(B URL-path + $B$,9g$&$+$I$&$+$rD4$Y!"9g$&>l9g$O3g8L$G3g$i$l$?%^%C%A$r(B + $BM?$($i$l$?J8;zNs$GCV$-49$(!"$=$l$r%U%!%$%kL>$H$7$F;HMQ$7$^$9!#(B + $B$?$H$($P!"I8=`$N(B /cgi-bin + $B$r;HMQ$9$k$h$&$K$9$k$?$a$K$O!"0J2<$N$h$&$J$b$N$r;H$$$^$9(B: +

    +
    +    ScriptAliasMatch ^/cgi-bin(.*) /usr/local/apache/cgi-bin$1
+
    +
    + +

    Apache HTTP Server Version 1.3

    + Index + Home + + + diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html usr.sbin/httpd/htdocs/manual/mod/mod_auth.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/mod_auth.html Sun Feb 16 16:05:19 2003 @@ -1,322 +0,0 @@ - - - - - - - Apache module mod_auth - - - - -
    - [APACHE DOCUMENTATION] - -

    Apache HTTP Server Version 1.3

    -
    - - -

    Module mod_auth

    - -

    This module provides for user authentication using text - files.

    - -

    Status: Base
    - Source File: mod_auth.c
    - Module Identifier: - auth_module

    - -

    Summary

    - -

    This module allows the use of HTTP Basic Authentication to - restrict access by looking up users in plain text password and - group files. Similar functionality and greater scalability is - provided by mod_auth_dbm and mod_auth_db. HTTP Digest - Authentication is provided by mod_auth_digest.

    - -

    Note that these credential-based security mechanisms are - only as strong as your Web server's security. As a rule, they - are not as strong as the operating system's own security - system.

    - -

    Directives

    - - - -

    See also: require, satisfy, and mod_auth require keywords.

    -
    - -

    mod_auth - Require Keywords

    - -

    The mod_auth module supports the following - keywords that can be given to the Require directive:

    - -
    -
    user username [...]
    - -
    The supplied username and password must be in the AuthUserFile database, and the - username must also be one of those listed on the Require - directive.
    - -
    group groupname [...]
    - -
    The supplied username and password must be in the AuthUserFile database, and the - username must also be a member of one of the named groups in - the AuthGroupFile database.
    - -
    valid-user
    - -
    The supplied username and password must be in the AuthUserFile database. Any valid - username from that file will be allowed.
    - -
    file-owner
    - -
    [Available after Apache 1.3.20] The supplied username and - password must be in the AuthUserFile database, and the - username must also match the system's name for the owner of - the file being requested. That is, if the operating system - say the requested file is owned by jones, then - the username used to access it through the Web must be - jones as well.
    - -
    file-group
    - -
    [Available after Apache 1.3.20] The supplied username and - password must be in the AuthUserFile database, the name of - the group that owns the file must be in the AuthGroupFile database, and the - username must be a member of that group. For example, if the - operating system says the requested file is owned by group - accounts, the group accounts must - be in the AuthGroupFile database and the username used in the - request must be a member of that group.
    -
    -
    - -

    Example of Require - file-owner

    - -

    Consider a multi-user system running the Apache Web server, - with each user having his or her own files in - ~/public_html/private. Assuming that there is a - single AuthUserFile database that lists all of their usernames, - and that their Web usernames match the ones that actually own - the files on the server, then the following stanza would allow - only the user himself access to his own files. User - jones would not be allowed to access files in - /home/smith/public_html/private unless they were - owned by jones instead of smith.

    -
    -    <Directory /home/*/public_html/private>
-        AuthType Basic
-        AuthName MyPrivateFile
-        AuthUserFile /usr/local/apache/etc/.htpasswd-allusers
-        Satisfy All
-        Require file-owner
-    </Directory>
-
    -
    - -

    AuthGroupFile directive

    - Syntax: AuthGroupFile - file-path
    - Context: directory, - .htaccess
    - Override: AuthConfig
    - Status: Base
    - Module: mod_auth - -

    The AuthGroupFile directive sets the name of a textual file - containing the list of user groups for user authentication. - File-path is the path to the group file. If it is not - absolute (i.e., if it doesn't begin with a slash), it - is treated as relative to the ServerRoot.

    - -

    Each line of the group file contains a groupname followed by - a colon, followed by the member usernames separated by spaces. - Example:

    - -
    - mygroup: bob joe anne -
    - Note that searching large text files is very - inefficient; AuthDBMGroupFile - should be used instead. - -

    Security: make sure that the AuthGroupFile is stored outside - the document tree of the web-server; do not put it in - the directory that it protects. Otherwise, clients will be able - to download the AuthGroupFile.

    - -

    See also AuthName, AuthType and AuthUserFile.

    -
    - -

    AuthUserFile - directive

    - Syntax: AuthUserFile - file-path
    - Context: directory, - .htaccess
    - Override: AuthConfig
    - Status: Base
    - Module: mod_auth - -

    The AuthUserFile directive sets the name of a textual file - containing the list of users and passwords for user - authentication. File-path is the path to the user - file. If it is not absolute (i.e., if it doesn't begin - with a slash), it is treated as relative to the ServerRoot.

    - -

    Each line of the user file contains a username followed by a - colon, followed by the crypt() encrypted password. - The behavior of multiple occurrences of the same user is - undefined.

    - -

    The utility htpasswd - which is installed as part of the binary distribution, or which - can be found in src/support, is used to maintain - this password file. See the man page for more - details. In short

    - -
    - htpasswd -c Filename username
    - Create a password file 'Filename' with 'username' as the - initial ID. It will prompt for the password. htpasswd - Filename username2
    - Adds or modifies in password file 'Filename' the 'username'. -
    - -

    Note that searching large text files is very - inefficient; AuthDBMUserFile - should be used instead.

    - -
    -
    Security:
    - -
    Make sure that the AuthUserFile is stored outside the - document tree of the web-server; do not put it in - the directory that it protects. Otherwise, clients may be - able to download the AuthUserFile.
    - -
    Also be aware that null usernames are permitted, and null - passwords as well (through Apache 1.3.20). If your - AuthUserFile includes a line containing only a colon (':'), a - 'Require valid-user' will allow access if both - the username and password in the credentials are - omitted.
    -
    - See also AuthName, AuthType and AuthGroupFile. -
    - -

    AuthAuthoritative directive

    - Syntax: AuthAuthoritative - on|off
    - Default: - AuthAuthoritative on
    - Context: directory, - .htaccess
    - Override: AuthConfig
    - Status: Base
    - Module: mod_auth - -

    Setting the AuthAuthoritative directive explicitly to - 'off' allows for both authentication and - authorization to be passed on to lower level modules (as - defined in the Configuration and - modules.c files) if there is no - userID or rule matching the supplied - userID. If there is a userID and/or rule specified; the usual - password and access checks will be applied and a failure will - give an Authorization Required reply.

    - -

    So if a userID appears in the database of more than one - module; or if a valid Require directive applies to - more than one module; then the first module will verify the - credentials; and no access is passed on; regardless of the - AuthAuthoritative setting.

    - -

    A common use for this is in conjunction with one of the - database modules; such as mod_auth_db.c, mod_auth_dbm.c, - mod_auth_msql.c, and mod_auth_anon.c. - These modules supply the bulk of the user credential checking; - but a few (administrator) related accesses fall through to a - lower level with a well protected AuthUserFile.

    - -

    Default: By default; control is - not passed on; and an unknown userID or rule will result in an - Authorization Required reply. Not setting it thus keeps the - system secure; and forces an NCSA compliant behavior.

    - -

    Security: Do consider the implications of allowing a user to - allow fall-through in his .htaccess file; and verify that this - is really what you want; Generally it is easier to just secure - a single .htpasswd file, than it is to secure a database such - as mSQL. Make sure that the AuthUserFile is stored outside the - document tree of the web-server; do not put it in the - directory that it protects. Otherwise, clients will be able to - download the AuthUserFile.

    - -

    See also AuthName, AuthType and AuthGroupFile.

    - -

    - -

    Apache HTTP Server Version 1.3

    - Index - Home - -

    - - - diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html.en usr.sbin/httpd/htdocs/manual/mod/mod_auth.html.en --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html.en Wed Dec 31 19:00:00 1969 +++ usr.sbin/httpd/htdocs/manual/mod/mod_auth.html.en Sun Feb 16 16:05:19 2003 @@ -0,0 +1,322 @@ + + + + + + + Apache module mod_auth + + + + +
    + [APACHE DOCUMENTATION] + +

    Apache HTTP Server Version 1.3

    +
    + + +

    Module mod_auth

    + +

    This module provides for user authentication using text + files.

    + +

    Status: Base
    + Source File: mod_auth.c
    + Module Identifier: + auth_module

    + +

    Summary

    + +

    This module allows the use of HTTP Basic Authentication to + restrict access by looking up users in plain text password and + group files. Similar functionality and greater scalability is + provided by mod_auth_dbm and mod_auth_db. HTTP Digest + Authentication is provided by mod_auth_digest.

    + +

    Note that these credential-based security mechanisms are + only as strong as your Web server's security. As a rule, they + are not as strong as the operating system's own security + system.

    + +

    Directives

    + + + +

    See also: require, satisfy, and mod_auth require keywords.

    +
    + +

    mod_auth + Require Keywords

    + +

    The mod_auth module supports the following + keywords that can be given to the Require directive:

    + +
    +
    user username [...]
    + +
    The supplied username and password must be in the AuthUserFile database, and the + username must also be one of those listed on the Require + directive.
    + +
    group groupname [...]
    + +
    The supplied username and password must be in the AuthUserFile database, and the + username must also be a member of one of the named groups in + the AuthGroupFile database.
    + +
    valid-user
    + +
    The supplied username and password must be in the AuthUserFile database. Any valid + username from that file will be allowed.
    + +
    file-owner
    + +
    [Available after Apache 1.3.20] The supplied username and + password must be in the AuthUserFile database, and the + username must also match the system's name for the owner of + the file being requested. That is, if the operating system + say the requested file is owned by jones, then + the username used to access it through the Web must be + jones as well.
    + +
    file-group
    + +
    [Available after Apache 1.3.20] The supplied username and + password must be in the AuthUserFile database, the name of + the group that owns the file must be in the AuthGroupFile database, and the + username must be a member of that group. For example, if the + operating system says the requested file is owned by group + accounts, the group accounts must + be in the AuthGroupFile database and the username used in the + request must be a member of that group.
    +
    +
    + +

    Example of Require + file-owner

    + +

    Consider a multi-user system running the Apache Web server, + with each user having his or her own files in + ~/public_html/private. Assuming that there is a + single AuthUserFile database that lists all of their usernames, + and that their Web usernames match the ones that actually own + the files on the server, then the following stanza would allow + only the user himself access to his own files. User + jones would not be allowed to access files in + /home/smith/public_html/private unless they were + owned by jones instead of smith.

    +
    +    <Directory /home/*/public_html/private>
+        AuthType Basic
+        AuthName MyPrivateFile
+        AuthUserFile /usr/local/apache/etc/.htpasswd-allusers
+        Satisfy All
+        Require file-owner
+    </Directory>
+
    +
    + +

    AuthGroupFile directive

    + Syntax: AuthGroupFile + file-path
    + Context: directory, + .htaccess
    + Override: AuthConfig
    + Status: Base
    + Module: mod_auth + +

    The AuthGroupFile directive sets the name of a textual file + containing the list of user groups for user authentication. + File-path is the path to the group file. If it is not + absolute (i.e., if it doesn't begin with a slash), it + is treated as relative to the ServerRoot.

    + +

    Each line of the group file contains a groupname followed by + a colon, followed by the member usernames separated by spaces. + Example:

    + +
    + mygroup: bob joe anne +
    + Note that searching large text files is very + inefficient; AuthDBMGroupFile + should be used instead. + +

    Security: make sure that the AuthGroupFile is stored outside + the document tree of the web-server; do not put it in + the directory that it protects. Otherwise, clients will be able + to download the AuthGroupFile.

    + +

    See also AuthName, AuthType and AuthUserFile.

    +
    + +

    AuthUserFile + directive

    + Syntax: AuthUserFile + file-path
    + Context: directory, + .htaccess
    + Override: AuthConfig
    + Status: Base
    + Module: mod_auth + +

    The AuthUserFile directive sets the name of a textual file + containing the list of users and passwords for user + authentication. File-path is the path to the user + file. If it is not absolute (i.e., if it doesn't begin + with a slash), it is treated as relative to the ServerRoot.

    + +

    Each line of the user file contains a username followed by a + colon, followed by the crypt() encrypted password. + The behavior of multiple occurrences of the same user is + undefined.

    + +

    The utility htpasswd + which is installed as part of the binary distribution, or which + can be found in src/support, is used to maintain + this password file. See the man page for more + details. In short

    + +
    + htpasswd -c Filename username
    + Create a password file 'Filename' with 'username' as the + initial ID. It will prompt for the password. htpasswd + Filename username2
    + Adds or modifies in password file 'Filename' the 'username'. +
    + +

    Note that searching large text files is very + inefficient; AuthDBMUserFile + should be used instead.

    + +
    +
    Security:
    + +
    Make sure that the AuthUserFile is stored outside the + document tree of the web-server; do not put it in + the directory that it protects. Otherwise, clients may be + able to download the AuthUserFile.
    + +
    Also be aware that null usernames are permitted, and null + passwords as well (through Apache 1.3.20). If your + AuthUserFile includes a line containing only a colon (':'), a + 'Require valid-user' will allow access if both + the username and password in the credentials are + omitted.
    +
    + See also AuthName, AuthType and AuthGroupFile. +
    + +

    AuthAuthoritative directive

    + Syntax: AuthAuthoritative + on|off
    + Default: + AuthAuthoritative on
    + Context: directory, + .htaccess
    + Override: AuthConfig
    + Status: Base
    + Module: mod_auth + +

    Setting the AuthAuthoritative directive explicitly to + 'off' allows for both authentication and + authorization to be passed on to lower level modules (as + defined in the Configuration and + modules.c files) if there is no + userID or rule matching the supplied + userID. If there is a userID and/or rule specified; the usual + password and access checks will be applied and a failure will + give an Authorization Required reply.

    + +

    So if a userID appears in the database of more than one + module; or if a valid Require directive applies to + more than one module; then the first module will verify the + credentials; and no access is passed on; regardless of the + AuthAuthoritative setting.

    + +

    A common use for this is in conjunction with one of the + database modules; such as mod_auth_db.c, mod_auth_dbm.c, + mod_auth_msql.c, and mod_auth_anon.c. + These modules supply the bulk of the user credential checking; + but a few (administrator) related accesses fall through to a + lower level with a well protected AuthUserFile.

    + +

    Default: By default; control is + not passed on; and an unknown userID or rule will result in an + Authorization Required reply. Not setting it thus keeps the + system secure; and forces an NCSA compliant behavior.

    + +

    Security: Do consider the implications of allowing a user to + allow fall-through in his .htaccess file; and verify that this + is really what you want; Generally it is easier to just secure + a single .htpasswd file, than it is to secure a database such + as mSQL. Make sure that the AuthUserFile is stored outside the + document tree of the web-server; do not put it in the + directory that it protects. Otherwise, clients will be able to + download the AuthUserFile.

    + +

    See also AuthName, AuthType and AuthGroupFile.

    + +

    + +

    Apache HTTP Server Version 1.3

    + Index + Home + +

    + + + diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html.ja.jis usr.sbin/httpd/htdocs/manual/mod/mod_auth.html.ja.jis --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html.ja.jis Wed Dec 31 19:00:00 1969 +++ usr.sbin/httpd/htdocs/manual/mod/mod_auth.html.ja.jis Sun Feb 16 16:05:19 2003 @@ -0,0 +1,335 @@ + + + + + + Apache module mod_auth + + + + + +
    + [APACHE DOCUMENTATION] + +

    Apache HTTP Server Version 1.3

    +
    + + +

    mod_auth $B%b%8%e!<%k(B

    + +

    + $B$3$N%b%8%e!<%k$O%F%-%9%H%U%!%$%k$r;H$C$F%f!<%6$NG'>Z$r9T$J$&5!G=$r(B + $BDs6!$7$^$9!#(B

    + +

    $B%9%F!<%?%9(B: Base
    + $B%=!<%9%U%!%$%k(B: + mod_auth.c
    + $B%b%8%e!<%k<1JL;R(B: + auth_module

    + +

    $B35MW(B

    + +

    + $B$3$N%b%8%e!<%k$O%f!<%6$r%W%l!<%s%F%-%9%H$N%Q%9%o!<%I$H%0%k!<%W(B + $B%U%!%$%k$GD4$Y$k$3$H$K$h$j!"(BHTTP + $B4pK\G'>Z$G%"%/%;%9$r@)8B$9$k$3$H$r(B + $B2DG=$K$7$^$9!#F1MM$N5!G=$G%9%1!<%i%S%j%F%#$N$"$k$b$N$O(B mod_auth_dbm $B$H(B mod_auth_db $B$K$h$jDs6!$5$l$^$9!#(B + HTTP $B%@%$%8%'%9%HG'>Z$O(B mod_auth_digest + $B$K$h$jDs6!$5$l$F$$$^$9!#(B

    + +

    + $B$3$l$i$NG'>Z$K4p$E$$$?%;%-%e%j%F%#$N5!9=$O$;$$$<$$%&%'%V%5!<%P$N(B + $B%;%-%e%j%F%#$HF1DxEY$N6/EY$G$"$k$3$H$KCm0U$7$F$/$@$5$$!#(B + $B0lHL$K!"%*%Z%l!<%F%#%s%0%7%9%F%`$N%;%-%e%j%F%#%7%9%F%`$[$I$O(B + $B6/$/(B$B$"$j$^$;$s(B$B!#(B

    + +

    $B%G%#%l%/%F%#%V(B

    + + + +

    $B;2>H(B: require, satisfy, mod_auth + require $B%-!<%o!<%I(B$B!#(B

    +
    + +

    mod_auth Require + $B%-!<%o!<%I(B

    + +

    mod_auth $B%b%8%e!<%k$O(B Require $B%G%#%l%/%F%#%V$KBP$9$k(B + $B0J2<$N%-!<%o!<%I$r%5%]!<%H$7$^$9(B:

    + +
    +
    user username [...]
    + +
    $BM?$($i$l$?%f!<%6L>$H%Q%9%o!<%I$O(B AuthUserFile + $B%G!<%?%Y!<%9$KB8:_$9$k(B $BI,MW$,$"$j!"$5$i$K%f!<%6L>$,(B + Require $B%G%#%l%/%F%#%V$K%j%9%H(B + $B$5$l$F$$$kI,MW$,$"$j$^$9!#(B
    + +
    group groupname [...]
    + +
    $BM?$($i$l$?%f!<%6L>$H%Q%9%o!<%I$O(B AuthUserFile + $B%G!<%?%Y!<%9$KB8:_$9$k(B $BI,MW$,$"$j!"$5$i$K%f!<%6L>$,(B + AuthGroupFile + $B%G!<%?%Y!<%9$K$"$k(B + $B;XDj$5$l$?%0%k!<%W$N%a%s%P$G$"$kI,MW$,$"$j$^$9!#(B
    + +
    valid-user
    + +
    $BM?$($i$l$?%f!<%6L>$H%Q%9%o!<%I$,(B AuthUserFile + $B%G!<%?%Y!<%9$KB8:_$9$k(B + $BI,MW$,$"$j$^$9!#$=$N%U%!%$%k$K$"$kM-8z$J%f!<%6L>$O%"%/%;%9$,5v2D(B + $B$5$l$^$9!#(B
    + +
    file-owner
    + +
    [Apache 1.3.20 $B$+$i(B] + $BM?$($i$l$?%f!<%6L>$H%Q%9%o!<%I$O(B AuthUserFile + $B%G!<%?%Y!<%9$KB8:_$9$k(B + $BI,MW$,$"$j!"$5$i$K%f!<%6L>$,%j%/%(%9%H$5$l$?%U%!%$%k$N(B + $B%7%9%F%`$N=jM-A0$H0lCW$9$kI,MW$,$"$j$^$9!#$D$^$j!"(B + $B%*%Z%l!<%F%#%s%0%7%9%F%`$,%j%/%(%9%H$5$l$?%U%!%$%k$,(B + jones $B$G$"$k!"$H8@$C$?>l9g$O!"(BWeb + $B$rDL$7$F(B $B%"%/%;%9$9$k%f!<%6L>$b(B jones + $B$G$"$kI,MW$G$"$k!"(B $B$H$$$&$3$H$G$9!#(B
    + +
    file-group
    + +
    [Apache 1.3.20 $B$+$i(B] + $BM?$($i$l$?%f!<%6L>$H%Q%9%o!<%I$O(B AuthUserFile + $B%G!<%?%Y!<%9$KB8:_$9$k(B + $BI,MW$,$"$j!"%U%!%$%k$r=jM-$9$k%0%k!<%WL>$,(B AuthGroupFile $B%G!<%?%Y!<%9$K(B + $B$"$kI,MW$,$"$j!"%f!<%6L>$,$=$N%0%k!<%W$N%a%s%P$G$"$kI,MW$,$"$j$^$9!#(B + $BNc$($P!"%*%Z%l!<%F%#%s%0%7%9%F%`$,%j%/%(%9%H$5$l$?%U%!%$%k$,(B + $B%0%k!<%W(B accounts + $B$K$h$j=jM-$5$l$F$$$k$H8@$C$?(B $B>l9g!"%0%k!<%W(B + accounts $B$,(B AuthGroupFile $B%G!<%?%Y!<%9$K(B + $BB0$7$F$$$kI,MW$,$"$j!"%j%/%(%9%H$K;HMQ$5$l$?%f!<%6L>$b(B + $B$=$N%0%k!<%W$N%a%s%P$G$"$kI,MW$,$"$j$^$9!#(B
    +
    +
    + +

    AuthGroupFile + $B%G%#%l%/%F%#%V(B

    + $B9=J8(B: AuthGroupFile + filename
    + $B%3%s%F%-%9%H(B: + $B%G%#%l%/%H%j!"(B.htaccess
    + $B>e=q$-(B: AuthConfig
    + $B%9%F!<%?%9(B: Base
    + $B%b%8%e!<%k(B: mod_auth + +

    AuthGroupFile $B%G%#%l%/%F%#%V$O%f!<%6G'>Z$N$?$a$N(B + $B%f!<%6%0%k!<%W$N%j%9%H$,=q$+$l$?%F%-%9%H%U%!%$%k$NL>A0$r@_Dj$7$^$9!#(B + Filename + $B$O%0%k!<%W%U%!%$%k$N%Q%9$G$9!#@dBP%Q%9$G$J$$$H$-$O(B + ($B$9$J$o$A(B$B!"%9%i%C%7%e$G;O$^$i$J$$$H$-$O(B)$B!"(BServerRoot + $B$+$i$NAjBP%Q%9$H$7$F07$o$l$^$9!#(B

    + +

    + $B%0%k!<%W%U%!%$%k$N$=$l$>$l$N9T$O!"%0%k!<%WL>!"%3%m%s!"6uGr$G(B + $B6h@Z$i$l$?%0%k!<%W$KB0$9$k%f!<%6L>!"$+$i$J$j$^$9!#Nc(B:

    + +
    + mygroup: bob joe anne +
    + +

    + $BBg$-$J%F%-%9%H%U%!%$%k$rC5$9$N$O(B$BHs>o(B$B$K8zN($,0-$$$H$$$&$3$H$K(B + $BCm0U$7$F$/$@$5$$!#$=$N$h$&$J>l9g$O!"Be$o$j$K(B AuthDBMGroupFile + $B$r(B $B;H$C$F$/$@$5$$!#(B

    + +

    $B%;%-%e%j%F%#(B: AuthGroupFile + $B$OI,$:%&%'%V%5!<%P$N%I%-%e%a%s%H%D%j!<$N30$K(B + $BJ]4I$7$F$/$@$5$$!#$=$l$,J]8n$7$F$$$k%G%#%l%/%H%j$K$OCV$+(B$B$J$$(B$B$G(B + $B$/$@$5$$!#$=$&$G$J$$$H!"%/%i%$%"%s%H$,(B AuthGroupFile + $B$r%@%&%s%m!<%I(B $B$G$-$F$7$^$$$^$9!#(B

    + +

    AuthName, AuthType, AuthUserFile + $B$b;2>H$7$F$/$@$5$$!#(B

    +
    + +

    AuthUserFile + $B%G%#%l%/%F%#%V(B

    + $B9=J8(B: AuthUserFile + file-path
    + $B%3%s%F%-%9%H(B: + $B%G%#%l%/%H%j!"(B.htaccess
    + $B>e=q$-(B: AuthConfig
    + $B%9%F!<%?%9(B: Base
    + $B%b%8%e!<%k(B: mod_auth
    + + +

    AuthUserFile + $B%G%#%l%/%F%#%V$O%f!<%6G'>Z$N$?$a$N%f!<%6$H%Q%9%o!<%I$N(B + $B%j%9%H$,=q$+$l$?%F%-%9%H%U%!%$%k$rL>A0$r@_Dj$7$^$9!#(BFile-path + $B$O(B $B%f!<%6%U%!%$%k$X$N%Q%9$G$9!#@dBP%Q%9$G$J$$$H$-$O(B + ($B$9$J$o$A(B$B!"(B + $B%9%i%C%7%e$G;O$^$i$J$$$H$-$O(B)$B!"(BServerRoot + $B$+$i$NAjBP%Q%9$H$7$F07$o$l$^$9!#(B

    + +

    + $B%f!<%6%U%!%$%k$N$=$l$>$l$N9T$O!"%f!<%6L>!"%3%m%s!"(Bcrypt() + $B$K$h$j0E9f2=$5$l$?(B + $B%Q%9%o!<%I!"$+$i$J$j$^$9!#F1$8%f!<%6$,J#?t2s8=$l$?$H$-$NF0:n$O(B + $BITDj$G$9!#(B

    + +

    + $B%P%$%J%jG[I[$N0lIt$H$7$F%$%s%9%H!<%k$5$l$F$$$k$+!"(Bsrc/support + $B$K$"$k(B htpasswd + $B%f!<%F%#%j%F%#$O!"(B + $B$3$N%Q%9%o!<%I%U%!%$%k$r0];}$9$k$?$a$K;HMQ$5$l$^$9!#>\:Y$O(B + man + $B%Z!<%8$r;2>H$7$F$/$@$5$$!# + +

    + htpasswd -c Filename username
    + $B$O(B 'username' $B$r=i4|(B ID $B$H$7$F%Q%9%o!<%I%U%!%$%k(B + 'Filename' $B$r(B + $B:n@.$7$^$9!#$3$l$O%Q%9%o!<%I$NF~NO$rB%$7$^$9!#(B htpasswd + Filename username2
    + $B$O%Q%9%o!<%I%U%!%$%k(B 'Filename' $B$K(B 'username' $B$r(B + $BDI2C$9$k$+!"4{$K$"$k(B 'username' $B$r=$@5$7$^$9!#(B +
    + +

    + $BBg$-$J%F%-%9%H%U%!%$%k$rC5$9$N$O(B$BHs>o(B$B$K8zN($,0-$$$H$$$&$3$H$K(B + $BCm0U$7$F$/$@$5$$!#$=$N$h$&$J>l9g$O!"Be$o$j$K(B AuthDBMUserFile + $B$r(B $B;H$C$F$/$@$5$$!#(B

    + +

    $B%;%-%e%j%F%#(B: AuthUserFile + $B$OI,$:%&%'%V%5!<%P$N%I%-%e%a%s%H%D%j!<$N30$K(B + $BJ]4I$7$F$/$@$5$$!#$=$l$,J]8n$7$F$$$k(B + $B%G%#%l%/%H%j$K$OCV$+$J$$$G$/$@$5$$!#(B + $B$=$&$G$J$$$H!"%/%i%$%"%s%H$,(B AuthUserFile + $B$r%@%&%s%m!<%I$G$-$F$7$^$$$^$9!#(B

    + +

    AuthName, AuthType, AuthGroupFile + $B$b;2>H$7$F$/$@$5$$!#(B

    +
    + +

    AuthAuthoritative + $B%G%#%l%/%F%#%V(B

    + $B9=J8(B: AuthAuthoritative + on|off
    + $B%G%U%)%k%H(B: + AuthAuthoritative on
    + $B%3%s%F%-%9%H(B: + $B%G%#%l%/%H%j!"(B.htaccess
    + $B>e=q$-(B: AuthConfig
    + $B%9%F!<%?%9(B: Base
    + $B%b%8%e!<%k(B: mod_auth + +

    AuthAuthoritative $B%G%#%l%/%F%#%V$rL@<(E*$K(B + 'off' $B$K(B $B@_Dj$9$k$H!"(BuserID + $B$K9g$&(B userID $B$,L5$$(B $B$H$-$H!"(B + $B$=$l$K9g$&(B$B%k!<%k(B$B$,L5$$$H$-$K!"G'>Z$H8"8B$NIUM?$NN>J}$r(B + ($B@_Dj(B $B$d(B modules.c + $B$GDj5A$5$l$F$$$k(B $BJ}K!$G(B) + $B2<0L$N%b%8%e!<%k$KEO$9$3$H$r2DG=$K$7$^$9!#(B userID + $B$+%k!<%k$,;XDj$5$l$F$$$k$H$-$K$O!"DL>o$HF1$8%Q%9%o!<%I$H(B + $B%"%/%;%9$N%A%'%C%/$,9T$J$o$l!"@.8y$7$J$+$C$?>l9g$O(B + Authorization Required $B1~Ez$,JV$5$l$^$9!#(B

    + +

    $B$G$9$+$i!"(BuserID + $B$,J#?t$N%b%8%e!<%k$N%G!<%?%Y!<%9$K8=$l$?$j!"(B $B@5$7$$(B + Require + $B%G%#%l%/%F%#%V$,J#?t$N%b%8%e!<%k$KE,MQ$5$l$?$j(B + $B$9$k$H$-$O!":G=i$N%b%8%e!<%k$,;q3J$rD4::$7$^$9!#(BAuthAuthoritative + $B$N(B + $B@_Dj$K4X$o$i$:!"%"%/%;%9$ND4::$OJL$N%b%8%e!<%k$K$OEO$5$l$^$;$s!#(B

    + +

    $B$3$N%G%#%l%/%F%#%V$NIaDL$NMxMQJ}K!$O!"(Bmod_auth_db.c, mod_auth_dbm.c, + mod_auth_msql.c, mod_auth_anon.c + $B$N$h$&$J%G!<%?%Y!<%9%b%8%e!<%k$H0l=o$K;H$&$b$N$G$9!#(B + $B$3$l$i$N%b%8%e!<%k$OBgItJ,$N%f!<%6$N;q3JD4::$r9T$J$&5!G=$rDs6!$7$^$9!#(B + $B$7$+$7!">.?t$N(B ($B4IM} + +

    $B%G%U%)%k%H(B: + $B%G%U%)%k%H$G$O@)8f$OEO$5$l$^$;$s!#(B $BCN$i$J$$(B userID + $B$d%k!<%k$N7k2L$O(B Authorization Require $B1~Ez$K$J$j$^$9!#(B + $B$G$9$+$i!"$3$N%G%#%l%/%F%#%V$r@_Dj$7$J$$$H%7%9%F%`$r0BA4$KJ]$D$3$H$,$G$-!"(B + NCSA $B$HF1$8F0:n$r$9$k$h$&$K$G$-$^$9!#(B

    + +
    +
    $B%;%-%e%j%F%#(B:
    + +
    AuthUserFile + $B$OI,$:%&%'%V%5!<%P$N%I%-%e%a%s%H%D%j!<$N30$KJ]4I$7$F$/$@$5$$!#(B + $B$=$l$,J]8n$7$F$$$k(B + $B%G%#%l%/%H%j$K$OCV$+(B$B$J$$(B$B$G$/$@$5$$!#(B + $B$=$&$G$J$$$H!"%/%i%$%"%s%H$,(B AuthUserFile + $B$r%@%&%s%m!<%I$G$-$F$7$^$$$^$9!#(B
    + +
    + $B$^$?!"6u$N%f!<%6L>$d!"6u$N%Q%9%o!<%I$,5v2D$5$l$k$3$H$KCm0U$7$F$/$@$5$$(B + (Apache 1.3.20 $B$+$i(B)$B!#(B AuthUserFile $B$K%3%m%s(B + (':') $B$N$_$N9T$,$"$l$P!"(B + $BG'>Z;~$K%f!<%6L>$H%Q%9%o!<%I$,N>J}6&>JN,$5$l$?$H$-$K(B + 'Require valid-user' + $B$O%"%/%;%9$r5v2D$7$^$9!#(B
    +
    + +

    AuthName, AuthType, AuthGroupFile + $B$b;2>H$7$F$/$@$5$$!#(B

    +
    + +

    Apache HTTP Server Version 1.3

    + Index + Home + + + + diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html usr.sbin/httpd/htdocs/manual/mod/mod_headers.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/mod_headers.html Sun Feb 16 16:05:19 2003 @@ -43,6 +43,7 @@
    @@ -61,10 +62,14 @@ Status: Extension
    Module: mod_header + rel="Help">Module: mod_headers

    This directive can replace, merge or remove HTTP response - headers. The action it performs is determined by the first + headers during 1xx and 2xx series replies. For 3xx, 4xx and 5xx + use the ErrorHeader directive. +

    +

    + The action it performs is determined by the first argument. This can be one of the following values:

      @@ -132,6 +137,32 @@ added just before the response is sent cannot be unset or overridden. This includes headers such as "Date" and "Server".

      + +

      ErrorHeader directive

      + Syntax: ErrorHeader set|append|add + header value
      + Syntax: ErrorHeader unset + header
      + Context: server config, virtual + host, access.conf, .htaccess
      + Override: FileInfo
      + Status: Extension
      + Module: mod_headers + +

      This directive can replace, merge or remove HTTP response + headers during 3xx, 4xx and 5xx replies. For normal replies + use the Header directive. +

      +

      This directive is identical to the Header + directive in all other respects. Consult this directive for + more information on the syntax. +

      diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.en usr.sbin/httpd/htdocs/manual/mod/mod_info.html.en --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.en Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/mod_info.html.en Sun Feb 16 16:05:19 2003 @@ -74,6 +74,14 @@ files, including per-directory files (e.g., .htaccess). This may have security-related ramifications for your site.

      + +

      In particular, this module can leak sensitive information + from the configuration directives of other Apache modules such as + system paths, usernames/passwords, database names, etc. Due to + the way this module works there is no way to block information + from it. Therefore, this module should ONLY be used in a controlled + environment and always with caution.

      +
    diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.html usr.sbin/httpd/htdocs/manual/mod/mod_info.html.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.html Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/mod_info.html.html Sun Feb 16 16:05:19 2003 @@ -76,6 +76,14 @@ files, including per-directory files (e.g., .htaccess). This may have security-related ramifications for your site.

    + +

    In particular, this module can leak sensitive information + from the configuration directives of other Apache modules such as + system paths, usernames/passwords, database names, etc. Due to + the way this module works there is no way to block information + from it. Therefore, this module should ONLY be used in a controlled + environment and always with caution.

    +
    diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.ja.jis usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.ja.jis --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.ja.jis Thu Feb 13 12:15:06 2003 +++ usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.ja.jis Sun Feb 16 16:05:19 2003 @@ -7,7 +7,7 @@ Apache module mod_mime - + diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/new_features_1_1.html usr.sbin/httpd/htdocs/manual/new_features_1_1.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/new_features_1_1.html Thu Feb 13 12:15:07 2003 +++ usr.sbin/httpd/htdocs/manual/new_features_1_1.html Sun Feb 16 16:05:20 2003 @@ -77,7 +77,7 @@ and its resource consumption. It also gives the current state of each server process including the current URL being processed. For an example, check out the status of the + href="http://www.apache.org/server-status">the status of the www.apache.org server.
  • Server Information @@ -85,7 +85,7 @@ information about the other modules installed, their directives, and their configurations. It is extremely helpful in debugging configuration problems. For an example, check - out information + out information about the www.apache.org server.
  • Experimental Caching diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/readme-tpf.html usr.sbin/httpd/htdocs/manual/readme-tpf.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/readme-tpf.html Thu Feb 13 12:15:08 2003 +++ usr.sbin/httpd/htdocs/manual/readme-tpf.html Sun Feb 16 16:05:20 2003 @@ -17,11 +17,12 @@
    - [ Configuration - Files  | What's - Available  | CGI Scripts  | - Options  | Porting Notes  ] + [ Configuration Files + | What's Available + | CGI Scripts + | Options + | Syslog + | Porting Notes ]
    @@ -207,6 +208,9 @@
  • rotatelogs.c (requires PUT10; if PJ27214 implemented be sure to apply PJ28367) 
    • +
  • syslog (requires PUT13; see install + and usage instructions) 
    • +
  • util.c 
  • util_date.c 
    • @@ -225,6 +229,8 @@
  • lib/expat-lite 
    • +
  • lib/sdbm 
    • +
  • mod_auth_digest.c 
  • mod_rewrite.c 
    • @@ -350,65 +356,106 @@
    -

    How to Use Apache Command Line Options

    +

    How to Use Apache's "Dash" Options

    -

    You cannot run Apache from the command line on TPF. However - you can use those Apache command line options which don't - actually start the server. This requires PJ27277 which shipped - on PUT13.

    +

    Overview of Apache's "dash" options:

    + +

    Apache can be invoked with various options, such as "-f". + Some of these options display information about the server or perform syntax checks + but they don't actually start the server. + These "information only" options are useful with TPF's ZFILE command line feature: + -h, -l, -L, -S, -t, -T, -v, and -V. +

    + +

    Another option, -X, is used when actually running the server. + It is passed to Apache through the ZINET XPARM field since ZINET is the only way to start the server on TPF.

    + +

    A third group of options apply to both the informational displays (ZFILE) and + running the server (ZINET XPARM): -d, -D and -f.

    + +

    The rest of Apache's options are either not applicable or are not supported on TPF.

    -

    Supported Apache options:

    +

    Using dash options requires PJ27277 which shipped on PUT13.

    + +

    Table of supported Apache options

    -

    -d directory
    - Specify an alternate initial ServerRoot directory. - Default is /usr/local/apache.

    - -

    -f file
    - Specify an alternate server configuration file. - Default is conf/httpd.conf.

    - -

    -h
    - List a short summary of available command line options. - (Note that this outputs all options, not just those supported - on TPF.)

    - -

    -l
    - List modules compiled into the server.

    - -

    -L
    - List available configuration directives. (Note that this - outputs all configuration directives, not just those - supported on TPF.)

    - -

    -S
    - Show the settings as parsed from the configuration file. - Currently only shows the virtualhost settings.

    - -

    -t
    - Run syntax tests for configuration files (with document root - checks)

    - -

    -T
    - Run syntax tests for configuration files (without document - root checks)

    - -

    -v
    - Show the version number.

    - -

    -V
    - Show the version number and various compile settings.

    - -

    See http://httpd.apache.org/docs/programs/httpd.html - for more information about these command line options.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Option         + ZFILEZINET + Description
    -d pathZFILEZINETSet the initial value for the ServerRoot directive.
    -D defineZFILEZINETSet a configuration parameter which can be used with <IfDefine>...</IfDefine> sections in the configuration file to conditionally skip or process commands.
    -f filenameZFILEZINETUse an alternate configuration file instead of the default conf/httpd.conf file.
    -hZFILE List a short summary of available command line options then exit. + Note that this outputs all options, not just those supported on TPF.
    -lZFILE List modules compiled into the server then exit.
    -LZFILE List available configuration directives then exit. Note that this outputs all configuration directives, not just those supported on TPF.
    -SZFILE Show the settings as parsed from the configuration file then exit. Currently Apache only shows the virtual host settings.
    -tZFILE Run syntax tests for configuration files with document root checks then exit.
    -TZFILE Run syntax tests for configuration files without document root checks then exit.
    -vZFILE Show the version number then exit.
    -VZFILE Show the version number and various compile settings then exit.
    -X ZINETRun in single-process mode for internal debugging purposes only. + The parent process does not fork any children.
    -

    Note: On TPF Apache arguments are supported only on the - command line, not through the ZINET XPARM field.

    +

    See http://httpd.apache.org/docs/programs/httpd.html + for more information about these command line options.

    -

    Setup

    +

    Setup for ZFILE examples

    Ensure Apache (CHTA) is loaded

    @@ -431,7 +478,6 @@ zfile chmod 755 /bin/httpd

    -

    (See "ZFILE-Activate a TPF Segment or Script" in @@ -439,7 +485,7 @@ href="http://www.ibm.com/tpf/pubs/tpfpubs.htm">http://www.ibm.com/tpf/pubs/tpfpubs.htm.)

    -

    Example 1

    +

    ZFILE example 1

    zfile httpd -v

    @@ -451,17 +497,75 @@ END OF DISPLAY

    -

    Example 2

    +

    ZFILE example 2

    zfile httpd -t -f - /usr/local/apache/conf/httpd.conf.new

    + /usr/local/apache/conf/alt.conf

    FILE0002I 11.47.26 START OF ERROR DISPLAY FROM httpd -t ...
    Syntax OK
    END OF DISPLAY

    + +

    ZINET XPARM example

    +
    + + This example uses an alternate configuration file called /usr/local/apache/conf/alt.conf.
    + Transfer the alternate configuration file to your TPF test system.
    + zinet add s-apache pgm-chta model-daemon user-root xparm--f conf/alt.conf
    + zinet start s-apache + +

    (See "ZINET ADD-Add an Internet Server Application Entry" and + "ZINET ALTER-Change an Internet Server Application Entry" in + the Operations guide for more information about using the XPARM field: + http://www.ibm.com/tpf/pubs/tpfpubs.htm.)

    +
    + + + + +
    +

    Syslog Daemon

    +
    + +

    Syslog overview:

    + +

    The syslog daemon is a server process that provides a message logging facility for application and system processes. + It can be used to write messages to log files or to tapes. + See TPF Transmission Control Protocol/Internet Protocol for detailed information about using the syslog daemon on TPF: + http://www.ibm.com/tpf/pubs/tpfpubs.htm. + And see the Apache ErrorLog directive documentation + for details on how to use syslog with Apache.

    + +

    Syslog capabilities were added with PJ27214 which shipped with PUT13. + You must follow the syslog specific installation instructions + in order to have the option of using syslog with Apache.

    + + +

    Tips on using syslog with your Apache error log:

    + +

    This section provides some tips on using syslog with Apache. + It is not meant to replace the syslog documentation in the TPF TCP/IP publication.

    + +
      +
    • The syslog daemon will not create files. If you are logging to a file (as specified in the syslog.conf configuration file) that file must already exist and + have permissions that allow the syslog daemon to write to it.
      • +
    • You must restart the syslog daemon for it to recognize changes to its syslog.conf configuration file.
      • +
    • The syslog daemon must be active prior to starting Apache.
      • +
    • To indicate you want to use syslog with your Apache error log add the following directive to your httpd.conf file: + "ErrorLog syslog:facility" where facility is "local0" through "local7".
      • +
    • Apache will default the facility to "local7" if you omit the facility name from the ErrorLog directive (that is "ErrorLog syslog").
      • +
    • The syslog facility name must be one that is recognized by both Apache and the syslog.h header file. + The facility names "local0" through "local7" are explicitly set aside for your use.
      • +
    • Although "local0" through "local7" are recommended user facility names, here is the complete list of names recognized + by both Apache and TPF's syslog.h: auth, cron, daemon, kern, local0, local1, local2, local3, local4, local5, local6, local7, + lpr, mail, news, syslog, user, and uucp.
      • +
    • You won't see the normal Apache startup/shutdown messages when you use syslog with your Apache error log.
      • +
    • Syslog does not support TCP/IP Offload devices (ZCLAW)
      • +
    +
    @@ -514,12 +618,13 @@
    - [ top  | Configuration Files  | - What's Available  | CGI Scripts  | Options  | Porting Notes ] + [ top + | Configuration Files + | What's Available + | CGI Scripts + | Options + | Syslog + | Porting Notes ]
    diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/urlmapping.html usr.sbin/httpd/htdocs/manual/urlmapping.html --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/urlmapping.html Thu Feb 13 12:15:08 2003 +++ usr.sbin/httpd/htdocs/manual/urlmapping.html Sun Feb 16 16:05:20 2003 @@ -125,7 +125,7 @@ with

    - Alias /docs /var/web/ + Alias /docs /var/web

    the URL diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.en usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.en --- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.en Thu Feb 13 12:15:07 2003 +++ usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.en Sun Feb 16 16:05:18 2003 @@ -111,11 +111,18 @@ href="../mod/core.html#documentroot">DocumentRoot directive to show where in the filesystem the content for that host lives.

    -

    For example, suppose that both www.domain.tld and -www.otherdomain.tld point at an IP address -that the server is listening to. Then you simply add the following -to httpd.conf:

    - +

    If you are adding virtual hosts to an existing web server, you +must also create a <VirtualHost> block for the existing host. +The ServerName and DocumentRoot included in +this virtual host should be the same as the global +ServerName and DocumentRoot. List this +virtual host first in the configuration file so that it will act as +the default host.

    + +

    For example, suppose that you are serving the domain +www.domain.tld and you wish to add the virtual host +www.otherdomain.tld, which points at the same IP address. +Then you simply add the following to httpd.conf:

         NameVirtualHost *
 
@@ -160,7 +167,7 @@
 placed in these containers and will then change the configuration only
 of the relevant virtual host.  To find out if a particular directive
 is allowed, check the Context of the
+href="../mod/directive-dict.html#Context">Context of the
 directive.  Configuration directives set in the main server
 context (outside any <VirtualHost> container)
 will be used only if they are not overriden by the virtual host
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.html usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.html
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.html	Thu Feb 13 12:15:07 2003
+++ usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.html	Sun Feb 16 16:05:18 2003
@@ -113,11 +113,18 @@
 href="../mod/core.html#documentroot">DocumentRoot directive to
 show where in the filesystem the content for that host lives.
    
 
-
    For example, suppose that both www.domain.tld and
-www.otherdomain.tld point at an IP address
-that the server is listening to.  Then you simply add the following
-to httpd.conf:
    
-
+
    If you are adding virtual hosts to an existing web server, you
+must also create a <VirtualHost> block for the existing host.
+The ServerName and DocumentRoot included in
+this virtual host should be the same as the global
+ServerName and DocumentRoot.  List this
+virtual host first in the configuration file so that it will act as
+the default host.
    
+
+
    For example, suppose that you are serving the domain
+www.domain.tld and you wish to add the virtual host
+www.otherdomain.tld, which points at the same IP address.
+Then you simply add the following to httpd.conf:
    
 
         NameVirtualHost *
 
@@ -162,7 +169,7 @@
 placed in these containers and will then change the configuration only
 of the relevant virtual host.  To find out if a particular directive
 is allowed, check the Context of the
+href="../mod/directive-dict.html#Context">Context of the
 directive.  Configuration directives set in the main server
 context (outside any <VirtualHost> container)
 will be used only if they are not overriden by the virtual host
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.ja.jis usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.ja.jis
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.ja.jis	Thu Feb 13 12:15:07 2003
+++ usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.ja.jis	Sun Feb 16 16:05:18 2003
@@ -97,6 +97,7 @@
     $B$3$l$O(B NameVirtualHost
     $B%G%#%l%/%F%#%V$G@_Dj$7$^$9!#DL>o!"(BNameVirtualHost $B$G(B
     * $B$NB0@-$r;H$C$F%5!<%P$NA4$F$N(B IP $B%"%I%l%9$r;H$$$^$9!#(B
+    (NameVirtualHost * $B$O%P!<%8%g%s(B 1.3.13 $B0J9_$N$_$GF0:n$7$^$9!#(B)
     NameVirtualHost $B%G%#%l%/%F%#%V$G(B IP $B%"%I%l%9$r=q$$$F$b!"(B
     $B<+F0E*$K%5!<%P$,$=$N(B IP $B%"%I%l%9$r%j%C%9%s$9$k$H$$$&$3$H$O$J$$$3$H$K(B
     $BCm0U$7$F$/$@$5$$!#>\:Y$O(B Apache $B$N;H$&%"%I%l%9$H(B
@@ -136,7 +137,8 @@
 
     
    NameVirtualHost $B5Z$S(B
     <VirtualHost> $B$N$I$A$i$N>l9g$b!"(B
-    * $B$NItJ,$K$OL@<(E*$K(B IP $B%"%I%l%9$r;XDj$9$k$3$H$,$G$-$^$9!#(B
    
+    * $B$NItJ,$K$OL@<(E*$K(B IP $B%"%I%l%9$r;XDj$9$k$3$H$,$G$-$^$9!#(B
+    $B%P!<%8%g%s(B 1.3.12 $B0JA0$G$O(B IP $B%"%I%l%9$N;XDj$,I,MW$G$7$?!#(B
    
 
     
    $BJ#?t$NL>A0$G%5!<%P%"%/%;%9$,$G$-$k$h$&$K$7$?$$$3$H$bB?$$$G$7$g$&!#(B
     $B$3$N$h$&$J$3$H$O!"(B.
 .Dd Sep 18, 2002
-.Dt HTTPD 1
+.Dt HTTPD 8
 .Os
 .Sh NAME
 .Nm httpd
@@ -68,12 +68,14 @@
 .Nm
 is the Apache HyperText Transfer Protocol (HTTP) server program. It is
 designed to be run as a standalone daemon process. When used like this
-is will create a pool of child processes to handle requests. To stop
+it will create a pool of child processes to handle requests. To stop
 it, send a TERM signal to the initial (parent) process. The PID of
 this process is written to a file as given in the configuration file.
 Alternatively
 .Nm
-may be invoked by the Internet daemon inetd(8) each
+may be invoked by the Internet daemon
+.Xr inetd 8
+each
 time a connection to the HTTP service is made.
 .Pp
 Normally this service can be enabled for startup on OpenBSD
@@ -84,15 +86,23 @@
 option is of particular importance.
 .Pp
 This manual page only lists the command line arguments. For details
-of the directives necessary to configure httpd see the Apache manual,
+of the directives necessary to configure
+.Nm
+see the Apache manual,
 which is part of the Apache distribution or can be found at
 .Pa http://www.apache.org/ ,
 or in
 .Pa /var/www/htdocs/manual .
 Paths in this manual page reflect those
-compiled into httpd by default with OpenBSD.
+compiled into
+.Nm
+by default with OpenBSD.
 .Sh OPTIONS
 .Bl -tag -width Ds
+.It Fl 4 
+Assume all addresses are IPv4 when parsing the config file.
+.It Fl 6 
+Assume all addresses are IPv6 when parsing the config file.
 .It Fl u
 By default
 .Nm
@@ -103,7 +113,7 @@
 path.
 The
 .Fl u
-option disabled this behaviour, and returns
+option disables this behaviour, and returns
 .Nm
 to the expanded "unsecure" behaviour.
 .Pp
@@ -127,7 +137,7 @@
 file do not need adjustment relative to
 .Va ServerRoot .
 For this option to remain secure, it is important that no files or directories
-writeable by user
+writable by user
 .Ar www
 or group
 .Ar www
@@ -187,11 +197,11 @@
 virtualhost settings).
 .It Fl t
 Run syntax tests for configuration files only, including DocumentRoot checks.
-The program immediately exits after these syntax parsing with either a return 
+The program immediately exits after this syntax parsing with either a return 
 code of 0 (Syntax OK) or return code not equal to 0 (Syntax Error).
 .It Fl T
 Run syntax tests for configuration files only, without DocumentRoot checks.
-The program immediately exits after these syntax parsing with either a return 
+The program immediately exits after this syntax parsing with either a return 
 code of 0 (Syntax OK) or return code not equal to 0 (Syntax Error).
 .It Fl X
 Run in single-process mode, for internal debugging purposes only; the daemon
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/CHANGES usr.sbin/httpd/src/CHANGES
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/CHANGES	Thu Feb 13 12:15:15 2003
+++ usr.sbin/httpd/src/CHANGES	Sun Feb 16 16:05:27 2003
@@ -1,18 +1,133 @@
+Changes with Apache 1.3.27
+
+  *) SECURITY: CAN-2002-0840 (cve.mitre.org)
+     Prevent a cross-site scripting vulnerability in the default
+     error page.  The issue could only be exploited if the directive
+     UseCanonicalName is set to Off and a server is being run at
+     a domain that allows wildcard DNS.  [Matthew Murphy]
+
+  *) SECURITY CAN-2002-0843 (cve.mitre.org)
+     Fix some possible overflows in ab.c that could be exploited by
+     a malicious server. Reported by David Wagner. [Jim Jagielski]
+
+  *) Included a patch submitted by Sander van Zoest (#9181) and
+     written by Michael Radwin whichs is essentially a work around
+     for the adding headers to error responses. As apache does not
+     go through the proper chain for non 2xx responses. This patch
+     adds an ErrorHeader directive; which is for non 2xx replies the
+     direct analog of the existing Header directive. This is usefull
+     during 3xx redirects or more complex 4xx auth schemes. [Dirk-
+     Willem van Gulik]
+
+  *) Included the patch submitted by Sander van Zoest (#12712) which
+     prevents just 'anything' being sucked in when doing gobbeling in
+     complete directories - such as editor backup files and other
+     cruft. This patch allows us to tailor/control this properly by
+     allowing simple wildcards such as *.conf. [Dirk-Willem van Gulik]
+
+  *) SECURITY CAN-2002-0839 (cve.mitre.org)
+     Add the new directive 'ShmemUIDisUser'. By default, Apache
+     will no longer set the uid/gid of SysV shared memory scoreboard
+     to User/Group, and it will therefore stay the uid/gid of
+     the parent Apache process. This is actually the way it should
+     be, however, some implementations may still require this, which
+     can be enabled by 'ShmemUIDisUser On'.  Reported by iDefense.
+     [Jim Jagielski]
+
+  *) Fix a problem with the definition of union semun which broke
+     System V semaphores on systems where sizeof(int) != sizeof(long).
+     PR 12072  []
+
+  *) The protocol version (eg: HTTP/1.1) in the request line parsing
+     is now case insensitive. This closes a few PRs and implies that
+     ProtocolReqCheck will trigger on *true* invalid protocols.
+     [Jim Jagielski]
+
+  *) Relaxed mod_digest its parsing in order to make it work
+     with iCal's "WebDAVFS/1.2 (01208000) Darwin/6.0 (Power Macintosh)"
+     User-Agent. Apache (incorrectly) insisted on a quoted URI's
+     in the uri field of the Authorization client header. Not
+     yet done for EBCDIC plaforms. 
+     [Dirk-Willem van Gulik]
+
+  *) Back out an older patch for PR 9932, which had some incorrect
+     behavior. Instead, use a backport of the APR fix. This has
+     the nice effect that ap_snprintf() can now distinguish between
+     an output which was truncated, and an output which exactly
+     filled the buffer. [Jim Jagielski]
+
+  *) The cache in mod_proxy was incorrectly updating the Content-Length
+     value (to 0) from 304 responses when doing validation. Bugz#10128
+     [Paul Terry , ast@domdv.de, Jim Jagielski]
+
+  *) Added support for Berkeley-DB/4.x to mod_auth_db.
+     [Martin Kraemer]
+
+  *) PR 10993: add image/x-icon to default httpd.conf files
+     [Ian Holsman, Peter Bieringer 
+
+  *) Fix a problem in proxy where headers from other modules were
+     added to the response headers when this was already done in the
+     core already. This resulted in header (and therefore cookie)
+     duplication. [Martijn Schoemaker ]
+
+  *) Fix FileETags none operation.  PR 12202.
+     [Justin Erenkrantz, Andrew Ho ]
+
+  *) Win32: Fix one byte buffer overflow in ap_get_win32_interpreter
+     when a CGI script's #! line does not contain a \r or \n (i.e.
+     a line feed character) in the first 1023 bytes. The overflow
+     is always a '\0' (string termination) character.
+
+  *) Add new "suppress-error-charset" environment variable to
+     allow a BrowserMatch workaround for clients that incorrectly
+     use the charset of a redirect as the charset of the target.
+     [Ken Coar]
+
+  *) Support Caldera OpenUNIX 8.  [Larry Rosenman ]
+
+  *) Use SysV semaphores by default on OpenBSD. [Henning Brauer 
+     ]
+
+  *) httpd -V will now also print out the compile time defined
+     HARD_SERVER_LIMIT value. [Dirk-Willem van Gulik].
+
+  *) In 1.3.26, a null or all blank Content-Length field would be
+     triggered as an error; previous versions would silently ignore
+     this and assume 0. As a special case, we now allow this and
+     behave as we previously did. HOWEVER, previous versions would
+     also silently accept bogus C-L values; We do NOT do that. That
+     *is* an invalid value and we treat it as such.
+     [Jim Jagielski]
+
+  *) Add ProtocolReqCheck directive, which determines if Apache will
+     check for a valid protocol string in the request (eg: HTTP/1.1)
+     and return HTTP_BAD_REQUEST if not valid. Versions of Apache
+     prior to 1.3.26 would silently ignore bad protocol strings, but
+     1.3.26 included a more strict check. This makes it runtime
+     configurable. The default is On. This also removes the requirement
+     on an ANSI sscanf() implementation. [Jim Jagielski]
+
+  *) NetWare: implemented file locking in mod_rewrite for the NetWare
+     CLib platform. This fixes a bug that prevented rewrite logging 
+     from working. [Brad Nicholes]
+
 Changes with Apache 1.3.26
 
   *) Potential NULL referencing fixed in the CGI module. It had
      been there for 5 years. [Justin Erenkrantz]
 
   *) Ensure that we set the result value in ap_strtol before
-     we return it. [The whole gang again]
+     we return it. [Justin Erenkrantz, Jim Jagielski]
 
 Changes with Apache 1.3.25
 
-  *) Code changes required to address and close the security
-     issues in CAN-2002-0392 (mitre.org) [CERT VU#944335].
-     To support this, we utilize the ANSI functionality of
-     strtol, and provide ap_strtol for completeness.
-     [The whole gang]
+  *) SECURITY: CAN-2002-0392 (cve.mitre.org) [CERT VU#944335]
+     Code changes required to address and close chunked 
+     encoding security issues.  To support this, we utilize the ANSI 
+     functionality of strtol, and provide ap_strtol for completeness.
+     [Aaron Bannert, Justin Erenkrantz, Jim Jagielski, Brian Pane,
+      William Rowe, Cliff Woolley]
      
   *) PORT: With OpenBSD 3.1 and up, allow modules to work on their
      ELF-based architectures. [Brad ]
@@ -112,7 +227,7 @@
   *) Fixed a segfault in mod_include when #if, #elif, #else, or #endif
      directives were improperly terminated.  [Cliff Woolley]
 
-  *) Win32 Security: CAN-2002-0061
+  *) Win32 SECURITY: CAN-2002-0061 (cve.mitre.org)
      Introduce proper escaping of command.com and cmd.exe for Win32.
      These patches close vulnerability CAN-2002-0061, identified and
      reported by Ory Segal , by which any CGI
@@ -502,16 +617,15 @@
      just happened to be  index.html.zh.Big5.
      [Bill Stoddard, Bill Rowe] PR #8130
 
-  *) Security: Close autoindex /?M=D directory listing hole reported
+  *) SECURITY: CAN-2001-0731 (cve.mitre.org)
+     Close autoindex /?M=D directory listing hole reported
      in bugtraq id 3009.  In some configurations where multiviews and 
      indexes are enabled for a directory, requesting URI /?M=D could
      result in a directory listing being returned to the client rather
      than the negotiated index.html variant that was configured and
      expected.  The work around for this problem (for pre 1.3.21
      releases) is to disable Indexes or Multiviews in the affected
-     directories.  The Common Vulnerabilities and Exposures project
-     (cve.mitre.org) has assigned the name CAN-2001-0731 to this issue.
-     [Bill Stoddard, Bill Rowe]
+     directories.  [Bill Stoddard, Bill Rowe]
 
   *) Enabled Win32/OS2/Netware file paths (not / rooted, but c:/ rooted)
      as arguments for mod_vhost_alias'es directives.  [William Rowe]
@@ -525,15 +639,14 @@
   *) PORT: Some Cygwin changes, esp. improvements for dynamic loading,
      and cleanups. [Stipe Tolj ]
 
-  *) Win32 SECURITY: The default installation could lead to mod_negotiation
+  *) Win32 SECURITY: CAN-2001-0729 (cve.mitre.org)
+     The default installation could lead to mod_negotiation
      and mod_dir/mod_autoindex displaying a directory listing instead of
      the index.html.* files, if a very long path was created artificially
      by using many slashes. Now a 403 FORBIDDEN is returned. This
      problem was similar to and in the same area as the problem
      reported and fixed by Martin Kraemer in 1.3.18, only the scope
-     is much narrower and is specific to Windows.  The Common 
-     Vulnerabilities and Exposures project (cve.mitre.org) has assigned the 
-     name CAN-2001-0729 to this issue.  [Bill Stoddard]
+     is much narrower and is specific to Windows.  [Bill Stoddard]
 
   *) Update the mime.types file to the registered media types as
      of 2001-09-25, and add xsl, so, dll extensions [Mark Cox]
@@ -616,13 +729,12 @@
      before contacting the next proxy, and was thus unusable for
      SSL proxying.  [Martin Kraemer]
 
-  *) SECURITY: Make support/split-logfile use the default log file if
+  *) SECURITY: CAN-2001-0730 (cve.mitre.org)
+     Make support/split-logfile use the default log file if
      "/" or "\" are present in the virtual host name.  This prevents
      the possible use of specially crafted virtual host names in
      some configurations to allow writing to any .log file on the
-     system.  The Common Vulnerabilities and Exposures project 
-     (cve.mitre.org) has assigned the name CAN-2001-0730 to this issue.
-     [Daniel Matuschek ,
+     system.  [Daniel Matuschek ,
      Marc Slemko] PR#7848
 
   *) Added a directive: "AcceptFilter ". To control BSD 
@@ -692,7 +804,8 @@
   *) Autodetect if platforms have isnan() and/or isinf() for use in
      ap_snprintf.c. [Jim Jagielski]
 
-  *) Security/DoS: Correct a vulnerability in the Win32 and OS2 ports, by which a 
+  *) SECURITY DoS: CAN-2001-1342 (cve.mitre.org)
+     Correct a vulnerability in the Win32 and OS2 ports, by which a 
      client submitting a carefully constructed URI could cause a GP
      (segment) fault in the child process, which would have to be
      cleared by the operator to resume operation.  This vulnerability
@@ -829,10 +942,11 @@
   *) Apache on Win9x now ensures the service is stopped before removal.
      [William Rowe]
 
-  *) SECURITY: The default installation could lead to mod_negotiation
+  *) SECURITY: CAN-2001-0925 (cve.mitre.org)
+     The default installation could lead to mod_negotiation
      and mod_dir/mod_autoindex displaying a directory listing instead of
      the index.html.* files, if a very long path was created artificially
-     by using many slashes. Now a 403 FORBIDDEN is returned. CAN-2001-0925.
+     by using many slashes. Now a 403 FORBIDDEN is returned.
      [Martin Kraemer]
      
   *) Trailing slashes (if they exist) are now removed from ServerRoot,
@@ -1101,7 +1215,7 @@
      tree, and other minor MPE tweaks.  
      [Mark Bixby ]
 
-  *) Security: Tighten up the syntax checking of Host: headers to fix a
+  *) SECURITY: Tighten up the syntax checking of Host: headers to fix a
      security bug in some mass virtual hosting configurations
      that can allow a remote attacker to retrieve some files
      on the system that should be inaccessible. [Tony Finch]
@@ -1114,7 +1228,7 @@
      SHA1 and plaintext password encodings.  Make feature tests a
      bit more flexible.  [William Rowe]
 
-  *) Security: CVE-2000-0913
+  *) SECURITY: CVE-2000-0913 (cve.mitre.org)
      Fix a security problem that affects some configurations of
      mod_rewrite. If the result of a RewriteRule is a filename that
      contains expansion specifiers, especially regexp backreferences
@@ -1218,8 +1332,9 @@
      for modules and executables dynamically linked to the core.
      [William Rowe; Jim Patterson ]
 
-  *) Prevent the source code for CGIs from being revealed when using
-     mod_vhost_alias and the CGI directory is under the document root
+  *) SECURITY: CAN-2000-1204 (cve.mitre.org)
+     Prevent the source code for CGIs from being revealed when 
+     using mod_vhost_alias and the CGI directory is under the document root
      and a user makes a request like http://www.example.com//cgi-bin/cgi
      as reported in 
      [Tony Finch]
@@ -1277,9 +1392,10 @@
       containers, and in .htaccess files when FileInfo
      overriding is allowed.  [Ken Coar] PR#3000
 
-  *) Fix Win32 bug when pathname length exactly equals MAX_PATH. 
+  *) SECURITY: CVE-2000-0505 (cve.mitre.org)
+     Fix Win32 bug when pathname length exactly equals MAX_PATH. 
      This bug caused directory index to be displayed rather than
-     returning an error. [Allan Edwards ]
+     returning an error.   [Allan Edwards ]
 
   *) Correct mod_proxy Win95 dynamic link __declspec(thread) bug.
      David Whitmarsh  
@@ -1512,10 +1628,12 @@
      the given character set on any document that does not have one
      explicitly specified in the headers.  [Marc Slemko, Jim Jagielski]
 
-  *) Properly escape various messages output to the client from a number
+  *) SECURITY: CAN-2000-1205 (cve.mitre.org)
+     Properly escape various messages output to the client from a number
      of modules and places in the core code.  [Marc Slemko]
 
-  *) Change mod_actions, mod_autoindex, mod_expires, and mod_log_config to
+  *) SECURITY: CAN-2000-1205 (cve.mitre.org)
+     Change mod_actions, mod_autoindex, mod_expires, and mod_log_config to
      not consider any parameters such as charset when making decisions 
      based on content type.  This does remove some functionality for 
      some users, but means that when these modules are configured to do 
@@ -1524,7 +1642,8 @@
      want to set things on a per charset basis is necessary in the future.  
      [Marc Slemko]
 
-  *) mod_include now entity encodes output from "printenv" and "echo var"
+  *) SECURITY: CAN-2000-1205 (cve.mitre.org)
+     mod_include now entity encodes output from "printenv" and "echo var"
      by default.  The encoding for "echo var" can be set to URL encoding
      or no encoding using the new "encoding" attribute to the echo tag.
      [Marc Slemko]
@@ -1582,8 +1701,9 @@
   *) Add back support for UseCanonicalName in  containers
      [Manoj Kasichainula]
 
-  *) More rigorous checking of Host: headers to fix security problems
-     with mass name-based virtual hosting (whether using mod_rewrite
+  *) SECURITY: CAN-2000-1206 (cve.mitre.org)
+     More rigorous checking of Host: headers to fix security 
+     problems with mass name-based virtual hosting (whether using mod_rewrite
      or mod_vhost_alias).
      [Ben Hyde, Tony Finch]
 
@@ -3551,7 +3671,8 @@
   *) SECURITY: Eliminate O(n^2) space DoS attacks (and other O(n^2)
      cpu time attacks) in header parsing.  Add ap_overlap_tables(),
      a function which can be used to perform bulk update operations
-     on tables in a more efficient manner.  [Dean Gaudet]
+     on tables in a more efficient manner.  CAN-1999-1199 (cve.mitre.org)
+     [Dean Gaudet]
 
   *) SECURITY: Added compile-time and configurable limits for
      various aspects of reading a client request to avoid some simple
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/CHANGES.SSL usr.sbin/httpd/src/CHANGES.SSL
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/CHANGES.SSL	Thu Feb 13 12:15:15 2003
+++ usr.sbin/httpd/src/CHANGES.SSL	Sun Feb 16 16:05:27 2003
@@ -23,6 +23,28 @@
       / __/ | (_) |
   __ |_____(_)___/ ___________________________________________
               
+  Changes with mod_ssl 2.8.12 (04-Oct-2002 to 23-Oct-2002)
+
+   *) Fixed potential Cross-Site-Scripting bug.
+
+   *) Allow also 8192 bytes of shared memory data size.
+
+  Changes with mod_ssl 2.8.11 (24-Jun-2002 to 04-Oct-2002)
+   
+   *) Upgraded to Apache 1.3.27.
+
+   *) Fixed internal error handling for CRL verification.
+
+   *) Initialize OpenSSL ENGINE before initializing OpenSSL
+      to workaround problems with the PRNG.
+
+   *) Also find "openssl" executable in "sbin" directories.
+
+   *) Honor specified number of maximum bytes on SSLRandomSeed
+      if reading from EGD.
+
+   *) Fixed generation of SSL_CLIENT_CERT_CHAIN_[0-9] variables.
+
   Changes with mod_ssl 2.8.10 (19-Jun-2002 to 24-Jun-2002)
 
    *) Fixed off-by-one buffer overflow bug in the compatibility
@@ -1979,7 +2001,7 @@
   Changes with mod_ssl 2.1.4 (05-Nov-1998 to 23-Dec-1998)
 
    *) Added the support for OpenSSL (see http://www.openssl.org/), 
-      the Open Source sucessor of SSLeay. The package name is no longer
+      the Open Source successor of SSLeay. The package name is no longer
       hard-wired and so both the HTTP Server field and the logfile entries
       correctly reflect the name OpenSSL, too.
 
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/Configuration.tmpl usr.sbin/httpd/src/Configuration.tmpl
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/Configuration.tmpl	Thu Feb 13 12:15:15 2003
+++ usr.sbin/httpd/src/Configuration.tmpl	Sun Feb 16 16:05:27 2003
@@ -235,6 +235,9 @@
 #  implementation and uses the Win32 native calls. Should be faster
 #  and more reliable for high-load systems.  
 # 
+# INET6:
+#  IPv6 support.
+#
 
 Rule SOCKS4=no
 Rule SOCKS5=no
@@ -243,6 +246,7 @@
 Rule PARANOID=no
 Rule EXPAT=default
 Rule CYGWIN_WINSOCK=no 
+Rule INET6=no
 
 # DEV_RANDOM:
 #  Note: this rule is only used when compiling mod_auth_digest.
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/Configure usr.sbin/httpd/src/Configure
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/Configure	Thu Feb 13 12:15:15 2003
+++ usr.sbin/httpd/src/Configure	Sun Feb 16 16:05:27 2003
@@ -240,6 +240,7 @@
 RULE_CYGWIN_WINSOCK=`${SHELL} helpers/CutRule CYGWIN_WINSOCK $file` 
 RULE_SHARED_CORE=`${SHELL} helpers/CutRule SHARED_CORE $file`
 RULE_SHARED_CHAIN=`${SHELL} helpers/CutRule SHARED_CHAIN $file`
+RULE_INET6=`./helpers/CutRule INET6 $file`
 
 ####################################################################
 ## Rule SHARED_CORE implies required DSO support
@@ -633,6 +634,12 @@
 	LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen -lresolv"
 	DBM_LIB=""
 	;;
+    *-OpenUNIX)
+	OS='OpenUNIX'
+	CFLAGS="$CFLAGS -DUW=800"
+	LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen -lresolv"
+	DBM_LIB=""
+	;;
     maxion-*-sysv4*)
     	OS='SVR4'
 	CFLAGS="$CFLAGS -DSVR4"
@@ -1270,6 +1277,16 @@
 	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
 	    LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport"
 	    ;;
+	*-OpenUNIX*)
+	    case $CC in
+		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
+		*/cc|cc   ) CFLAGS_SHLIB="-KPIC" ;;
+	    esac
+	    LDFLAGS_SHLIB="-Bdynamic -G"
+	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
+	    LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport"
+	    LD_SHLIB=$CC
+	    ;;
 	 *-sco5*)
 	     case $CC in
 		 */gcc*|gcc* ) CFLAGS_SHLIB="-fpic" ;;
@@ -1592,6 +1609,128 @@
     fi
 fi
 
+# INET6 support.
+if [ "$RULE_INET6" = "yes" ]; then
+    echo " + enabling INET6 support"
+    CFLAGS="$CFLAGS -DINET6"
+    CFLAGS="$CFLAGS -Dss_family=__ss_family -Dss_len=__ss_len"
+    IPV6_STACKTYPE="UNKNOWN"
+    for i in KAME Linux Solaris; do
+	case "$i" in
+	KAME)
+	    if [ -f /usr/include/netinet6/in6.h -a "x`egrep '__KAME__' /usr/include/netinet6/in6.h 2>/dev/null`" != "x" ]; then
+		IPV6_STACKTYPE=$i
+	    fi
+	    ;;
+	Linux)
+	    if [ /usr/include/netinet/ip6.h -a -d /usr/include/linux ]; then
+		IPV6_STACKTYPE=$i
+	    fi
+	    ;;
+	Solaris)
+	    SOL_VERSION=`(uname -v) 2>/dev/null` || SOL_VERSION="unknown"
+	    case "${PLAT}-${SOL_VERSION}" in
+		*-solaris2.27*-*IPv6*)
+		    if [ -f /etc/hostname -o -f /etc/hostname.[a-z]*[0-9] ]; then
+			IPV6_STACKTYPE="Solaris 7 (${SOL_VERSION})"
+		    fi
+		    ;;
+	    esac
+	    ;;
+	esac
+	if [ "$IPV6_STACKTYPE" != "UNKNOWN" ]; then
+	    break
+	fi
+    done
+    if [ "$IPV6_STACKTYPE" != "UNKNOWN" ]; then
+	echo " + You seem to be using $IPV6_STACKTYPE stack"
+	if ./helpers/TestCompile func getaddrinfo; then
+	    echo "   - Assuming you have working getaddrinfo in libc" 
+	else
+	    if [ -f /usr/local/v6/lib/libinet6.a -a "x`egrep '^EXTRA_L' Makefile.config | grep linet6`" = "x" ]; then
+		LIBS="$LIBS -L/usr/local/v6/lib -linet6"
+		echo "   - using getaddrinfo in libinet6" 
+	    elif [ -f /usr/local/lib/libinet6.a -a "x`egrep '^EXTRA_L' Makefile.config | grep linet6`" = "x" ]; then
+		LIBS="$LIBS -L/usr/local/lib -linet6"
+		echo "   - using getaddrinfo in libinet6"
+	    elif [ -f /usr/inet6/lib/libinet6.a -a "x`egrep '^EXTRA_L' Makefile.config | grep linet6`" = "x" ]; then
+		echo "   - using getaddrinfo in libinet6"
+	    else
+		echo "** WARNING: No getaddrinfo found, linkage may fail" 
+	    fi
+	fi
+    else
+	echo ""
+	echo "** WARNING: We have no explicit knowledge about the IPv6"
+	echo "** implementation on this host.  You may need to specify"
+	echo "** EXTRA_LIBS so that we can find getaddrinfo() and"
+	echo "** getnameinfo() library functions."
+	echo ""
+    fi
+    case $PLAT in
+	*-solaris2* )
+	    LIBS="$LIBS -lresolv"
+	    ;;
+    esac
+else
+  if ./helpers/TestCompile func getaddrinfo; then
+    echo "   - Assuming you have working getaddrinfo in libc"
+  else
+    CFLAGS="$CFLAGS -DNEED_GETADDRINFO -DNEED_GETNAMEINFO"
+    if [ -f /usr/include/netdb.h -a "x`egrep 'addrinfo' /usr/include/netdb.h`" = "x" ]; then
+	CFLAGS="$CFLAGS -DNEED_ADDRINFO"
+    fi
+  fi
+fi
+
+echo '#include ' >testfunc.c
+echo '#include ' >>testfunc.c
+echo 'int testfunc(){ struct sockaddr sa; int i = sa.sa_len; };' >>testfunc.c
+rm -f testfunc.o
+eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
+if [ -f testfunc.o ]; then
+    echo " + you have sa_len in struct sockaddr."
+    CFLAGS="$CFLAGS -DHAVE_SOCKADDR_LEN"
+else
+    echo " + you don't have sa_len in struct sockaddr."
+fi
+rm -f testfunc.c testfunc.o
+
+echo '#include ' >testfunc.c
+echo '#include ' >>testfunc.c
+echo 'struct sockaddr_storage sockaddr_storage;' >>testfunc.c
+rm -f testfunc.o
+eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
+if [ -f testfunc.o ]; then
+    echo " + assuming you have struct sockaddr_storage"
+else
+    CFLAGS="$CFLAGS -DNEED_SOCKADDR_STORAGE"
+    echo " + you need struct sockaddr_storage"
+fi
+rm -f testfunc.c testfunc.o
+
+echo '#include ' >testfunc.c
+echo '#include ' >>testfunc.c
+echo 'int testfunc(){ socklen_t t; }' >>testfunc.c
+rm -f testfunc.o
+eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
+if [ ! -f testfunc.o ]; then
+    CFLAGS="$CFLAGS -Dsocklen_t=int"
+fi
+rm -f testfunc.c testfunc.o
+
+echo '#include ' >testfunc.c
+echo '#include ' >>testfunc.c
+echo 'struct sockaddr_in sin;' >>testfunc.c
+echo 'int main(){ int i = sin.sin_len; }' >>testfunc.c
+rm -f testfunc.o
+eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
+if [ -f testfunc.o ]; then
+    CFLAGS="$CFLAGS -DSIN_LEN"
+fi
+rm -f testfunc.c testfunc.o
+
+
 ####################################################################
 ## Now we do some general checks and some intelligent Configuration
 ## control.
@@ -1703,6 +1842,128 @@
     esac
 fi
 
+# INET6 support.
+if [ "$RULE_INET6" = "yes" ]; then
+    echo " + enabling INET6 support"
+    CFLAGS="$CFLAGS -DINET6"
+    CFLAGS="$CFLAGS -Dss_family=__ss_family -Dss_len=__ss_len"
+    IPV6_STACKTYPE="UNKNOWN"
+    for i in KAME Linux Solaris; do
+	case "$i" in
+	KAME)
+	    if [ -f /usr/include/netinet6/in6.h -a "x`egrep '__KAME__' /usr/include/netinet6/in6.h 2>/dev/null`" != "x" ]; then
+		IPV6_STACKTYPE=$i
+	    fi
+	    ;;
+	Linux)
+	    if [ /usr/include/netinet/ip6.h -a -d /usr/include/linux ]; then
+		IPV6_STACKTYPE=$i
+	    fi
+	    ;;
+	Solaris)
+	    SOL_VERSION=`(uname -v) 2>/dev/null` || SOL_VERSION="unknown"
+	    case "${PLAT}-${SOL_VERSION}" in
+		*-solaris2.27*-*IPv6*)
+		    if [ -f /etc/hostname -o -f /etc/hostname.[a-z]*[0-9] ]; then
+			IPV6_STACKTYPE="Solaris 7 (${SOL_VERSION})"
+		    fi
+		    ;;
+	    esac
+	    ;;
+	esac
+	if [ "$IPV6_STACKTYPE" != "UNKNOWN" ]; then
+	    break
+	fi
+    done
+    if [ "$IPV6_STACKTYPE" != "UNKNOWN" ]; then
+	echo " + You seem to be using $IPV6_STACKTYPE stack"
+	if ./helpers/TestCompile func getaddrinfo; then
+	    echo "   - Assuming you have working getaddrinfo in libc" 
+	else
+	    if [ -f /usr/local/v6/lib/libinet6.a -a "x`egrep '^EXTRA_L' Makefile.config | grep linet6`" = "x" ]; then
+		LIBS="$LIBS -L/usr/local/v6/lib -linet6"
+		echo "   - using getaddrinfo in libinet6" 
+	    elif [ -f /usr/local/lib/libinet6.a -a "x`egrep '^EXTRA_L' Makefile.config | grep linet6`" = "x" ]; then
+		LIBS="$LIBS -L/usr/local/lib -linet6"
+		echo "   - using getaddrinfo in libinet6"
+	    elif [ -f /usr/inet6/lib/libinet6.a -a "x`egrep '^EXTRA_L' Makefile.config | grep linet6`" = "x" ]; then
+		echo "   - using getaddrinfo in libinet6"
+	    else
+		echo "** WARNING: No getaddrinfo found, linkage may fail" 
+	    fi
+	fi
+    else
+	echo ""
+	echo "** WARNING: We have no explicit knowledge about the IPv6"
+	echo "** implementation on this host.  You may need to specify"
+	echo "** EXTRA_LIBS so that we can find getaddrinfo() and"
+	echo "** getnameinfo() library functions."
+	echo ""
+    fi
+    case $PLAT in
+	*-solaris2* )
+	    LIBS="$LIBS -lresolv"
+	    ;;
+    esac
+else
+  if ./helpers/TestCompile func getaddrinfo; then
+    echo "   - Assuming you have working getaddrinfo in libc"
+  else
+    CFLAGS="$CFLAGS -DNEED_GETADDRINFO -DNEED_GETNAMEINFO"
+    if [ -f /usr/include/netdb.h -a "x`egrep 'addrinfo' /usr/include/netdb.h`" = "x" ]; then
+	CFLAGS="$CFLAGS -DNEED_ADDRINFO"
+    fi
+  fi
+fi
+
+echo '#include ' >testfunc.c
+echo '#include ' >>testfunc.c
+echo 'int testfunc(){ struct sockaddr sa; int i = sa.sa_len; };' >>testfunc.c
+rm -f testfunc.o
+eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
+if [ -f testfunc.o ]; then
+    echo " + you have sa_len in struct sockaddr."
+    CFLAGS="$CFLAGS -DHAVE_SOCKADDR_LEN"
+else
+    echo " + you don't have sa_len in struct sockaddr."
+fi
+rm -f testfunc.c testfunc.o
+
+echo '#include ' >testfunc.c
+echo '#include ' >>testfunc.c
+echo 'struct sockaddr_storage sockaddr_storage;' >>testfunc.c
+rm -f testfunc.o
+eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
+if [ -f testfunc.o ]; then
+    echo " + assuming you have struct sockaddr_storage"
+else
+    CFLAGS="$CFLAGS -DNEED_SOCKADDR_STORAGE"
+    echo " + you need struct sockaddr_storage"
+fi
+rm -f testfunc.c testfunc.o
+
+echo '#include ' >testfunc.c
+echo '#include ' >>testfunc.c
+echo 'int testfunc(){ socklen_t t; }' >>testfunc.c
+rm -f testfunc.o
+eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
+if [ ! -f testfunc.o ]; then
+    CFLAGS="$CFLAGS -Dsocklen_t=int"
+fi
+rm -f testfunc.c testfunc.o
+
+echo '#include ' >testfunc.c
+echo '#include ' >>testfunc.c
+echo 'struct sockaddr_in sin;' >>testfunc.c
+echo 'int main(){ int i = sin.sin_len; }' >>testfunc.c
+rm -f testfunc.o
+eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
+if [ -f testfunc.o ]; then
+    CFLAGS="$CFLAGS -DSIN_LEN"
+fi
+rm -f testfunc.c testfunc.o
+
+
 ####################################################################
 ## Find out what modules we want and try and configure things for them
 ## Module lines can look like this:
@@ -2005,7 +2266,7 @@
 	#    select the special subtarget for shared core generation
 	SUBTARGET=target_shared
 	#    determine additional suffixes for libhttpd.so
-	V=1 R=3 P=26
+	V=1 R=3 P=27
 	if [ "x$SHLIB_SUFFIX_DEPTH" = "x0" ]; then
 	    SHLIB_SUFFIX_LIST=""
 	fi
@@ -2297,6 +2558,70 @@
 echo "#ifndef AP_LONGEST_LONG" >>$AP_CONFIG_AUTO_H
 echo "#define AP_LONGEST_LONG $AP_LONGEST_LONG" >>$AP_CONFIG_AUTO_H
 echo "#endif" >>$AP_CONFIG_AUTO_H
+
+if [ x`./helpers/TestCompile -r sizeof 'uint32_t'` != x"" ]; then
+    echo "" >>$AP_CONFIG_AUTO_H
+    echo "/* determine: use uint32_t as 32bit unsigned int */" >>$AP_CONFIG_AUTO_H
+    echo "#ifndef ap_uint32_t" >>$AP_CONFIG_AUTO_H
+    echo "#define ap_uint32_t uint32_t" >>$AP_CONFIG_AUTO_H
+    echo "#endif" >>$AP_CONFIG_AUTO_H
+    echo "   - use uint32_t as 32bit unsigned int"
+elif [ x`./helpers/TestCompile -r sizeof 'u_int32_t'` != x"" ]; then
+    echo "" >>$AP_CONFIG_AUTO_H
+    echo "/* determine: use u_int32_t as 32bit unsigned int */" >>$AP_CONFIG_AUTO_H
+    echo "#ifndef ap_uint32_t" >>$AP_CONFIG_AUTO_H
+    echo "#define ap_uint32_t u_int32_t" >>$AP_CONFIG_AUTO_H
+    echo "#endif" >>$AP_CONFIG_AUTO_H
+    echo "   - use u_int32_t as 32bit unsigned int"
+elif [ x`./helpers/TestCompile -r sizeof 'unsigned int'` = x"4" ]; then
+    echo "" >>$AP_CONFIG_AUTO_H
+    echo "/* determine: use unsigned int as 32bit unsigned int */" >>$AP_CONFIG_AUTO_H
+    echo "#ifndef ap_uint32_t" >>$AP_CONFIG_AUTO_H
+    echo "#define ap_uint32_t unsigned int" >>$AP_CONFIG_AUTO_H
+    echo "#endif" >>$AP_CONFIG_AUTO_H
+    echo "   - use unsigned int as 32bit unsigned int"
+elif [ x`./helpers/TestCompile -r sizeof 'unsigned long int'` = x"4" ]; then
+    echo "" >>$AP_CONFIG_AUTO_H
+    echo "/* determine: use unsigned long int as 32bit unsigned int */" >>$AP_CONFIG_AUTO_H
+    echo "#ifndef uint32_t" >>$AP_CONFIG_AUTO_H
+    echo "#define uint32_t unsigned long int" >>$AP_CONFIG_AUTO_H
+    echo "#endif" >>$AP_CONFIG_AUTO_H
+    echo "   - use unsigned long int as 32bit unsigned int"
+else
+    echo "  - Warning: cannot determine what type should we use as 32bit unsigned int"
+fi
+
+if [ x`./helpers/TestCompile -r sizeof 'uint32_t'` != x"" ]; then
+    echo "" >>$AP_CONFIG_AUTO_H
+    echo "/* determine: use uint32_t as 32bit unsigned int */" >>$AP_CONFIG_AUTO_H
+    echo "#ifndef ap_uint32_t" >>$AP_CONFIG_AUTO_H
+    echo "#define ap_uint32_t uint32_t" >>$AP_CONFIG_AUTO_H
+    echo "#endif" >>$AP_CONFIG_AUTO_H
+    echo "   - use uint32_t as 32bit unsigned int"
+elif [ x`./helpers/TestCompile -r sizeof 'u_int32_t'` != x"" ]; then
+    echo "" >>$AP_CONFIG_AUTO_H
+    echo "/* determine: use u_int32_t as 32bit unsigned int */" >>$AP_CONFIG_AUTO_H
+    echo "#ifndef ap_uint32_t" >>$AP_CONFIG_AUTO_H
+    echo "#define ap_uint32_t u_int32_t" >>$AP_CONFIG_AUTO_H
+    echo "#endif" >>$AP_CONFIG_AUTO_H
+    echo "   - use u_int32_t as 32bit unsigned int"
+elif [ x`./helpers/TestCompile -r sizeof 'unsigned int'` = x"4" ]; then
+    echo "" >>$AP_CONFIG_AUTO_H
+    echo "/* determine: use unsigned int as 32bit unsigned int */" >>$AP_CONFIG_AUTO_H
+    echo "#ifndef ap_uint32_t" >>$AP_CONFIG_AUTO_H
+    echo "#define ap_uint32_t unsigned int" >>$AP_CONFIG_AUTO_H
+    echo "#endif" >>$AP_CONFIG_AUTO_H
+    echo "   - use unsigned int as 32bit unsigned int"
+elif [ x`./helpers/TestCompile -r sizeof 'unsigned long int'` = x"4" ]; then
+    echo "" >>$AP_CONFIG_AUTO_H
+    echo "/* determine: use unsigned long int as 32bit unsigned int */" >>$AP_CONFIG_AUTO_H
+    echo "#ifndef uint32_t" >>$AP_CONFIG_AUTO_H
+    echo "#define uint32_t unsigned long int" >>$AP_CONFIG_AUTO_H
+    echo "#endif" >>$AP_CONFIG_AUTO_H
+    echo "   - use unsigned long int as 32bit unsigned int"
+else
+    echo "  - Warning: cannot determine what type should we use as 32bit unsigned int"
+fi
 
 ####################################################################
 ## More building ap_config_auto.h
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/ap/ap_snprintf.c usr.sbin/httpd/src/ap/ap_snprintf.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/ap/ap_snprintf.c	Thu Feb 13 12:15:09 2003
+++ usr.sbin/httpd/src/ap/ap_snprintf.c	Sun Feb 16 16:05:25 2003
@@ -76,6 +76,7 @@
 #ifdef WIN32
 #include 
 #endif
+#include "sa_len.h"
 
 typedef enum {
     NO = 0, YES = 1
@@ -321,7 +322,8 @@
  */
 #define FIX_PRECISION( adjust, precision, s, s_len )	\
     if ( adjust )					\
-	while ( s_len < precision )			\
+	while ( s_len < precision &&			\
+		s_len < NUM_BUF_SIZE - 1)		\
 	{						\
 	    *--s = '0' ;				\
 	    s_len++ ;					\
@@ -504,6 +506,42 @@
 
 
 
+#ifdef INET6
+static char *conv_sockaddr(struct sockaddr *sa, char *buf_end, int *len)
+{
+    char *p = buf_end;
+    char hostnamebuf[MAXHOSTNAMELEN];
+    char portnamebuf[MAXHOSTNAMELEN];
+    char *q;
+    int salen;
+
+#ifndef SIN6_LEN
+    salen = SA_LEN(sa);
+#else
+    salen = sa->sa_len;
+#endif
+    if (getnameinfo(sa, salen, hostnamebuf, sizeof(hostnamebuf),
+	    portnamebuf, sizeof(portnamebuf), NI_NUMERICHOST | NI_NUMERICSERV)) {
+	strcpy(hostnamebuf, "???");
+	strcpy(portnamebuf, "???");
+    }
+    if (strcmp(portnamebuf,"0") == 0)
+	strcpy(portnamebuf, "*");
+    q = portnamebuf + strlen(portnamebuf);
+    while (portnamebuf < q)
+	*--p = *--q;
+    *--p = ':';
+    q = hostnamebuf + strlen(hostnamebuf);
+    while (hostnamebuf < q)
+	*--p = *--q;
+
+    *len = buf_end - p;
+    return (p);
+}
+#endif /*INET6*/
+
+
+
 /*
  * Convert a floating point number to a string formats 'f', 'e' or 'E'.
  * The result is placed in buf, and len denotes the length of the string
@@ -1055,6 +1093,7 @@
 		    /* print a struct sockaddr_in as a.b.c.d:port */
 		case 'I':
 		    {
+#ifndef INET6
 			struct sockaddr_in *si;
 
 			si = va_arg(ap, struct sockaddr_in *);
@@ -1063,6 +1102,16 @@
 			    if (adjust_precision && precision < s_len)
 				s_len = precision;
 			}
+#else
+			struct sockaddr *sa;
+
+			sa = va_arg(ap, struct sockaddr *);
+			if (sa != NULL) {
+			    s = conv_sockaddr(sa, &num_buf[NUM_BUF_SIZE], &s_len);
+			    if (adjust_precision && precision < s_len)
+				s_len = precision;
+			}
+#endif
 			else {
 			    s = S_NULL;
 			    s_len = S_NULL_LEN;
@@ -1158,10 +1207,7 @@
 	fmt++;
     }
     vbuff->curpos = sp;
-    if (sp >= bep) {
-	if (flush_func(vbuff))
-	    return -1;
-    }
+
     return cc;
 }
 
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/ap/ap_strtol.c usr.sbin/httpd/src/ap/ap_strtol.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/ap/ap_strtol.c	Thu Feb 13 12:15:09 2003
+++ usr.sbin/httpd/src/ap/ap_strtol.c	Sun Feb 16 16:05:25 2003
@@ -106,9 +106,8 @@
  *
  * Assumes that the upper and lower case
  * alphabets and digits are each contiguous.
- * As such, this will break on EBCDIC machines
- * if base is >19. The highest we use is 16
- * so we're OK, but you are warned!
+ * (On EBCDIC machines it assumes that digits and
+ *  upper/lower case A-I, J-R, and S-Z are contiguous.)
  */
 
 API_EXPORT(long) ap_strtol(const char *nptr, char **endptr, int base)
@@ -173,17 +172,35 @@
 	for ( ; ; c = *s++) {
 		if (c >= '0' && c <= '9')
 			c -= '0';
+#ifdef CHARSET_EBCDIC
+		else if (c >= 'A' && c <= 'I')
+			c -= 'A' - 10;
+		else if (c >= 'a' && c <= 'i')
+			c -= 'a' - 10;
+		else if (c >= 'J' && c <= 'R')
+			c -= 'J' - 19;
+		else if (c >= 'j' && c <= 'r')
+			c -= 'j' - 19;
+		else if (c >= 'S' && c <= 'Z')
+			c -= 'S' - 28;
+		else if (c >= 's' && c <= 'z')
+			c -= 's' - 28;
+#else
 		else if (c >= 'A' && c <= 'Z')
 			c -= 'A' - 10;
 		else if (c >= 'a' && c <= 'z')
 			c -= 'a' - 10;
+#endif /* CHARSET_EBCDIC */
 		else
 			break;
 		if (c >= base)
 			break;
-		if (any < 0 || acc > cutoff || (acc == cutoff && c > cutlim))
+		if (any < 0 || acc > cutoff || (acc == cutoff && c > cutlim)) {
 			any = -1;
-		else {
+#ifdef AP_STRTOL_OVERFLOW_IS_BAD_CHAR
+			break;
+#endif
+		} else {
 			any = 1;
 			acc *= base;
 			acc += c;
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/helpers/GuessOS usr.sbin/httpd/src/helpers/GuessOS
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/helpers/GuessOS	Thu Feb 13 12:15:10 2003
+++ usr.sbin/httpd/src/helpers/GuessOS	Sun Feb 16 16:05:21 2003
@@ -72,6 +72,9 @@
 		    7*)
 			echo "${MACHINE}-whatever-unixware7"; exit 0
 			;;
+		    8*)
+			echo "${MACHINE}-whatever-OpenUNIX"; exit 0
+			;;
 		esac
 		;;
 	esac
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/helpers/binbuild.sh usr.sbin/httpd/src/helpers/binbuild.sh
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/helpers/binbuild.sh	Thu Feb 13 12:15:10 2003
+++ usr.sbin/httpd/src/helpers/binbuild.sh	Sun Feb 16 16:05:21 2003
@@ -91,13 +91,12 @@
   echo " " && \
   echo "NOTE: Please do not send support-related mails to the address mentioned" && \
   echo "      above or to any member of the Apache Group! Support questions" && \
-  echo "      should be directed to the \"comp.infosystems.www.servers.unix\"" && \
-  echo "      or \"comp.infosystems.www.servers.ms-windows\" newsgroup" && \
-  echo "      (as appropriate for the platform you use), where some of the" && \
-  echo "      Apache team lurk, in the company of many other Apache gurus" && \
-  echo "      who should be able to help." && \
+  echo "      should be directed to the forums mentioned at" && \
+  echo "      http://httpd.apache.org/lists.html#http-users" && \
+  echo "      where some of the Apache team lurk, in the company of many other" && \
+  echo "      Apache gurus who should be able to help." && \
   echo "      If you think you found a bug in Apache or have a suggestion please" && \
-  echo "      visit the bug report page at http://www.apache.org/bug_report.html" && \
+  echo "      visit the bug report page at http://httpd.apache.org/bug_report.html" && \
   echo " " && \
   echo "----------------------------------------------------------------------" && \
   ./bindist/bin/httpd -V && \
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/include/ap.h usr.sbin/httpd/src/include/ap.h
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/include/ap.h	Thu Feb 13 12:15:14 2003
+++ usr.sbin/httpd/src/include/ap.h	Sun Feb 16 16:05:21 2003
@@ -95,7 +95,8 @@
  * with some extensions.  The extensions are:
  *
  * %pA	takes a struct in_addr *, and prints it as a.b.c.d
- * %pI	takes a struct sockaddr_in * and prints it as a.b.c.d:port
+ * %pI	takes a struct sockaddr * and prints it as a.b.c.d:port, or
+ *	ipv6-numeric-addr:port
  * %pp  takes a void * and outputs it in hex
  *
  * The %p hacks are to force gcc's printf warning code to skip
@@ -157,11 +158,13 @@
  * Process the format string until the entire string is exhausted, or
  * the buffer fills.  If the buffer fills then stop processing immediately
  * (so no further %n arguments are processed), and return the buffer
- * length.  In all cases the buffer is NUL terminated.
+ * length.  In all cases the buffer is NUL terminated. The return value
+ * is the number of characters placed in the buffer, excluding the
+ * terminating NUL. All this implies that, at most, (len-1) characters
+ * will be copied over; if the return value is >= len, then truncation
+ * occured.
  *
- * In no event does ap_snprintf return a negative number.  It's not possible
- * to distinguish between an output which was truncated, and an output which
- * exactly filled the buffer.
+ * In no event does ap_snprintf return a negative number.
  */
 API_EXPORT_NONSTD(int) ap_snprintf(char *buf, size_t len, const char *format,...)
 			    __attribute__((format(printf,3,4)));
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/include/ap_config.h usr.sbin/httpd/src/include/ap_config.h
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/include/ap_config.h	Thu Feb 13 12:15:14 2003
+++ usr.sbin/httpd/src/include/ap_config.h	Sun Feb 16 16:05:21 2003
@@ -409,6 +409,10 @@
 #endif
 #ifndef S_IWOTH
 #define S_IWOTH 000002
+#ifndef rlim_t
+typedef int rlim_t;
+#endif
+typedef u_long n_long;
 #endif
 
 #define STDIN_FILENO  0
@@ -1517,6 +1521,70 @@
 
 #ifndef ap_wait_t
 #define ap_wait_t int
+#endif
+
+#ifndef INET6
+#define sockaddr_storage	sockaddr
+#define ss_family		sa_family
+#define ss_len			sa_len
+#else
+#include "sockaddr_storage.h"	/* sshida@st.rim.or.jp */
+#endif
+
+#ifndef INET6_ADDRSTRLEN
+#define INET6_ADDRSTRLEN	46
+#endif
+#ifndef INET_ADDRSTRLEN
+#define INET_ADDRSTRLEN		16
+#endif
+#ifndef NI_MAXHOST
+#define NI_MAXHOST		1025
+#endif
+#ifndef NI_MAXSERV
+#define	NI_MAXSERV		32
+#endif
+
+#if defined(NEED_GETADDRINFO) || defined(NEED_GETNAMEINFO)
+/*
+ * minimal definitions for fake getaddrinfo()/getnameinfo().
+ */
+#ifndef EAI_NODATA
+#define EAI_NODATA	1
+#define EAI_MEMORY	2
+#endif
+
+#ifndef AI_PASSIVE
+#define AI_PASSIVE	1
+#define AI_CANONNAME	2
+#define AI_NUMERICHOST	4
+#define NI_NUMERICHOST	8
+#define NI_NAMEREQD	16
+#define NI_NUMERICSERV	32
+#endif
+#endif
+
+#ifdef NEED_GETADDRINFO
+#ifdef NEED_ADDRINFO
+struct addrinfo {
+	int	ai_flags;	/* AI_PASSIVE, AI_CANONNAME */
+	int	ai_family;	/* PF_xxx */
+	int	ai_socktype;	/* SOCK_xxx */
+	int	ai_protocol;	/* 0 or IPPROTO_xxx for IPv4 and IPv6 */
+	size_t	ai_addrlen;	/* length of ai_addr */
+	char	*ai_canonname;	/* canonical name for hostname */
+	struct sockaddr *ai_addr;	/* binary address */
+	struct addrinfo *ai_next;	/* next structure in linked list */
+};
+#endif
+extern char *gai_strerror(int ecode);
+extern void freeaddrinfo(struct addrinfo *ai);
+extern int getaddrinfo(const char *hostname, const char *servname,
+	const struct addrinfo *hints, struct addrinfo **res);
+#endif
+#ifdef NEED_GETNAMEINFO
+extern int getnameinfo(const struct sockaddr *sa, size_t salen,
+	char *host, size_t hostlen, char *serv, size_t servlen,
+	int flag);
 #endif
 
 #ifdef __cplusplus
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/include/http_conf_globals.h usr.sbin/httpd/src/include/http_conf_globals.h
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/include/http_conf_globals.h	Thu Feb 13 12:15:14 2003
+++ usr.sbin/httpd/src/include/http_conf_globals.h	Sun Feb 16 16:05:21 2003
@@ -82,7 +82,8 @@
 extern API_VAR_EXPORT int ap_max_requests_per_child;
 extern API_VAR_EXPORT int ap_threads_per_child;
 extern API_VAR_EXPORT int ap_excess_requests_per_child;
-extern API_VAR_EXPORT struct in_addr ap_bind_address;
+extern API_VAR_EXPORT struct sockaddr_storage ap_bind_address;
+extern API_VAR_EXPORT int ap_default_family;
 extern listen_rec *ap_listeners;
 extern API_VAR_EXPORT int ap_daemons_to_start;
 extern API_VAR_EXPORT int ap_daemons_min_free;
@@ -105,6 +106,9 @@
 extern API_VAR_EXPORT char *ap_server_argv0;
 
 extern enum server_token_type ap_server_tokens;
+
+extern API_VAR_EXPORT int ap_protocol_req_check;
+extern API_VAR_EXPORT int ap_change_shmem_uid;
 
 /* Trying to allocate these in the config pool gets us into some *nasty*
  * chicken-and-egg problems in http_main.c --- where do you stick them
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/include/http_vhost.h usr.sbin/httpd/src/include/http_vhost.h
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/include/http_vhost.h	Thu Feb 13 12:15:14 2003
+++ usr.sbin/httpd/src/include/http_vhost.h	Sun Feb 16 16:05:21 2003
@@ -73,7 +73,7 @@
 API_EXPORT(const char *) ap_parse_vhost_addrs(pool *p, const char *hostname, server_rec *s);
 
 /* handle NameVirtualHost directive */
-API_EXPORT_NONSTD(const char *) ap_set_name_virtual_host (cmd_parms *cmd, void *dummy, char *arg);
+API_EXPORT_NONSTD(const char *) ap_set_name_virtual_host (cmd_parms *cmd, void *dummy, char *h, char *p);
 
 /* given an ip address only, give our best guess as to what vhost it is */
 API_EXPORT(void) ap_update_vhost_given_ip(conn_rec *conn);
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/include/httpd.h usr.sbin/httpd/src/include/httpd.h
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/include/httpd.h	Thu Feb 13 12:15:14 2003
+++ usr.sbin/httpd/src/include/httpd.h	Sun Feb 16 16:05:21 2003
@@ -64,6 +64,13 @@
 #endif
 
 /*
+ * Define APACHE6 so that additional modules depending on Apache can
+ * tell if this a pacthed apache-1.3.*. With this definition apache6
+ * is working together with e.g. the ap-perl module in NetBSD.
+ */
+#define APACHE6 1
+
+/*
  * httpd.h: header for simple (ha! not anymore) http daemon
  */
 
@@ -457,7 +464,7 @@
 
 #define SERVER_BASEVENDOR   "Apache Group"
 #define SERVER_BASEPRODUCT  "Apache"
-#define SERVER_BASEREVISION "1.3.26"
+#define SERVER_BASEREVISION "1.3.27"
 #define SERVER_BASEVERSION  SERVER_BASEPRODUCT "/" SERVER_BASEREVISION
 
 #define SERVER_PRODUCT  SERVER_BASEPRODUCT
@@ -481,7 +488,7 @@
  * Always increases along the same track as the source branch.
  * For example, Apache 1.4.2 would be '10402100', 2.5b7 would be '20500007'.
  */
-#define APACHE_RELEASE 10326100
+#define APACHE_RELEASE 10327100
 
 #define SERVER_PROTOCOL "HTTP/1.1"
 #ifndef SERVER_SUPPORT
@@ -903,8 +910,8 @@
 
     /* Who is the client? */
 
-    struct sockaddr_in local_addr;	/* local address */
-    struct sockaddr_in remote_addr;	/* remote address */
+    struct sockaddr_storage local_addr;	/* local address */
+    struct sockaddr_storage remote_addr; /* remote address */
     char *remote_ip;		/* Client's IP address */
     char *remote_host;		/* Client's DNS name, if known.
 				 * NULL if DNS hasn't been checked,
@@ -946,8 +953,8 @@
 typedef struct server_addr_rec server_addr_rec;
 struct server_addr_rec {
     server_addr_rec *next;
-    struct in_addr host_addr;	/* The bound address, for this server */
-    unsigned short host_port;	/* The bound port, for this server */
+    struct sockaddr_storage host_addr;	/* The bound address, for this server */
+    unsigned short host_port;	/* The bound port, for this server XXX */
     char *virthost;		/* The name given in  */
 };
 
@@ -1015,7 +1022,7 @@
 /* These are more like real hosts than virtual hosts */
 struct listen_rec {
     listen_rec *next;
-    struct sockaddr_in local_addr;	/* local IP address and port */
+    struct sockaddr_storage local_addr;	/* local IP address and port */
     int fd;
     int used;			/* Only used during restart */        
 /* more stuff here, like which protocol is bound to the port */
@@ -1183,7 +1190,7 @@
 #endif /*#ifdef CHARSET_EBCDIC*/
 
 API_EXPORT(char *) ap_get_local_host(pool *);
-API_EXPORT(unsigned long) ap_get_virthost_addr(char *hostname, unsigned short *port);
+API_EXPORT(struct sockaddr *) ap_get_virthost_addr(char *hostname, unsigned short *port);
 
 extern API_VAR_EXPORT time_t ap_restart_time;
 
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/include/sa_len.h usr.sbin/httpd/src/include/sa_len.h
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/include/sa_len.h	Wed Dec 31 19:00:00 1969
+++ usr.sbin/httpd/src/include/sa_len.h	Sun Feb 16 16:05:21 2003
@@ -0,0 +1,41 @@
+/* sa_len.h : tiny version of SA_LEN (written by ) */
+ 
+#include 
+#include 
+#include 
+#include 
+
+#ifndef HAVE_SOCKADDR_LEN
+#ifndef SA_LEN
+#define SA_LEN(s_)	ap_sa_len((s_)->sa_family)
+
+static NET_SIZE_T ap_sa_len (sa_family_t af)
+{
+    switch (af){
+#if defined(AF_INET)
+    case AF_INET:
+	return (sizeof(struct sockaddr_in));
+#endif /* AF_INET */
+#if defined(AF_INET6)
+    case AF_INET6:
+	return (sizeof(struct sockaddr_in6));
+#endif
+#ifdef AF_LOCAL
+    case AF_LOCAL:
+#endif /* AF_LOCAL */
+#if defined(AF_UNIX) && (AF_UNIX != AF_LOCAL)
+    case AF_UNIX:
+#endif /* AF_UNIX */
+#if defined(AF_FILE) && (AF_FILE != AF_LOCAL || AF_FILE != AF_UNIX)
+    case AF_FILE:
+#endif /* AF_FILE */
+#if defined(AF_LOCAL) || defined(AF_UNIX) || defined(AF_FILE)
+	return (sizeof(struct sockaddr_un));
+#endif /* defined(AF_LOCAL) || defined(AF_UNIX) || defined(AF_FILE) */
+    default:
+	return 0;
+    }
+    return 0;
+}
+#endif /* SA_LEN */
+#endif /* HAVE_SOCKADDR_LEN */
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/include/sockaddr_storage.h usr.sbin/httpd/src/include/sockaddr_storage.h
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/include/sockaddr_storage.h	Wed Dec 31 19:00:00 1969
+++ usr.sbin/httpd/src/include/sockaddr_storage.h	Sun Feb 16 16:05:21 2003
@@ -0,0 +1,53 @@
+/*
+struct sockaddr_storage
+
+   RFC2553 proposes struct sockaddr_storage.
+   This is a placeholder for all sockaddr-variant structures. This is
+   implemented like follows:
+
+   You should use this structure to hold any of sockaddr-variant
+   structures.
+*/
+#ifdef NEED_SOCKADDR_STORAGE
+
+struct sockaddr_storage {
+#ifdef HAVE_SOCKADDR_LEN
+	u_char ss_len;
+	u_char ss_family;
+#else
+	u_short ss_family;
+#endif
+	u_char __padding[128 - 2];
+};
+
+/*
+union sockunion
+
+   Alternatively, you may want to implement sockunion.h, with the
+   following content:
+
+   NOTE: For better portability, struct sockaddr_storage should be used.
+   union sockunion is okay, but is not really portable enough.
+*/
+union sockunion {
+	struct sockinet {
+#ifdef HAVE_SOCKADDR_LEN
+		u_char si_len;
+		u_char si_family;
+#else
+		u_short si_family;
+#endif
+		u_short si_port;
+	} su_si;
+	struct sockaddr_in  su_sin;
+#ifdef INET6
+	struct sockaddr_in6 su_sin6;
+#endif
+};
+#ifdef HAVE_SOCKADDR_LEN
+#define su_len		su_si.si_len
+#endif
+#define su_family	su_si.si_family
+#define su_port		su_si.si_port
+
+#endif /* NEED_SOCKADDR_STORAGE */
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/alloc.c usr.sbin/httpd/src/main/alloc.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/alloc.c	Thu Feb 13 12:15:14 2003
+++ usr.sbin/httpd/src/main/alloc.c	Sun Feb 16 16:05:22 2003
@@ -1068,37 +1068,45 @@
 #endif
 };
 
+#define AP_PSPRINTF_MIN_SIZE 32  /* Minimum size of allowable avail block */
+
 static int psprintf_flush(ap_vformatter_buff *vbuff)
 {
     struct psprintf_data *ps = (struct psprintf_data *)vbuff;
 #ifdef ALLOC_USE_MALLOC
-    int size;
+    int cur_len, size;
     char *ptr;
 
-    size = (char *)ps->vbuff.curpos - ps->base;
+    cur_len = (char *)ps->vbuff.curpos - ps->base;
+    size = cur_len << 1;
+    if (size < AP_PSPRINTF_MIN_SIZE)
+        size = AP_PSPRINTF_MIN_SIZE;
 #if defined(EAPI) && defined(EAPI_MM)
     if (ps->block->h.is_shm)
-        ptr = ap_mm_realloc(ps->base, 2*size);
+        ptr = ap_mm_realloc(ps->base, size);
     else
 #endif
-    ptr = realloc(ps->base, 2*size);
+    ptr = realloc(ps->base, size);
     if (ptr == NULL) {
 	fputs("Ouch!  Out of memory!\n", stderr);
 	exit(1);
     }
     ps->base = ptr;
-    ps->vbuff.curpos = ptr + size;
-    ps->vbuff.endpos = ptr + 2*size - 1;
+    ps->vbuff.curpos = ptr + cur_len;
+    ps->vbuff.endpos = ptr + size - 1;
     return 0;
 #else
     union block_hdr *blok;
     union block_hdr *nblok;
-    size_t cur_len;
+    size_t cur_len, size;
     char *strp;
 
     blok = ps->blok;
     strp = ps->vbuff.curpos;
     cur_len = strp - blok->h.first_avail;
+    size = cur_len << 1;
+    if (size < AP_PSPRINTF_MIN_SIZE)
+        size = AP_PSPRINTF_MIN_SIZE;
 
     /* must try another blok */
 #if defined(EAPI) && defined(EAPI_MM)
@@ -1107,9 +1115,9 @@
 #endif
     (void) ap_acquire_mutex(alloc_mutex);
 #if defined(EAPI) && defined(EAPI_MM)
-    nblok = new_block(2 * cur_len, blok->h.is_shm);
+    nblok = new_block(size, blok->h.is_shm);
 #else
-    nblok = new_block(2 * cur_len);
+    nblok = new_block(size);
 #endif
     (void) ap_release_mutex(alloc_mutex);
 #if defined(EAPI) && defined(EAPI_MM)
@@ -1196,6 +1204,8 @@
     ps.vbuff.endpos = ps.blok->h.endp - 1;	/* save one for NUL */
     ps.got_a_new_block = 0;
 
+    if (ps.blok->h.first_avail == ps.blok->h.endp)
+        psprintf_flush(&ps.vbuff);		/* ensure room for NUL */
     ap_vformatter(psprintf_flush, &ps.vbuff, fmt, ap);
 
     strp = ps.vbuff.curpos;
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/getaddrinfo.c usr.sbin/httpd/src/main/getaddrinfo.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/getaddrinfo.c	Wed Dec 31 19:00:00 1969
+++ usr.sbin/httpd/src/main/getaddrinfo.c	Sun Feb 16 16:05:23 2003
@@ -0,0 +1,162 @@
+/*
+ * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * fake library for ssh v6 enabler patch
+ *
+ * This file includes getaddrinfo(), freeaddrinfo() and gai_strerror().
+ * These funtions are defined in rfc2133.
+ *
+ * But these functions are not implemented correctly. The minimum subset
+ * is implemented for ssh use only. For exapmle, this routine assumes
+ * that ai_family is AF_INET. Don't use it for another purpose.
+ * 
+ * In the case not using 'configure --enable-ipv6', this getaddrinfo.c
+ * will be used if you have broken getaddrinfo or no getaddrinfo.
+ */
+
+#if 0
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "gai.h"
+#endif
+
+static struct addrinfo *
+malloc_ai(port, addr, socktype, protocol)
+int port;
+u_long addr;
+int socktype;
+int protocol;
+{
+  struct addrinfo *ai;
+
+  if (ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) +
+				     sizeof(struct sockaddr_in))) {
+    memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in));
+    ai->ai_addr = (struct sockaddr *)(ai + 1);
+#if defined(HAVE_SOCKADDR_LEN)
+    ai->ai_addr->sa_len = 
+#endif
+      ai->ai_addrlen = sizeof(struct sockaddr_in);
+    ai->ai_addr->sa_family = ai->ai_family = AF_INET;
+    ai->ai_socktype = socktype;
+    ai->ai_protocol = protocol;
+    ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port;
+    ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr;
+    return ai;
+  } else {
+    return NULL;
+  }
+}
+
+char *
+gai_strerror(ecode)
+int ecode;
+{
+  switch (ecode) {
+  case EAI_NODATA:
+    return "no address associated with hostname.";
+  case EAI_MEMORY:
+    return "memory allocation failure.";
+  default:
+    return "unknown error.";
+  }
+}    
+
+void
+freeaddrinfo(ai)
+struct addrinfo *ai;
+{
+  struct addrinfo *next;
+  
+  do {
+    next = ai->ai_next;
+    free(ai);
+  } while (ai = next);
+}
+
+int
+getaddrinfo(hostname, servname, hints, res)
+const char *hostname, *servname;
+const struct addrinfo *hints;
+struct addrinfo **res;
+{
+  struct addrinfo *cur, *prev = NULL;
+  struct hostent *hp;
+  int i, port;
+  
+  if (servname)
+    port = htons(atoi(servname));
+  else
+    port = 0;
+  if (hints && hints->ai_flags & AI_PASSIVE)
+    if (*res = malloc_ai(port, htonl(0x00000000), 
+			 res->ai_socktype ? res->ai_socktype : SOCK_STREAM,
+			 res->ai_protocol))
+      return 0;
+    else
+      return EAI_MEMORY;
+  if (!hostname)
+    if (*res = malloc_ai(port, htonl(0x7f000001),
+			 res->ai_socktype ? res->ai_socktype : SOCK_STREAM,
+			 res->ai_protocol))
+      return 0;
+    else
+      return EAI_MEMORY;
+  if (inet_addr(hostname) != -1)
+    if (*res = malloc_ai(port, inet_addr(hostname),
+			 res->ai_socktype ? res->ai_socktype : SOCK_STREAM,
+			 res->ai_protocol))
+      return 0;
+    else
+      return EAI_MEMORY;
+  if ((hp = gethostbyname(hostname)) &&
+      hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) {
+    for (i = 0; hp->h_addr_list[i]; i++)
+      if (cur = malloc_ai(port,
+			  ((struct in_addr *)hp->h_addr_list[i])->s_addr,
+			  res->ai_socktype ? res->ai_socktype : SOCK_STREAM,
+			  res->ai_protocol)) {
+	if (prev)
+	  prev->ai_next = cur;
+	else
+	  *res = cur;
+	prev = cur;
+      } else {
+	if (*res)
+	  freeaddrinfo(*res);
+	return EAI_MEMORY;
+      }
+    return 0;
+  }
+  return EAI_NODATA;
+}
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/getnameinfo.c usr.sbin/httpd/src/main/getnameinfo.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/getnameinfo.c	Wed Dec 31 19:00:00 1969
+++ usr.sbin/httpd/src/main/getnameinfo.c	Sun Feb 16 16:05:23 2003
@@ -0,0 +1,95 @@
+/*
+ * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * fake library for ssh v6 enabler patch
+ *
+ * This file includes getnameinfo().
+ * These funtions are defined in rfc2133.
+ *
+ * But these functions are not implemented correctly. The minimum subset
+ * is implemented for ssh use only. For exapmle, this routine assumes
+ * that ai_family is AF_INET. Don't use it for another purpose.
+ * 
+ * In the case not using 'configure --enable-ipv6', this getnameinfo.c
+ * will be used if you have broken getnameinfo or no getnameinfo.
+ */
+
+#if 0
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "gai.h"
+#endif
+
+int
+getnameinfo(sa, salen, host, hostlen, serv, servlen, flags)
+const struct sockaddr *sa;
+size_t salen;
+char *host;
+size_t hostlen;
+char *serv;
+size_t servlen;
+int flags;
+{
+  struct sockaddr_in *sin = (struct sockaddr_in *)sa;
+  struct hostent *hp;
+  char tmpserv[16];
+  
+  if (serv) {
+    sprintf(tmpserv, "%d", ntohs(sin->sin_port));
+    if (strlen(tmpserv) > servlen)
+      return EAI_MEMORY;
+    else
+      strcpy(serv, tmpserv);
+  }
+  if (host)
+    if (flags & NI_NUMERICHOST)
+      if (strlen(inet_ntoa(sin->sin_addr)) > hostlen)
+	return EAI_MEMORY;
+      else {
+	strcpy(host, inet_ntoa(sin->sin_addr));
+	return 0;
+      }
+    else
+      if (hp = gethostbyaddr((char *)&sin->sin_addr, sizeof(struct in_addr),
+			     AF_INET))
+	if (strlen(hp->h_name) > hostlen)
+	  return EAI_MEMORY;
+	else {
+	  strcpy(host, hp->h_name);
+	  return 0;
+	}
+      else
+	return EAI_NODATA;
+  return 0;
+}
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/http_config.c usr.sbin/httpd/src/main/http_config.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/http_config.c	Thu Feb 13 12:15:14 2003
+++ usr.sbin/httpd/src/main/http_config.c	Sun Feb 16 16:05:22 2003
@@ -83,6 +83,7 @@
 #include "http_conf_globals.h"	/* Sigh... */
 #include "http_vhost.h"
 #include "explain.h"
+#include "fnmatch.h"
 
 DEF_Explain
 
@@ -1263,7 +1264,7 @@
     const char *errmsg;
     cmd_parms parms;
     struct stat finfo;
-
+    int ispatt;
     fname = ap_server_root_relative(p, fname);
 
     if (!(strcmp(fname, ap_server_root_relative(p, RESOURCE_CONFIG_FILE))) ||
@@ -1288,12 +1289,36 @@
      * horrible loops).  If so, let's recurse and toss it back into
      * the function.
      */
-    if (ap_is_rdirectory(fname)) {
+    ispatt = ap_is_fnmatch(fname);
+    if (ispatt || ap_is_rdirectory(fname)) {
 	DIR *dirp;
 	struct DIR_TYPE *dir_entry;
 	int current;
 	array_header *candidates = NULL;
 	fnames *fnew;
+	char *path = ap_pstrdup(p,fname);
+	char *pattern = NULL;
+
+        if(ispatt && (pattern = strrchr(path, '/')) != NULL) {
+            *pattern++ = '\0';
+            if (ap_is_fnmatch(path)) {
+                fprintf(stderr, "%s: wildcard patterns not allowed in Include "
+                        "%s\n", ap_server_argv0, fname);
+                exit(1);
+            }
+
+            if (!ap_is_rdirectory(path)){ 
+                fprintf(stderr, "%s: Include directory '%s' not found",
+                        ap_server_argv0, path);
+                exit(1);
+            }
+            if (!ap_is_fnmatch(pattern)) {
+                fprintf(stderr, "%s: must include a wildcard pattern "
+                        "for Include %s\n", ap_server_argv0, fname);
+                exit(1);
+            }
+        }
+
 
 	/*
 	 * first course of business is to grok all the directory
@@ -1301,11 +1326,11 @@
 	 * for this.
 	 */
 	fprintf(stderr, "Processing config directory: %s\n", fname);
-	dirp = ap_popendir(p, fname);
+	dirp = ap_popendir(p, path);
 	if (dirp == NULL) {
 	    perror("fopen");
 	    fprintf(stderr, "%s: could not open config directory %s\n",
-		ap_server_argv0, fname);
+		ap_server_argv0, path);
 #ifdef NETWARE
 	    clean_parent_exit(1);
 #else
@@ -1316,9 +1341,11 @@
 	while ((dir_entry = readdir(dirp)) != NULL) {
 	    /* strip out '.' and '..' */
 	    if (strcmp(dir_entry->d_name, ".") &&
-		strcmp(dir_entry->d_name, "..")) {
+		strcmp(dir_entry->d_name, "..") &&
+                (!ispatt ||
+                 !ap_fnmatch(pattern,dir_entry->d_name, FNM_PERIOD)) ) {
 		fnew = (fnames *) ap_push_array(candidates);
-		fnew->fname = ap_make_full_path(p, fname, dir_entry->d_name);
+		fnew->fname = ap_make_full_path(p, path, dir_entry->d_name);
 	    }
 	}
 	ap_pclosedir(p, dirp);
@@ -1572,7 +1599,6 @@
     ap_scoreboard_fname = DEFAULT_SCOREBOARD;
     ap_lock_fname = DEFAULT_LOCKFILE;
     ap_max_requests_per_child = DEFAULT_MAX_REQUESTS_PER_CHILD;
-    ap_bind_address.s_addr = htonl(INADDR_ANY);
     ap_listeners = NULL;
     ap_listenbacklog = DEFAULT_LISTENBACKLOG;
     ap_extended_status = 0;
@@ -1605,7 +1631,13 @@
     s->next = NULL;
     s->addrs = ap_pcalloc(p, sizeof(server_addr_rec));
     /* NOT virtual host; don't match any real network interface */
-    s->addrs->host_addr.s_addr = htonl(INADDR_ANY);
+    memset(&s->addrs->host_addr, 0, sizeof(s->addrs->host_addr));
+#if 0
+    s->addrs->host_addr.ss_family = ap_default_family; /* XXX: needed?, XXX: PF_xxx can be different from AF_xxx */
+#endif
+#ifdef HAVE_SOCKADDR_LEN
+    s->addrs->host_addr.ss_len = sizeof(s->addrs->host_addr); /* XXX: needed ? */
+#endif
     s->addrs->host_port = 0;	/* matches any port */
     s->addrs->virthost = "";	/* must be non-NULL */
     s->names = s->wild_names = NULL;
@@ -1624,21 +1656,33 @@
 static void default_listeners(pool *p, server_rec *s)
 {
     listen_rec *new;
+    struct addrinfo hints, *res0, *res;
+    int gai;
+    char servbuf[NI_MAXSERV];
 
     if (ap_listeners != NULL) {
 	return;
     }
+    ap_snprintf(servbuf, sizeof(servbuf), "%d", s->port ? s->port : DEFAULT_HTTP_PORT);
+    memset (&hints, 0, sizeof(hints));
+    hints.ai_family = ap_default_family;
+    hints.ai_socktype = SOCK_STREAM;
+    hints.ai_flags = AI_PASSIVE;
+    gai = getaddrinfo(NULL, servbuf, &hints, &res0);
+    if (gai){
+	fprintf(stderr, "default_listeners(): getaddrinfo(PASSIVE) for family %u: %s\n",
+		ap_default_family, gai_strerror(gai));
+	exit (1);
+    }
     /* allocate a default listener */
     new = ap_pcalloc(p, sizeof(listen_rec));
-    new->local_addr.sin_family = AF_INET;
-    new->local_addr.sin_addr = ap_bind_address;
-    /* Buck ugly cast to get around terniary op bug in some (MS) compilers */
-    new->local_addr.sin_port = htons((unsigned short)(s->port ? s->port 
-                                                        : DEFAULT_HTTP_PORT));
+    memcpy(&new->local_addr, res0->ai_addr, res0->ai_addrlen);
     new->fd = -1;
     new->used = 0;
     new->next = NULL;
     ap_listeners = new;
+
+    freeaddrinfo(res0);
 }
 
 
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/http_core.c usr.sbin/httpd/src/main/http_core.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/http_core.c	Thu Feb 13 12:15:14 2003
+++ usr.sbin/httpd/src/main/http_core.c	Sun Feb 16 16:05:23 2003
@@ -73,6 +73,7 @@
 #include "util_md5.h"
 #include "scoreboard.h"
 #include "fnmatch.h"
+#include "sa_len.h"
 
 #ifdef USE_MMAP_FILES
 #include 
@@ -641,7 +642,9 @@
  */
 static ap_inline void do_double_reverse (conn_rec *conn)
 {
-    struct hostent *hptr;
+    struct addrinfo hints, *res, *res0;
+    char hostbuf1[128], hostbuf2[128]; /* INET6_ADDRSTRLEN(=46) is enough */
+    int ok = 0;
 
     if (conn->double_reverse) {
 	/* already done */
@@ -653,30 +656,51 @@
         conn->remote_host = ""; /* prevent another lookup */
 	return;
     }
-    hptr = gethostbyname(conn->remote_host);
-    if (hptr) {
-	char **haddr;
-
-	for (haddr = hptr->h_addr_list; *haddr; haddr++) {
-	    if (((struct in_addr *)(*haddr))->s_addr
-		== conn->remote_addr.sin_addr.s_addr) {
-		conn->double_reverse = 1;
-		return;
-	    }
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = PF_UNSPEC;
+    hints.ai_socktype = SOCK_STREAM;
+    if (getaddrinfo(conn->remote_host, NULL, &hints, &res0)) {
+	conn->double_reverse = -1;
+	return;
+    }
+    for (res = res0; res; res = res->ai_next) {
+	if (res->ai_addr->sa_family != conn->remote_addr.ss_family ||
+	    !(res->ai_family == AF_INET 
+#ifdef INET6
+	      || res->ai_family == AF_INET6
+#endif
+	      )
+	    )
+	    continue;
+#ifndef HAVE_SOCKADDR_LEN
+	if (res->ai_addrlen != SA_LEN((struct sockaddr *)&conn->remote_addr))
+#else
+	if (res->ai_addr->sa_len != conn->remote_addr.ss_len)
+#endif
+	    continue;
+	if (getnameinfo(res->ai_addr, res->ai_addrlen,
+            hostbuf1, sizeof(hostbuf1), NULL, 0,
+            NI_NUMERICHOST))
+	    continue;
+	if (getnameinfo(((struct sockaddr *)&conn->remote_addr), res->ai_addrlen,
+            hostbuf2, sizeof(hostbuf2), NULL, 0,
+            NI_NUMERICHOST))
+	    continue;
+	if (strcmp(hostbuf1, hostbuf2) == 0){
+	    ok = 1;
+	    break;
 	}
     }
-    conn->double_reverse = -1;
-    /* invalidate possible reverse-resolved hostname if forward lookup fails */
-    conn->remote_host = "";
+    conn->double_reverse = ok ? 1 : -1;
+    freeaddrinfo(res0);
 }
 
 API_EXPORT(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config,
 					    int type)
 {
-    struct in_addr *iaddr;
-    struct hostent *hptr;
     int hostname_lookups;
     int old_stat = SERVER_DEAD;	/* we shouldn't ever be in this state */
+    char hostnamebuf[MAXHOSTNAMELEN];
 
     /* If we haven't checked the host name, and we want to */
     if (dir_config) {
@@ -698,10 +722,14 @@
 	    || hostname_lookups != HOSTNAME_LOOKUP_OFF)) {
 	old_stat = ap_update_child_status(conn->child_num, SERVER_BUSY_DNS,
 					  (request_rec*)NULL);
-	iaddr = &(conn->remote_addr.sin_addr);
-	hptr = gethostbyaddr((char *)iaddr, sizeof(struct in_addr), AF_INET);
-	if (hptr != NULL) {
-	    conn->remote_host = ap_pstrdup(conn->pool, (void *)hptr->h_name);
+	if (!getnameinfo((struct sockaddr *)&conn->remote_addr,
+#ifndef SIN6_LEN
+		SA_LEN((struct sockaddr *)&conn->remote_addr),
+#else
+		conn->remote_addr.ss_len,
+#endif
+		hostnamebuf, sizeof(hostnamebuf), NULL, 0, 0)) {
+	    conn->remote_host = ap_pstrdup(conn->pool, (void *)hostnamebuf);
 	    ap_str_tolower(conn->remote_host);
 	   
 	    if (hostname_lookups == HOSTNAME_LOOKUP_DOUBLE) {
@@ -779,6 +807,7 @@
 {
     conn_rec *conn = r->connection;
     core_dir_config *d;
+    char hbuf[MAXHOSTNAMELEN];
 
     d = (core_dir_config *)ap_get_module_config(r->per_dir_config,
 						&core_module);
@@ -788,23 +817,22 @@
     }
     if (d->use_canonical_name == USE_CANONICAL_NAME_DNS) {
         if (conn->local_host == NULL) {
-	    struct in_addr *iaddr;
-	    struct hostent *hptr;
             int old_stat;
 	    old_stat = ap_update_child_status(conn->child_num,
 					      SERVER_BUSY_DNS, r);
-	    iaddr = &(conn->local_addr.sin_addr);
-	    hptr = gethostbyaddr((char *)iaddr, sizeof(struct in_addr),
-				 AF_INET);
-	    if (hptr != NULL) {
-	        conn->local_host = ap_pstrdup(conn->pool,
-					      (void *)hptr->h_name);
-		ap_str_tolower(conn->local_host);
-	    }
-	    else {
-	        conn->local_host = ap_pstrdup(conn->pool,
-					      r->server->server_hostname);
+	    if (getnameinfo((struct sockaddr *)&conn->local_addr,
+#ifndef SIN6_LEN
+		    SA_LEN((struct sockaddr *)&conn->local_addr),
+#else
+		    conn->local_addr.ss_len,
+#endif
+		    hbuf, sizeof(hbuf), NULL, 0, 0) == 0) {
+		conn->local_host = ap_pstrdup(conn->pool, hbuf);
+	    } else {
+		conn->local_host = ap_pstrdup(conn->pool,
+		    r->server->server_hostname);
 	    }
+	    ap_str_tolower(conn->local_host);
 	    (void) ap_update_child_status(conn->child_num, old_stat, r);
 	}
 	return conn->local_host;
@@ -823,11 +851,13 @@
 
     if (d->use_canonical_name == USE_CANONICAL_NAME_OFF
 	|| d->use_canonical_name == USE_CANONICAL_NAME_DNS) {
-        return r->hostname ? ntohs(r->connection->local_addr.sin_port)
-			   : port;
-    }
-    /* default */
-    return port;
+        return r->hostname
+	    ?  ntohs(((struct sockaddr_in *)&r->connection->local_addr)->sin_port)
+	    : port;
+    }
+    return r->hostname
+	? ntohs(((struct sockaddr_in *)&r->connection->local_addr)->sin_port)
+	: port;
 }
 
 API_EXPORT(char *) ap_construct_url(pool *p, const char *uri,
@@ -1044,7 +1074,7 @@
     if ((buffer[0] == '#') && (buffer[1] == '!')) {
         /* Assuming file is a script since it starts with a shebang */
         fileType = eFileTypeSCRIPT;
-        for (i = 2; i < sizeof(buffer); i++) {
+        for (i = 2; i < (sizeof(buffer) - 1); i++) {
             if ((buffer[i] == '\r')
                 || (buffer[i] == '\n')) {
                 break;
@@ -2604,12 +2634,25 @@
 
 static const char *set_bind_address(cmd_parms *cmd, void *dummy, char *arg) 
 {
+    struct addrinfo hints, *res;
+    struct sockaddr *sa;
+    size_t sa_len;
+    int error;
     const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
     if (err != NULL) {
         return err;
     }
 
-    ap_bind_address.s_addr = ap_get_virthost_addr(arg, NULL);
+    if (strcmp(arg, "*") == 0)
+      arg = NULL;
+
+    sa = ap_get_virthost_addr(arg, NULL);
+#ifdef HAVE_SOCKADDR_LEN
+    sa_len = sa->sa_len;
+#else
+    sa_len = SA_LEN(sa);
+#endif
+    memcpy(&ap_bind_address, &sa, sa_len);
     return NULL;
 }
 
@@ -2641,44 +2684,70 @@
     return NULL;
 }
 
-static const char *set_listener(cmd_parms *cmd, void *dummy, char *ips)
+static const char *set_listener(cmd_parms *cmd, void *dummy, char *h, char *p)
 {
     listen_rec *new;
-    char *ports;
-    unsigned short port;
+    char *host, *port;
+    struct addrinfo hints, *res;
+    int error;
     
     const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
     if (err != NULL) {
         return err;
     }
 
-    ports = strchr(ips, ':');
-    if (ports != NULL) {
-	if (ports == ips) {
-	    return "Missing IP address";
-	}
-	else if (ports[1] == '\0') {
-	    return "Address must end in :";
+    host = port = NULL;
+    if (!p) {
+	port = strrchr(h, ':');
+	if (port != NULL) {
+	    if (port == h) {
+		return "Missing IP address";
+	    }
+	    else if (port[1] == '\0') {
+		return "Address must end in :";
+	    }
+	    *(port++) = '\0';
+	    if (*h)
+		host = h;
+	} else {
+	    host = NULL;
+	    port = h;
 	}
-	*(ports++) = '\0';
-    }
-    else {
-	ports = ips;
+    } else {
+	host = h;
+	port = p;
     }
 
-    new=ap_pcalloc(cmd->pool, sizeof(listen_rec));
-    new->local_addr.sin_family = AF_INET;
-    if (ports == ips) { /* no address */
-	new->local_addr.sin_addr.s_addr = htonl(INADDR_ANY);
-    }
-    else {
-	new->local_addr.sin_addr.s_addr = ap_get_virthost_addr(ips, NULL);
-    }
-    port = atoi(ports);
-    if (!port) {
-	return "Port must be numeric";
+    if (host && strcmp(host, "*") == 0)
+	host = NULL;
+    
+    new = ap_pcalloc(cmd->pool, sizeof(listen_rec));
+
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = host ? PF_UNSPEC : ap_default_family;
+    hints.ai_flags = AI_PASSIVE;
+    hints.ai_socktype = SOCK_STREAM;
+    error = getaddrinfo(host, port, &hints, &res);
+    if (error || !res) {
+	fprintf(stderr, "could not resolve ");
+	if (host)
+	    fprintf(stderr, "host \"%s\" ", host);
+	if (port)
+	    fprintf(stderr, "port \"%s\" ", port);
+	fprintf(stderr, "--- %s\n", gai_strerror(error));
+	exit(1);
+    }
+    if (res->ai_next) {
+        if (host)
+	    fprintf(stderr, "host \"%s\" ", host);
+	if (port)
+	    fprintf(stderr, "port \"%s\" ", port);
+	fprintf(stderr, "resolved to multiple addresses, ambiguous.\n");
+	exit(1);
     }
-    new->local_addr.sin_port = htons(port);
+
+    memcpy(&new->local_addr, res->ai_addr, res->ai_addrlen);
+
     new->fd = -1;
     new->used = 0;
     new->next = ap_listeners;
@@ -2829,6 +2898,30 @@
 }
 #endif /*_OSD_POSIX*/
 
+static const char *set_protocol_req_check(cmd_parms *cmd,
+                                              core_dir_config *d, int arg) 
+{
+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+    if (err != NULL) {
+        return err;
+    }
+
+    ap_protocol_req_check = arg != 0;
+    return NULL;
+}
+
+static const char *set_change_shmem_uid(cmd_parms *cmd,
+                                              core_dir_config *d, int arg) 
+{
+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+    if (err != NULL) {
+        return err;
+    }
+
+    ap_change_shmem_uid = arg != 0;
+    return NULL;
+}
+
 /*
  * Handle a request to include the server's OS platform in the Server
  * response header field (the ServerTokens directive).  Unfortunately
@@ -2836,7 +2929,6 @@
  * http_main so it can insert the information in the right place in the
  * string.
  */
-
 static const char *set_serv_tokens(cmd_parms *cmd, void *dummy, char *arg) 
 {
     const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
@@ -3404,7 +3496,7 @@
 { "ThreadStackSize", set_threadstacksize, NULL, RSRC_CONF, TAKE1,
   "Stack size each created thread will use."},
 #endif
-{ "Listen", set_listener, NULL, RSRC_CONF, TAKE1,
+{ "Listen", set_listener, NULL, RSRC_CONF, TAKE12,
   "A port number or a numeric IP address and a port number"},
 { "SendBufferSize", set_send_buffer_size, NULL, RSRC_CONF, TAKE1,
   "Send buffer size in bytes"},
@@ -3438,7 +3530,7 @@
   "Name of the config file to be included" },
 { "LogLevel", set_loglevel, NULL, RSRC_CONF, TAKE1,
   "Level of verbosity in error logging" },
-{ "NameVirtualHost", ap_set_name_virtual_host, NULL, RSRC_CONF, TAKE1,
+{ "NameVirtualHost", ap_set_name_virtual_host, NULL, RSRC_CONF, TAKE12,
   "A numeric IP address:port, or the name of a host" },
 #ifdef _OSD_POSIX
 { "BS2000Account", set_bs2000_account, NULL, RSRC_CONF, TAKE1,
@@ -3462,6 +3554,10 @@
   (void*)XtOffsetOf(core_dir_config, limit_req_body),
   OR_ALL, TAKE1,
   "Limit (in bytes) on maximum size of request message body" },
+{ "ProtocolReqCheck", set_protocol_req_check, NULL, RSRC_CONF, FLAG,
+  "Enable strict checking of Protocol type in requests" },
+{ "ShmemUIDisUser", set_change_shmem_uid, NULL, RSRC_CONF, FLAG,
+  "Enable the setting of SysV shared memory scoreboard uid/gid to User/Group" },
 { "AcceptMutex", set_accept_mutex, NULL, RSRC_CONF, TAKE1,
   "Serialized Accept Mutex; the methods " 
 #ifdef HAVE_USLOCK_SERIALIZED_ACCEPT
@@ -3864,7 +3960,8 @@
 
     if (r->method_number == M_INVALID) {
 	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "Invalid method in request %s", r->the_request);
+		    "Invalid method in request %s",
+		    ap_escape_logitem(r->pool, r->the_request));
 	return NOT_IMPLEMENTED;
     }
     if (r->method_number == M_OPTIONS) {
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/http_main.c usr.sbin/httpd/src/main/http_main.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/http_main.c	Thu Feb 13 12:15:14 2003
+++ usr.sbin/httpd/src/main/http_main.c	Sun Feb 16 16:05:23 2003
@@ -129,6 +129,8 @@
 #include 
 #endif
 
+#include "sa_len.h"
+
 #ifdef MULTITHREAD
 /* special debug stuff -- PCS */
 
@@ -254,7 +256,12 @@
 API_VAR_EXPORT char *ap_scoreboard_fname=NULL;
 API_VAR_EXPORT char *ap_lock_fname=NULL;
 API_VAR_EXPORT char *ap_server_argv0=NULL;
-API_VAR_EXPORT struct in_addr ap_bind_address={0};
+#ifdef INET6
+API_VAR_EXPORT int ap_default_family = PF_INET6;
+#else
+API_VAR_EXPORT int ap_default_family = PF_INET;
+#endif
+API_VAR_EXPORT struct sockaddr_storage ap_bind_address;
 API_VAR_EXPORT int ap_daemons_to_start=0;
 API_VAR_EXPORT int ap_daemons_min_free=0;
 API_VAR_EXPORT int ap_daemons_max_free=0;
@@ -395,6 +402,7 @@
 #ifdef TPF
 int tpf_child = 0;
 char tpf_server_name[INETD_SERVNAME_LENGTH+1];
+char tpf_mutex_key[TPF_MUTEX_KEY_SIZE];
 #endif /* TPF */
 
 scoreboard *ap_scoreboard_image = NULL;
@@ -409,6 +417,11 @@
 /* Global, alas, so http_core can talk to us */
 enum server_token_type ap_server_tokens = SrvTk_FULL;
 
+/* Also global, for http_core and http_protocol */
+API_VAR_EXPORT int ap_protocol_req_check = 1;
+
+API_VAR_EXPORT int ap_change_shmem_uid = 0;
+
 /*
  * This routine is called when the pconf pool is vacuumed.  It resets the
  * server version string to a known value and [re]enables modifications
@@ -780,9 +793,8 @@
 #include 
 
 #ifdef NEED_UNION_SEMUN
-/* it makes no sense, but this isn't defined on solaris */
 union semun {
-    long val;
+    int val;
     struct semid_ds *buf;
     ushort *array;
 };
@@ -1113,7 +1125,7 @@
 static void accept_mutex_cleanup_tpfcore(void *foo)
 {
     if(tpf_core_held)
-        coruc(RESOURCE_KEY);
+        deqc(tpf_mutex_key, QUAL_S);
 }
 
 #define accept_mutex_init_tpfcore(x)
@@ -1126,14 +1138,14 @@
 
 static void accept_mutex_on_tpfcore(void)
 {
-    corhc(RESOURCE_KEY);
+    enqc(tpf_mutex_key, ENQ_WAIT, 0, QUAL_S);
     tpf_core_held = 1;
     ap_check_signals();
 }
 
 static void accept_mutex_off_tpfcore(void)
 {
-    coruc(RESOURCE_KEY);
+    deqc(tpf_mutex_key, QUAL_S);
     tpf_core_held = 0;
     ap_check_signals();
 }
@@ -1395,7 +1407,11 @@
     fprintf(stderr, "Usage: %s [-D name] [-d directory] [-f file]\n", bin);
 #endif
     fprintf(stderr, "       %s [-C \"directive\"] [-c \"directive\"]\n", pad);
-    fprintf(stderr, "       %s [-v] [-V] [-h] [-l] [-L] [-S] [-t] [-T] [-F] [-u]\n", pad);
+    fprintf(stderr, "       %s [-v] [-V] [-h] [-l] [-L] [-S] [-t] [-T] [-F] [-u]"
+#ifdef INET6
+    " [-46]"
+#endif
+    "\n", pad);
     fprintf(stderr, "Options:\n");
 #ifdef SHARED_CORE
     fprintf(stderr, "  -R directory     : specify an alternate location for shared object files\n");
@@ -1422,6 +1438,10 @@
     fprintf(stderr, "  -F               : run main process in foreground, for process supervisors\n");
     fprintf(stderr, "  -u               : Unsecure mode. Do not chroot into ServerRoot.\n");
 #endif
+#ifdef INET6
+    fprintf(stderr, "  -4               : assume IPv4 on parsing configuration file\n");
+    fprintf(stderr, "  -6               : assume IPv6 on parsing configuration file\n");
+#endif
 #ifdef WIN32
     fprintf(stderr, "  -n name          : name the Apache service for -k options below;\n");
     fprintf(stderr, "  -k stop|shutdown : tell running Apache to shutdown\n");
@@ -2377,6 +2397,22 @@
 	 * We exit below, after we try to remove the segment
 	 */
     }
+    /* only worry about permissions if we attached the segment
+       and we want/need to change the uid/gid */
+    else if (ap_change_shmem_uid) {
+	if (shmctl(shmid, IPC_STAT, &shmbuf) != 0) {
+	    ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
+		"shmctl() could not stat segment #%d", shmid);
+	}
+	else {
+	    shmbuf.shm_perm.uid = ap_user_id;
+	    shmbuf.shm_perm.gid = ap_group_id;
+	    if (shmctl(shmid, IPC_SET, &shmbuf) != 0) {
+		ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
+		    "shmctl() could not set segment #%d", shmid);
+	    }
+	}
+    }
     /*
      * We must avoid leaving segments in the kernel's
      * (small) tables.
@@ -3590,11 +3626,13 @@
 
 
 static conn_rec *new_connection(pool *p, server_rec *server, BUFF *inout,
-			     const struct sockaddr_in *remaddr,
-			     const struct sockaddr_in *saddr,
+			     const struct sockaddr *remaddr,
+			     const struct sockaddr *saddr,
 			     int child_num)
 {
     conn_rec *conn = (conn_rec *) ap_pcalloc(p, sizeof(conn_rec));
+    char hostnamebuf[MAXHOSTNAMELEN];
+    size_t addr_len;
 
     /* Got a connection structure, so initialize what fields we can
      * (the rest are zeroed out by pcalloc).
@@ -3603,17 +3641,30 @@
     conn->child_num = child_num;
 
     conn->pool = p;
-    conn->local_addr = *saddr;
-    conn->local_ip = ap_pstrdup(conn->pool,
-				inet_ntoa(conn->local_addr.sin_addr));
+#ifndef SIN6_LEN
+    addr_len = SA_LEN(saddr);
+#else
+    addr_len = saddr->sa_len;
+#endif
+    memcpy(&conn->local_addr, saddr, addr_len);
+    getnameinfo((struct sockaddr *)&conn->local_addr, addr_len,
+	hostnamebuf, sizeof(hostnamebuf), NULL, 0, NI_NUMERICHOST);
+    conn->local_ip = ap_pstrdup(conn->pool, hostnamebuf);
     conn->server = server; /* just a guess for now */
     ap_update_vhost_given_ip(conn);
     conn->base_server = conn->server;
     conn->client = inout;
 
-    conn->remote_addr = *remaddr;
-    conn->remote_ip = ap_pstrdup(conn->pool,
-			      inet_ntoa(conn->remote_addr.sin_addr));
+#ifndef SIN6_LEN
+    addr_len = SA_LEN(remaddr);
+#else
+    addr_len = remaddr->sa_len;
+#endif
+    memcpy(&conn->remote_addr, remaddr, addr_len);
+    getnameinfo((struct sockaddr *)&conn->remote_addr, addr_len,
+	hostnamebuf, sizeof(hostnamebuf), NULL, 0, NI_NUMERICHOST);
+    conn->remote_ip = ap_pstrdup(conn->pool, hostnamebuf);
+
 #ifdef EAPI
     conn->ctx = ap_ctx_new(conn->pool);
 #endif /* EAPI */
@@ -3664,21 +3715,47 @@
 #define sock_disable_nagle(s)	/* NOOP */
 #endif
 
-static int make_sock(pool *p, const struct sockaddr_in *server)
+static int make_sock(pool *p, const struct sockaddr *server)
 {
     int s;
     int one = 1;
-    char addr[512];
+    char addr[INET6_ADDRSTRLEN + 128];
+    char a0[INET6_ADDRSTRLEN];
+    char p0[NI_MAXSERV];
+#ifdef MPE
+    int privport = 0;
+#endif
 
-    if (server->sin_addr.s_addr != htonl(INADDR_ANY))
-	ap_snprintf(addr, sizeof(addr), "address %s port %d",
-		inet_ntoa(server->sin_addr), ntohs(server->sin_port));
-    else
-	ap_snprintf(addr, sizeof(addr), "port %d", ntohs(server->sin_port));
+    switch(server->sa_family){
+    case AF_INET:
+#ifdef INET6
+    case AF_INET6:
+#endif
+      break;
+    default:
+      ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
+                   "make_sock: unsupported address family %u", 
+		   server->sa_family);
+      ap_unblock_alarms();
+      exit(1);
+    }
+    
+    getnameinfo(server,
+#ifndef SIN6_LEN
+		SA_LEN(server),
+#else
+		server->sa_len,
+#endif
+		a0, sizeof(a0), p0, sizeof(p0), NI_NUMERICHOST | NI_NUMERICSERV);
+    ap_snprintf(addr, sizeof(addr), "address %s port %s", a0, p0);
+#ifdef MPE
+    if (atoi(p0) < 1024)
+      privport++;
+#endif
 
     /* note that because we're about to slack we don't use psocket */
     ap_block_alarms();
-    if ((s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
+    if ((s = socket(server->sa_family, SOCK_STREAM, IPPROTO_TCP)) == -1) {
 	    ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
 		    "make_sock: failed to get a socket for %s", addr);
 
@@ -3781,15 +3858,19 @@
 
 #ifdef MPE
 /* MPE requires CAP=PM and GETPRIVMODE to bind to ports less than 1024 */
-    if (ntohs(server->sin_port) < 1024)
+    if (privport)
 	GETPRIVMODE();
 #endif
-
-    if (bind(s, (struct sockaddr *) server, sizeof(struct sockaddr_in)) == -1) {
+#ifndef SIN6_LEN
+    if (bind(s, server, SA_LEN(server)) == -1)
+#else
+    if (bind(s, server, server->sa_len) == -1)
+#endif
+    {
 	ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
 	    "make_sock: could not bind to %s", addr);
 #ifdef MPE
-	if (ntohs(server->sin_port) < 1024)
+	if (privport)
 	    GETUSERMODE();
 #endif
 
@@ -3802,7 +3883,7 @@
 	exit(1);
     }
 #ifdef MPE
-    if (ntohs(server->sin_port) < 1024)
+    if (privport)
 	GETUSERMODE();
 #endif
 
@@ -3839,7 +3920,7 @@
 	if (setsockopt(s, SOL_SOCKET, SO_ACCEPTFILTER, &af, sizeof(af)) < 0) {
             if (errno == ENOPROTOOPT) {
 	    	ap_log_error(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, server_conf,
-			 "socket option SO_ACCEPTFILTER unkown on this machine. Continuing.");
+			 "socket option SO_ACCEPTFILTER unknown on this machine. Continuing.");
 	     } else {
 	    	ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_INFO, server_conf,
 			 "make_sock: for %s, setsockopt: (SO_ACCEPTFILTER)", addr);
@@ -3955,15 +4036,17 @@
     for (;;) {
 	fd = find_listener(lr);
 	if (fd < 0) {
-	    fd = make_sock(p, &lr->local_addr);
+	    fd = make_sock(p, (struct sockaddr *)&lr->local_addr);
 	}
 	else {
 	    ap_note_cleanups_for_socket(p, fd);
 	}
 	/* if we get here, (fd >= 0) && (fd < FD_SETSIZE) */
-	FD_SET(fd, &listenfds);
-	if (fd > listenmaxfd)
-	    listenmaxfd = fd;
+	if (fd >= 0) {
+	    FD_SET(fd, &listenfds);
+	    if (fd > listenmaxfd)
+		listenmaxfd = fd;
+	}
 	lr->fd = fd;
 	if (lr->next == NULL)
 	    break;
@@ -4150,6 +4233,7 @@
 	printf(" -D PIPE_BUF=%ld\n",(long)PIPE_BUF);
 #endif
 #endif
+    printf(" -D HARD_SERVER_LIMIT=%ld\n",(long)HARD_SERVER_LIMIT);
 #ifdef MULTITHREAD
     printf(" -D MULTITHREAD\n");
 #endif
@@ -4278,8 +4362,8 @@
 static void child_main(int child_num_arg)
 {
     NET_SIZE_T clen;
-    struct sockaddr sa_server;
-    struct sockaddr sa_client;
+    struct sockaddr_storage sa_server;
+    struct sockaddr_storage sa_client;
     listen_rec *lr;
 
     /* All of initialization is a critical section, we don't care if we're
@@ -4455,7 +4539,7 @@
 	    usr1_just_die = 0;
 	    for (;;) {
 		clen = sizeof(sa_client);
-		csd = ap_accept(sd, &sa_client, &clen);
+		csd = ap_accept(sd, (struct sockaddr *)&sa_client, &clen);
 		if (csd >= 0 || errno != EINTR)
 		    break;
 		if (deferred_die) {
@@ -4618,7 +4702,7 @@
 	 */
 
 	clen = sizeof(sa_server);
-	if (getsockname(csd, &sa_server, &clen) < 0) {
+	if (getsockname(csd, (struct sockaddr *)&sa_server, &clen) < 0) {
 	    ap_log_error(APLOG_MARK, APLOG_ERR, server_conf, "getsockname");
 	    continue;
 	}
@@ -4663,8 +4747,8 @@
 	ap_bpushfd(conn_io, csd, dupped_csd);
 
 	current_conn = new_connection(ptrans, server_conf, conn_io,
-				          (struct sockaddr_in *) &sa_client,
-				          (struct sockaddr_in *) &sa_server,
+				          (struct sockaddr *)&sa_client,
+				          (struct sockaddr *)&sa_server,
 				          my_child_num);
 
 	/*
@@ -4819,12 +4903,13 @@
 
 #ifdef _OSD_POSIX
     /* BS2000 requires a "special" version of fork() before a setuid() call */
-    if ((pid = os_fork(ap_user_name)) == -1) {
+    if ((pid = os_fork(ap_user_name)) == -1)
 #elif defined(TPF)
-    if ((pid = os_fork(s, slot)) == -1) {
+    if ((pid = os_fork(s, slot)) == -1)
 #else
-    if ((pid = fork()) == -1) {
+    if ((pid = fork()) == -1)
 #endif
+    {
 	ap_log_error(APLOG_MARK, APLOG_ERR, s, "fork: Unable to fork new process");
 
 	/* fork didn't succeed. Fix the scoreboard or else
@@ -5486,7 +5571,10 @@
     ap_setup_prelinked_modules();
 
     while ((c = getopt(argc, argv,
-				    "D:C:c:xXd:Ff:vVlLR:StThu"
+				    "D:C:c:xXd:Ff:vVlLR:StThu4"
+#ifdef INET6
+				    "6"
+#endif
 #ifdef DEBUG_SIGSTOP
 				    "Z:"
 #endif
@@ -5564,6 +5652,14 @@
 	    ap_configtestonly = 1;
 	    ap_docrootcheck = 0;
 	    break;
+	case '4':
+	    ap_default_family = PF_INET;
+	    break;
+#ifdef INET6
+	case '6':
+	    ap_default_family = PF_INET6;
+	    break;
+#endif
 	case 'h':
 	    usage(argv[0]);
 	case 'u':
@@ -5620,6 +5716,7 @@
         memcpy(tpf_server_name, input_parms.parent.servname,
                INETD_SERVNAME_LENGTH);
         tpf_server_name[INETD_SERVNAME_LENGTH + 1] = '\0';
+        sprintf(tpf_mutex_key, "%.*x", TPF_MUTEX_KEY_SIZE - 1, getpid());
         ap_open_logs(server_conf, plog);
         ap_tpf_zinet_checks(ap_standalone, tpf_server_name, server_conf);
         ap_tpf_save_argv(argc, argv);    /* save argv parms for children */
@@ -5656,9 +5753,10 @@
     else {
 	conn_rec *conn;
 	request_rec *r;
-	struct sockaddr sa_server, sa_client;
 	BUFF *cio;
+	struct sockaddr_storage sa_server, sa_client;
 	NET_SIZE_T l;
+	char servbuf[NI_MAXSERV];
 
 	ap_set_version();
 	/* Yes this is called twice. */
@@ -5713,25 +5811,32 @@
 #endif
 
 	l = sizeof(sa_client);
-	if ((getpeername(sock_in, &sa_client, &l)) < 0) {
+	if ((getpeername(sock_in, (struct sockaddr *)&sa_client, &l)) < 0) {
 /* get peername will fail if the input isn't a socket */
 	    perror("getpeername");
 	    memset(&sa_client, '\0', sizeof(sa_client));
 	}
 
 	l = sizeof(sa_server);
-	if (getsockname(sock_in, &sa_server, &l) < 0) {
+	if (getsockname(sock_in, (struct sockaddr *)&sa_server, &l) < 0) {
 	    perror("getsockname");
 	    fprintf(stderr, "Error getting local address\n");
 	    exit(1);
 	}
-	server_conf->port = ntohs(((struct sockaddr_in *) &sa_server)->sin_port);
+	if (getnameinfo(((struct sockaddr *)&sa_server), l,
+			NULL, 0, servbuf, sizeof(servbuf), 
+			NI_NUMERICSERV)){
+	    fprintf(stderr, "getnameinfo(): family=%d\n", sa_server.ss_family);
+	    exit(1);
+	}
+	servbuf[sizeof(servbuf)-1] = '\0';
+	server_conf->port = atoi(servbuf);
 	cio = ap_bcreate(ptrans, B_RDWR | B_SOCKET);
         cio->fd = sock_out;
         cio->fd_in = sock_in;
 	conn = new_connection(ptrans, server_conf, cio,
-			          (struct sockaddr_in *) &sa_client,
-			          (struct sockaddr_in *) &sa_server, -1);
+			          (struct sockaddr *)&sa_client,
+			          (struct sockaddr *)&sa_server, -1);
 
 	while ((r = ap_read_request(conn)) != NULL) {
 
@@ -7438,7 +7543,7 @@
 
     while ((c = getopt(argc, argv, "D:C:c:Xd:f:vVlLz:Z:wiuStThk:n:W:")) != -1) {
 #else /* !WIN32 */
-    while ((c = getopt(argc, argv, "D:C:c:Xd:fF:vVlLesStTh")) != -1) {
+    while ((c = getopt(argc, argv, "D:C:c:Xd:Ff:vVlLesStTh")) != -1) {
 #endif
         char **new;
 	switch (c) {
@@ -7966,7 +8071,11 @@
      * but only handle the -L option 
      */
     llp_dir = SHARED_CORE_DIR;
-    while ((c = getopt(argc, argv, "D:C:c:Xd:Ff:vVlLR:SZ:tTh")) != -1) {
+    while ((c = getopt(argc, argv, "D:C:c:Xd:Ff:vVlLR:SZ:tTh4"
+#ifdef INET6
+		"6"
+#endif
+		)) != -1) {
 	switch (c) {
 	case 'D':
 	case 'C':
@@ -7984,6 +8093,10 @@
 	case 't':
 	case 'T':
 	case 'h':
+	case '4':
+#ifdef INET6
+	case '6':
+#endif
 	case '?':
 	    break;
 	case 'R':
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/http_protocol.c usr.sbin/httpd/src/main/http_protocol.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/http_protocol.c	Thu Feb 13 12:15:14 2003
+++ usr.sbin/httpd/src/main/http_protocol.c	Sun Feb 16 16:05:23 2003
@@ -123,25 +123,33 @@
 	"text/html",
 	NULL };
     char **pcset;
-    core_dir_config *conf = (core_dir_config *)ap_get_module_config(
-	r->per_dir_config, &core_module);
-    if (!type) type = ap_default_type(r);
-    if (conf->add_default_charset != ADD_DEFAULT_CHARSET_ON) return type;
+    core_dir_config *conf;
+
+    conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
+                                                   &core_module);
+    if (!type) {
+        type = ap_default_type(r);
+    }
+    if (conf->add_default_charset != ADD_DEFAULT_CHARSET_ON) {
+        return type;
+    }
 
     if (ap_strcasestr(type, "charset=") != NULL) {
 	/* already has parameter, do nothing */
 	/* XXX we don't check the validity */
 	;
-    } else {
+    }
+    else {
     	/* see if it makes sense to add the charset. At present,
 	 * we only add it if the Content-type is one of needcset[]
 	 */
-	for (pcset = needcset; *pcset ; pcset++)
+	for (pcset = needcset; *pcset ; pcset++) {
 	    if (ap_strcasestr(type, *pcset) != NULL) {
 		type = ap_pstrcat(r->pool, type, "; charset=", 
-		    conf->add_default_charset_name, NULL);
+                                  conf->add_default_charset_name, NULL);
 		break;
 	    }
+        }
     }
     return type;
 }
@@ -729,6 +737,11 @@
 
     if (!r->vlist_validator) {
         etag = ap_make_etag(r, 0);
+
+        /* If we get a blank etag back, don't set the header. */
+        if (!etag[0]) {
+            return;
+        }
     }
     else {
         /* If we have a variant list validator (vlv) due to the
@@ -752,8 +765,12 @@
                
         variant_etag = ap_make_etag(r, vlv_weak);
 
-        /* merge variant_etag and vlv into a structured etag */
+        /* If we get a blank etag back, don't append vlv and stop now. */
+        if (!variant_etag[0]) {
+            return;
+        }
 
+        /* merge variant_etag and vlv into a structured etag */
         variant_etag[strlen(variant_etag) - 1] = '\0';
         if (vlv_weak)
             vlv += 3;
@@ -983,7 +1000,8 @@
     const char *uri;
     conn_rec *conn = r->connection;
     unsigned int major = 1, minor = 0;   /* Assume HTTP/1.0 if non-"HTTP" protocol */
-    int len, n;
+    int len = 0;
+    int valid_protocol = 1;
 
     /* Read past empty lines until we get a real request line,
      * a read error, the connection closes (EOF), or we timeout.
@@ -1045,26 +1063,44 @@
     r->assbackwards = (ll[0] == '\0');
     r->protocol = ap_pstrdup(r->pool, ll[0] ? ll : "HTTP/0.9");
 
-    if (2 == sscanf(r->protocol, "HTTP/%u.%u%n", &major, &minor, &n)
-      && minor < HTTP_VERSION(1,0))	/* don't allow HTTP/0.1000 */
-	r->proto_num = HTTP_VERSION(major, minor);
+    /* Avoid sscanf in the common case */
+    if (strlen(r->protocol) == 8
+        && r->protocol[0] == 'H' && r->protocol[1] == 'T'
+	&& r->protocol[2] == 'T' && r->protocol[3] == 'P'
+        && r->protocol[4] == '/' && ap_isdigit(r->protocol[5])
+	&& r->protocol[6] == '.' && ap_isdigit(r->protocol[7])) {
+        r->proto_num = HTTP_VERSION(r->protocol[5] - '0', r->protocol[7] - '0');
+    }
     else {
-	r->proto_num = HTTP_VERSION(1,0);
-	n = 0;
+        char *lint;
+        char http[5];
+	lint = ap_palloc(r->pool, strlen(r->protocol)+1);
+	if (3 == sscanf(r->protocol, "%4s/%u.%u%s", http, &major, &minor, lint)
+            && (strcasecmp("http", http) == 0)
+	    && (minor < HTTP_VERSION(1,0)) ) /* don't allow HTTP/0.1000 */
+	    r->proto_num = HTTP_VERSION(major, minor);
+	else {
+	    r->proto_num = HTTP_VERSION(1,0);
+	    valid_protocol = 0;
+	}
     }
 
     /* Check for a valid protocol, and disallow everything but whitespace
-     * after the protocol string */
-    while (ap_isspace(r->protocol[n]))
-        ++n;
-    if (r->protocol[n] != '\0') {
-        r->status    = HTTP_BAD_REQUEST;
-        r->proto_num = HTTP_VERSION(1,0);
-        r->protocol  = ap_pstrdup(r->pool, "HTTP/1.0");
-        ap_table_setn(r->notes, "error-notes",
-                      "The request line contained invalid characters "
-                      "following the protocol string.
    \n");
-        return 0;
+     * after the protocol string. A protocol string of nothing but
+     * whitespace is considered valid */
+    if (ap_protocol_req_check && !valid_protocol) {
+        int n = 0;
+	while (ap_isspace(r->protocol[n]))
+	    ++n;
+	if (r->protocol[n] != '\0') {
+	    r->status    = HTTP_BAD_REQUEST;
+	    r->proto_num = HTTP_VERSION(1,0);
+	    r->protocol  = ap_pstrdup(r->pool, "HTTP/1.0");
+	    ap_table_setn(r->notes, "error-notes",
+                     "The request line contained invalid characters "
+                     "following the protocol string.
    \n");
+	    return 0;
+	}
     }
 
     return 1;
@@ -1995,19 +2031,25 @@
         const char *pos = lenp;
         int conversion_error = 0;
 
-        while (ap_isdigit(*pos) || ap_isspace(*pos))
+        while (ap_isspace(*pos))
             ++pos;
 
         if (*pos == '\0') {
+            /* special case test - a C-L field NULL or all blanks is
+             * assumed OK and defaults to 0. Otherwise, we do a
+             * strict check of the field */
+            r->remaining = 0;
+        }
+        else {
             char *endstr;
             errno = 0;
             r->remaining = ap_strtol(lenp, &endstr, 10);
-            if (errno || (endstr && *endstr)) {
+            if (errno || (endstr && *endstr) || (r->remaining < 0)) {
                 conversion_error = 1;
             }
         }
 
-        if (*pos != '\0' || conversion_error) {
+        if (conversion_error) {
             ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
                         "Invalid Content-Length");
             return HTTP_BAD_REQUEST;
@@ -2060,6 +2102,15 @@
     return 1;
 }
 
+/**
+ * Parse a chunk extension, detect overflow.
+ * There are two error cases:
+ *  1) If the conversion would require too many bits, a -1 is returned.
+ *  2) If the conversion used the correct number of bits, but an overflow
+ *     caused only the sign bit to flip, then that negative number is
+ *     returned.
+ * In general, any negative number can be considered an overflow error.
+ */
 API_EXPORT(long) ap_get_chunk_size(char *b)
 {
     long chunksize = 0;
@@ -2803,7 +2854,13 @@
         r->content_languages = NULL;
         r->content_encoding = NULL;
         r->clength = 0;
-        r->content_type = "text/html; charset=iso-8859-1";
+        if (ap_table_get(r->subprocess_env,
+                         "suppress-error-charset") != NULL) {
+            r->content_type = "text/html";
+        }
+        else {
+            r->content_type = "text/html; charset=iso-8859-1";
+        }
 
         if ((status == METHOD_NOT_ALLOWED) || (status == NOT_IMPLEMENTED))
             ap_table_setn(r->headers_out, "Allow", make_allow(r));
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/http_vhost.c usr.sbin/httpd/src/main/http_vhost.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/http_vhost.c	Thu Feb 13 12:15:14 2003
+++ usr.sbin/httpd/src/main/http_vhost.c	Sun Feb 16 16:05:23 2003
@@ -68,6 +68,7 @@
 #include "http_log.h"
 #include "http_vhost.h"
 #include "http_protocol.h"
+#include "sa_len.h"
 
 /*
  * After all the definitions there's an explanation of how it's all put
@@ -165,78 +166,114 @@
  * *paddr is the variable used to keep track of **paddr between calls
  * port is the default port to assume
  */
-static const char *get_addresses(pool *p, char *w, server_addr_rec ***paddr,
-			    unsigned port)
+static const char *get_addresses(pool *p, char *w, char *pstr,
+	server_addr_rec ***paddr, unsigned port)
 {
-    struct hostent *hep;
-    unsigned long my_addr;
+    struct addrinfo hints, *res, *res0;
     server_addr_rec *sar;
-    char *t;
-    int i, is_an_ip_addr;
+    char *t = NULL, *u = NULL, *v = NULL;
+    char *hoststr = NULL, *portstr = NULL;
+    char portpool[10];
+    int error;
+    char servbuf[NI_MAXSERV];
 
-    if (*w == 0)
+    if (w == 0 || *w == 0)
 	return NULL;
 
-    t = strchr(w, ':');
-    if (t) {
-	if (strcmp(t + 1, "*") == 0) {
-	    port = 0;
+    portstr = portpool;
+    ap_snprintf(portpool, sizeof(portpool), "%u", port);
+    if (!pstr) {
+	v = w;
+	u = NULL;
+	if (*w == '['){
+	    u = strrchr(w, ']');
+	    if (u) {	/* [host]:port or [host] */
+		w++;
+		*u = '\0';
+		v = u + 1;
+	    }
 	}
-	else if ((i = atoi(t + 1))) {
-	    port = i;
+	/*        w   uv     ,       w=v        , w=v  */  
+	/* u!=0: [host]:port , u==0: [host:port , host */
+	t = strchr(v, ':');
+	if (t != NULL && strchr(t+1, ':') == NULL) {
+	    /* [host]:port-w/o-colons, host-without-colons:port-w/o-colons */
+	    *t = '\0';
+	    portstr = t + 1;
 	}
 	else {
-	    return ":port must be numeric";
+	    portstr = "0";
 	}
-	*t = 0;
+    } else {
+	portstr = pstr;
     }
 
-    is_an_ip_addr = 0;
-    if (strcmp(w, "*") == 0) {
-	my_addr = htonl(INADDR_ANY);
-	is_an_ip_addr = 1;
-    }
-    else if (strcasecmp(w, "_default_") == 0
-	     || strcmp(w, "255.255.255.255") == 0) {
-	my_addr = DEFAULT_VHOST_ADDR;
-	is_an_ip_addr = 1;
-    }
-    else if ((my_addr = ap_inet_addr(w)) != INADDR_NONE) {
-	is_an_ip_addr = 1;
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_socktype = SOCK_STREAM;
+    if (strcmp(w, "*") == 0 || strlen(w) == 0) {
+	hoststr = NULL;
+	hints.ai_family = PF_UNSPEC;
+	hints.ai_flags = AI_PASSIVE;
+    }
+    else if (strcasecmp(w, "_default4_") == 0 ||
+	     ((ap_default_family == PF_INET
+#ifndef INET6
+	       || ap_default_family == PF_UNSPEC
+#endif
+	       ) && strcasecmp(w, "_default_") == 0)){
+	hoststr = "255.255.255.255";
+	hints.ai_family = PF_INET;
+    }
+#ifdef INET6
+    else if (strcasecmp(w, "_default6_") == 0 ||
+	     ((ap_default_family == PF_INET6
+	       || ap_default_family == PF_UNSPEC
+	       ) && strcasecmp(w, "_default_") == 0)){
+	hoststr = "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff";
+	hints.ai_family = PF_INET6;
     }
-    if (is_an_ip_addr) {
-	sar = ap_pcalloc(p, sizeof(server_addr_rec));
-	**paddr = sar;
-	*paddr = &sar->next;
-	sar->host_addr.s_addr = my_addr;
-	sar->host_port = port;
-	sar->virthost = ap_pstrdup(p, w);
-	if (t != NULL)
-	    *t = ':';
-	return NULL;
+#endif
+    else{
+	hoststr = w;
+	hints.ai_family = PF_UNSPEC;
     }
 
-    hep = gethostbyname(w);
-
-    if ((!hep) || (hep->h_addrtype != AF_INET || !hep->h_addr_list[0])) {
+    error = getaddrinfo(hoststr, portstr, &hints, &res0);
+    if (error || !res0) {
 	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, NULL,
-	    "Cannot resolve host name %s --- ignoring!", w);
-	if (t != NULL)
-	    *t = ':';
+	    "Cannot resolve host %s port %s --- ignoring!", hoststr, portstr);
+	if (t != NULL) *t = ':';
+	if (u != NULL) *u = ']';
 	return NULL;
     }
-
-    for (i = 0; hep->h_addr_list[i]; ++i) {
+    for (res=res0; res; res=res->ai_next) {
+	switch (res->ai_addr->sa_family) {
+	case AF_INET:
+#ifdef INET6
+	case AF_INET6:
+#endif
+	    break;
+	default:
+	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, NULL,
+			 "Unsupported address family %u, for host %s port %s --- ignoring!",
+			 res->ai_addr->sa_family, hoststr, portstr);
+	    continue;
+	}
 	sar = ap_pcalloc(p, sizeof(server_addr_rec));
 	**paddr = sar;
 	*paddr = &sar->next;
-	sar->host_addr = *(struct in_addr *) hep->h_addr_list[i];
-	sar->host_port = port;
+	memcpy(&sar->host_addr, res->ai_addr, res->ai_addrlen);
+	if (getnameinfo(res->ai_addr, res->ai_addrlen, NULL, 0, servbuf,
+			sizeof(servbuf), NI_NUMERICSERV) == 0)
+		sar->host_port = atoi(servbuf);
+	else
+		sar->host_port = 0;
 	sar->virthost = ap_pstrdup(p, w);
     }
 
-    if (t != NULL)
-	*t = ':';
+    freeaddrinfo(res0);
+    if (t != NULL) *t = ':';
+    if (u != NULL) *u = ']';
     return NULL;
 }
 
@@ -250,7 +287,8 @@
     /* start the list of addreses */
     addrs = &s->addrs;
     while (hostname[0]) {
-	err = get_addresses(p, ap_getword_conf(p, &hostname), &addrs, s->port);
+	err = get_addresses(p, ap_getword_conf(p, &hostname), NULL,
+		&addrs, s->port);
 	if (err) {
 	    *addrs = NULL;
 	    return err;
@@ -268,10 +306,11 @@
 }
 
 
-API_EXPORT_NONSTD(const char *) ap_set_name_virtual_host (cmd_parms *cmd, void *dummy, char *arg)
+API_EXPORT_NONSTD(const char *) ap_set_name_virtual_host (cmd_parms *cmd, void *dummy, char *h,
+	char *p)
 {
     /* use whatever port the main server has at this point */
-    return get_addresses(cmd->pool, arg, &name_vhost_list_tail,
+    return get_addresses(cmd->pool, h, p, &name_vhost_list_tail,
 			    cmd->server->port);
 }
 
@@ -345,6 +384,19 @@
     return ((key >> 8) ^ key) % IPHASH_TABLE_SIZE;
 }
 
+static unsigned hash_addr(struct sockaddr *sa)
+{
+    switch (sa->sa_family) {
+    case AF_INET:
+	return hash_inaddr(((struct sockaddr_in *)sa)->sin_addr.s_addr);
+#ifdef INET6
+    case AF_INET6:
+	return hash_inaddr(((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr[12]);
+#endif
+    default:
+	return hash_inaddr(sa->sa_family);
+    }
+}
 
 
 static ipaddr_chain *new_ipaddr_chain(pool *p,
@@ -372,25 +424,77 @@
     return new;
 }
 
-
-static ap_inline ipaddr_chain *find_ipaddr(struct in_addr *server_ip,
-    unsigned port)
+static ap_inline ipaddr_chain *find_ipaddr(struct sockaddr *sa)
 {
     unsigned bucket;
     ipaddr_chain *trav;
-    unsigned addr;
+    char a[NI_MAXHOST], b[NI_MAXHOST];
 
     /* scan the hash table for an exact match first */
-    addr = server_ip->s_addr;
-    bucket = hash_inaddr(addr);
+    bucket = hash_addr(sa);
     for (trav = iphash_table[bucket]; trav; trav = trav->next) {
 	server_addr_rec *sar = trav->sar;
-	if ((sar->host_addr.s_addr == addr)
-	    && (sar->host_port == 0 || sar->host_port == port
-		|| port == 0)) {
-	    return trav;
+	if (sar->host_addr.ss_family != sa->sa_family)
+	    continue;
+	switch (sa->sa_family) {
+	case AF_INET:
+	  {
+	    struct sockaddr_in *sin1, *sin2;
+	    sin1 = (struct sockaddr_in *)&sar->host_addr;
+	    sin2 = (struct sockaddr_in *)sa;
+	    if (sin1->sin_port == 0 || sin2->sin_port == 0
+	     || sin1->sin_port == sin2->sin_port) {
+		if (memcmp(&sin1->sin_addr, &sin2->sin_addr,
+			sizeof(sin1->sin_addr)) == 0) {
+		    return trav;
+		}
+	    }
+	    break;
+	  }
+#ifdef INET6
+	case AF_INET6:
+	  {
+	    struct sockaddr_in6 *sin1, *sin2;
+	    sin1 = (struct sockaddr_in6 *)&sar->host_addr;
+	    sin2 = (struct sockaddr_in6 *)sa;
+	    if (sin1->sin6_port == 0 || sin2->sin6_port == 0
+	     || sin1->sin6_port == sin2->sin6_port) {
+		if (memcmp(&sin1->sin6_addr, &sin2->sin6_addr,
+			sizeof(sin1->sin6_addr)) == 0) {
+		    return trav;
+		}
+	    }
+	    break;
+	  }
+#endif
+	default: /*unsupported*/
+	    break;
 	}
     }
+
+#ifdef INET6
+    if (sa->sa_family == AF_INET6 &&
+	IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)sa)->sin6_addr)) {
+	/*
+	 * This is just horrible.  I just hate IPv4 mapped address.  It
+	 * complicates access control too much.
+	 * Due to hashed lookup, we need to visit it again.
+	 */
+	struct sockaddr_in sin;
+
+	memset(&sin, 0, sizeof(sin));
+	sin.sin_family = AF_INET;
+#ifdef SIN6_LEN
+	sin.sin_len = sizeof(sin);
+#endif
+	sin.sin_port = ((struct sockaddr_in6 *)sa)->sin6_port;
+	memcpy(&sin.sin_addr,
+	    &((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr[12],
+	    sizeof(sin.sin_addr));
+	return find_ipaddr((struct sockaddr *)&sin);
+    }
+#endif
+
     return NULL;
 }
 
@@ -416,21 +520,7 @@
     int len;
     char buf[MAX_STRING_LEN];
 
-    if (ic->sar->host_addr.s_addr == DEFAULT_VHOST_ADDR) {
-	len = ap_snprintf(buf, sizeof(buf), "_default_:%u",
-		ic->sar->host_port);
-    }
-    else if (ic->sar->host_addr.s_addr == INADDR_ANY) {
-	len = ap_snprintf(buf, sizeof(buf), "*:%u",
-		ic->sar->host_port);
-    }
-    else {
-	len = ap_snprintf(buf, sizeof(buf), "%pA:%u",
-		&ic->sar->host_addr, ic->sar->host_port);
-    }
-    if (ic->sar->host_port == 0) {
-	buf[len-1] = '*';
-    }
+    len = ap_snprintf(buf, sizeof(buf), "%pI", &ic->sar->host_addr);
     if (ic->names == NULL) {
 	if (ic->server == NULL)
 	    fprintf(f, "%-22s WARNING: No  defined for this NameVirtualHost!\n", buf);
@@ -558,10 +648,37 @@
      * occured in the config file, we'll copy it in that order.
      */
     for (sar = name_vhost_list; sar; sar = sar->next) {
-	unsigned bucket = hash_inaddr(sar->host_addr.s_addr);
+	unsigned bucket = hash_addr((struct sockaddr *)&sar->host_addr);
 	ipaddr_chain *ic = new_ipaddr_chain(p, NULL, sar);
+	int wildcard;
 
-	if (sar->host_addr.s_addr != INADDR_ANY) {
+	wildcard = 0;
+	switch (sar->host_addr.ss_family) {
+	case AF_INET:
+	  {
+	    struct sockaddr_in *sin;
+	    sin = (struct sockaddr_in *)&sar->host_addr;
+	    if (sin->sin_addr.s_addr == INADDR_ANY)
+		wildcard++;
+	    break;
+	  }
+#ifdef INET6
+	case AF_INET6:
+	  {
+	    struct sockaddr_in6 *sin6;
+	    sin6 = (struct sockaddr_in6 *)&sar->host_addr;
+	    if (*(ap_uint32_t *)&sin6->sin6_addr.s6_addr[0] == 0
+	     && *(ap_uint32_t *)&sin6->sin6_addr.s6_addr[4] == 0
+	     && *(ap_uint32_t *)&sin6->sin6_addr.s6_addr[8] == 0
+	     && *(ap_uint32_t *)&sin6->sin6_addr.s6_addr[12] == 0) {
+		wildcard++;
+	    }
+	    break;
+	  }
+#endif
+	}
+
+	if (!wildcard) {
 	    *iphash_table_tail[bucket] = ic;
 	    iphash_table_tail[bucket] = &ic->next;
 	}
@@ -588,12 +705,45 @@
 	has_default_vhost_addr = 0;
 	for (sar = s->addrs; sar; sar = sar->next) {
 	    ipaddr_chain *ic;
+	    int wildcard;
 
-	    if (sar->host_addr.s_addr == DEFAULT_VHOST_ADDR
-		|| sar->host_addr.s_addr == INADDR_ANY) {
-		ic = find_default_server(sar->host_port);
-		if (!ic || !add_name_vhost_config(p, main_s, s, sar, ic)) {
-		    if (ic && ic->sar->host_port != 0) {
+	    wildcard = 0;
+	    switch (sar->host_addr.ss_family) {
+	    case AF_INET:
+	      {
+		struct sockaddr_in *sin;
+		sin = (struct sockaddr_in *)&sar->host_addr;
+		if (sin->sin_addr.s_addr == DEFAULT_VHOST_ADDR)
+		    wildcard++;
+		else if (sin->sin_addr.s_addr == INADDR_ANY)
+		    wildcard++;
+		break;
+	      }
+#ifdef INET6
+	    case AF_INET6:
+	      {
+		struct sockaddr_in6 *sin6;
+		sin6 = (struct sockaddr_in6 *)&sar->host_addr;
+		if (*(ap_uint32_t *)&sin6->sin6_addr.s6_addr[0] == ~0
+		 && *(ap_uint32_t *)&sin6->sin6_addr.s6_addr[4] == ~0
+		 && *(ap_uint32_t *)&sin6->sin6_addr.s6_addr[8] == ~0
+		 && *(ap_uint32_t *)&sin6->sin6_addr.s6_addr[12] == ~0) {
+		    wildcard++;
+		}
+		break;
+	      }
+#endif
+	    }
+
+	    if (wildcard) {
+		/* add it to default bucket for each appropriate sar
+		 * since we need to do a port test
+		 */
+		ipaddr_chain *other;
+
+		other = find_default_server(sar->host_port);
+		if (!other || !add_name_vhost_config(p, main_s, s, sar, other)) {
+		    if (other && other->sar->host_port != 0) {
 			ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING,
 			    main_s, "_default_ VirtualHost overlap on port %u,"
 			    " the first has precedence", sar->host_port);
@@ -606,10 +756,11 @@
 	    }
 	    else {
 		/* see if it matches something we've already got */
-		ic = find_ipaddr(&sar->host_addr, sar->host_port);
+		ic = find_ipaddr((struct sockaddr *)&sar->host_addr);
 
 		if (!ic) {
-		    unsigned bucket = hash_inaddr(sar->host_addr.s_addr);
+		    unsigned bucket =
+		        hash_addr((struct sockaddr *)&sar->host_addr);
 
 		    ic = new_ipaddr_chain(p, s, sar);
 		    ic->next = *iphash_table_tail[bucket];
@@ -646,19 +797,33 @@
 	    }
 	    else {
 		struct hostent *h;
+		char hostnamebuf[MAXHOSTNAMELEN];
 
-		if ((h = gethostbyaddr((char *) &(s->addrs->host_addr),
-					sizeof(struct in_addr), AF_INET))) {
-		    s->server_hostname = ap_pstrdup(p, (char *) h->h_name);
+		if (!getnameinfo((struct sockaddr *)&s->addrs->host_addr,
+#ifndef SIN6_LEN
+			SA_LEN((struct sockaddr *)&s->addrs->host_addr),
+#else	
+			s->addrs->host_addr.ss_len,
+#endif
+			hostnamebuf, sizeof(hostnamebuf),
+			NULL, 0, 0)) {
+		    s->server_hostname = ap_pstrdup(p, hostnamebuf);
 		}
 		else {
 		    /* again, what can we do?  They didn't specify a
 		       ServerName, and their DNS isn't working. -djg */
+		    getnameinfo((struct sockaddr *)&s->addrs->host_addr,
+#ifndef SIN6_LEN
+			SA_LEN((struct sockaddr *)&s->addrs->host_addr),
+#else	
+			s->addrs->host_addr.ss_len,
+#endif
+			hostnamebuf, sizeof(hostnamebuf),
+			NULL, 0, NI_NUMERICHOST);
 		    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, main_s,
 			    "Failed to resolve server name "
 			    "for %s (check DNS) -- or specify an explicit "
-			    "ServerName",
-			    inet_ntoa(s->addrs->host_addr));
+			    "ServerName", hostnamebuf);
 		    s->server_hostname =
 			ap_pstrdup(p, "bogus_host_without_reverse_dns");
 		}
@@ -705,35 +870,58 @@
     char *host = ap_palloc(r->pool, strlen(r->hostname) + 1);
     const char *src;
     char *dst;
+    const char *u = NULL, *v = NULL;
 
     /* check and copy the host part */
-    src = r->hostname;
+    u = src = r->hostname;
 
     dst = host;
-    while (*src) {
-	if (*src == '.') {
-	    *dst++ = *src++;
-	    if (*src == '.')
-		goto bad;
-	    else
-		continue;
-	}
-	if (*src == '/' || *src == '\\') {
-	    goto bad;
+    if (*u == '[') { /* IPv6 numeral address in brackets */
+        v = strchr(u, ']');
+	if (v == NULL) {
+	    /* missing closing bracket */
+            goto bad;
+	}
+        if (v == (u + 1)) {
+            /* bad empty address */
+            goto bad;
+	}
+	for (src = u+1; src < v; src++)  /* copy IPv6 adress */
+	    *dst = *src;
+	v++;
+	if (*v == ':') {
+	   v++;
+	   while (*v) {  /* check if portnum is correct */
+	       if (!ap_isdigit(*v++))
+		   goto bad;
+	   }
 	}
-        if (*src == ':') {
-            /* check the port part */
-            while (*++src) {
-                if (!ap_isdigit(*src)) {
-                    goto bad;
-                }
-            }
-            if (src[-1] == ':')
-                goto bad;
-            else
-                break;
+    } else {
+        while (*src) {
+	    if (*src == '.') {
+		*dst++ = *src++;
+		if (*src == '.')
+		    goto bad;
+		else
+		    continue;
+	    }
+	    if (*src == '/' || *src == '\\') {
+		goto bad;
+	    }
+	    if (*src == ':') {
+		/* sheck the port part */
+		while (*++src) {
+		    if (!ap_isdigit(*src)) {
+			goto bad;
+		    }
+		}
+		if (src[-1] == ':')
+		    goto bad;
+		else
+		    break;
+	    }
+	    *dst++ = *src++;
         }
-	*dst++ = *src++;
     }
     /* strip trailing gubbins */
     if (dst > host && dst[-1] == '.') {
@@ -748,7 +936,7 @@
 bad:
     r->status = HTTP_BAD_REQUEST;
     ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		  "Client sent malformed Host header");
+		  "Client sent malformed Host header <<%s>>",u);
     return;
 }
 
@@ -851,11 +1039,25 @@
      *   names we'll match have ports associated with them
      */
     const char *host = r->hostname;
-    unsigned port = ntohs(r->connection->local_addr.sin_port);
+    unsigned port;
     server_rec *s;
     server_rec *last_s;
     name_chain *src;
 
+    switch (r->connection->local_addr.ss_family) {
+    case AF_INET:
+    	port = ntohs(((struct sockaddr_in *)
+		    &r->connection->local_addr)->sin_port);
+	break;
+#ifdef INET6
+    case AF_INET6:
+    	port = ntohs(((struct sockaddr_in6 *)
+		    &r->connection->local_addr)->sin6_port);
+	break;
+#endif
+    default:
+	port = 0;	/*XXX*/
+    }
     last_s = NULL;
 
     /* Recall that the name_chain is a list of server_addr_recs, some of
@@ -910,7 +1112,22 @@
     server_rec *s;
     server_rec *last_s;
     name_chain *src;
-    unsigned port = ntohs(r->connection->local_addr.sin_port);
+    unsigned port;
+
+    switch (r->connection->local_addr.ss_family) {
+    case AF_INET:
+    	port = ntohs(((struct sockaddr_in *)
+		    &r->connection->local_addr)->sin_port);
+	break;
+#ifdef INET6
+    case AF_INET6:
+    	port = ntohs(((struct sockaddr_in6 *)
+		    &r->connection->local_addr)->sin6_port);
+	break;
+#endif
+    default:
+	port = 0;	/*XXX*/
+    }
 
     /*
      * This is in conjunction with the ServerPath code in http_core, so we
@@ -970,10 +1187,22 @@
 API_EXPORT(void) ap_update_vhost_given_ip(conn_rec *conn)
 {
     ipaddr_chain *trav;
-    unsigned port = ntohs(conn->local_addr.sin_port);
+    char portbuf[NI_MAXSERV];
+    unsigned port;
+
+    if (getnameinfo((struct sockaddr *)&conn->local_addr,
+#ifndef SIN6_LEN
+	SA_LEN((struct sockaddr *)&conn->local_addr),
+#else	
+	conn->local_addr.ss_len,
+#endif
+	NULL, 0, portbuf, sizeof(portbuf), NI_NUMERICSERV) != 0) {
+	goto fail;
+    }
+    port = atoi(portbuf);
 
     /* scan the hash table for an exact match first */
-    trav = find_ipaddr(&conn->local_addr.sin_addr, port);
+    trav = find_ipaddr((struct sockaddr *)&conn->local_addr);
     if (trav) {
 	/* save the name_chain for later in case this is a name-vhost */
 	conn->vhost_lookup_data = trav->names;
@@ -991,6 +1220,7 @@
 	return;
     }
 
+fail:
     /* otherwise we're stuck with just the main server
      * and no name-based vhosts
      */
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/rfc1413.c usr.sbin/httpd/src/main/rfc1413.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/rfc1413.c	Thu Feb 13 12:15:14 2003
+++ usr.sbin/httpd/src/main/rfc1413.c	Sun Feb 16 16:05:23 2003
@@ -82,6 +82,7 @@
 #include "http_log.h"		/* for aplog_error */
 #include "rfc1413.h"
 #include "http_main.h"		/* set_callback_and_alarm */
+#include "sa_len.h"
 
 /* Local stuff. */
 /* Semi-well-known port */
@@ -109,12 +110,13 @@
 
 /* bind_connect - bind both ends of a socket */
 /* Ambarish fix this. Very broken */
-static int get_rfc1413(int sock, const struct sockaddr_in *our_sin,
-		       const struct sockaddr_in *rmt_sin, 
+static int get_rfc1413(int sock, const struct sockaddr *our_sin,
+		       const struct sockaddr *rmt_sin, 
 		       char user[RFC1413_USERLEN+1], server_rec *srv)
 {
-    struct sockaddr_in rmt_query_sin, our_query_sin;
-    unsigned int rmt_port, our_port;
+    struct sockaddr_storage rmt_query_sin, our_query_sin;
+    unsigned int o_rmt_port, o_our_port;	/* original port pair */
+    unsigned int rmt_port, our_port;		/* replied port pair */
     int i;
     char *cp;
     char buffer[RFC1413_MAXDATA + 1];
@@ -129,16 +131,47 @@
      * addresses from the query socket.
      */
 
-    our_query_sin = *our_sin;
-    our_query_sin.sin_port = htons(ANY_PORT);
-#ifdef MPE 
-    our_query_sin.sin_addr.s_addr = INADDR_ANY;
+#ifndef SIN6_LEN
+    memcpy(&our_query_sin, our_sin, SA_LEN(our_sin));
+    memcpy(&rmt_query_sin, rmt_sin, SA_LEN(rmt_sin));
+#else
+    memcpy(&our_query_sin, our_sin, our_sin->sa_len);
+    memcpy(&rmt_query_sin, rmt_sin, rmt_sin->sa_len);
 #endif
-    rmt_query_sin = *rmt_sin;
-    rmt_query_sin.sin_port = htons(RFC1413_PORT);
+    switch (our_sin->sa_family) {
+    case AF_INET:
+#ifdef MPE
+      ((struct sockaddr_in *)&our_query_sin)->sin_addr.s_addr = INADDR_ANY; /* XXX: htonl(??) */
+#endif
+      ((struct sockaddr_in *)&our_query_sin)->sin_port = htons(ANY_PORT);
+      o_our_port = ntohs(((struct sockaddr_in *)our_sin)->sin_port);
+      ((struct sockaddr_in *)&rmt_query_sin)->sin_port = htons(RFC1413_PORT);
+      o_rmt_port = ntohs(((struct sockaddr_in *)rmt_sin)->sin_port);
+      break;
+#ifdef INET6
+    case AF_INET6:
+#ifdef MPE
+      memcpy(&((struct sockaddr_in6 *)&our_query_sin)->sin6_addr, 
+	     &in6addr_any, sizeof(struct in6_addr));
+#endif
+      ((struct sockaddr_in6 *)&our_query_sin)->sin6_port = htons(ANY_PORT);
+      o_our_port = ntohs(((struct sockaddr_in6 *)our_sin)->sin6_port);
+      ((struct sockaddr_in6 *)&rmt_query_sin)->sin6_port = htons(RFC1413_PORT);
+      o_rmt_port = ntohs(((struct sockaddr_in6 *)rmt_sin)->sin6_port);
+      break;
+#endif
+    default:
+      /* unsupported AF */
+      return -1;
+    }
 
     if (bind(sock, (struct sockaddr *) &our_query_sin,
-	     sizeof(struct sockaddr_in)) < 0) {
+#ifndef SIN6_LEN
+	     SA_LEN((struct sockaddr *) &our_query_sin)
+#else
+	     our_query_sin.ss_len
+#endif
+	     ) < 0) {
 	ap_log_error(APLOG_MARK, APLOG_CRIT, srv,
 		    "bind: rfc1413: Error binding to local port");
 	return -1;
@@ -149,12 +182,18 @@
  * the service
  */
     if (connect(sock, (struct sockaddr *) &rmt_query_sin,
-		sizeof(struct sockaddr_in)) < 0)
-	            return -1;
+#ifndef SIN6_LEN
+		SA_LEN((struct sockaddr *) &rmt_query_sin)
+#else
+		rmt_query_sin.ss_len
+#endif
+		) < 0) {
+	return -1;
+    }
 
 /* send the data */
-    buflen = ap_snprintf(buffer, sizeof(buffer), "%u,%u\r\n", ntohs(rmt_sin->sin_port),
-		ntohs(our_sin->sin_port));
+    buflen = ap_snprintf(buffer, sizeof(buffer), "%u,%u\r\n", o_rmt_port,
+		o_our_port);
 
     /* send query to server. Handle short write. */
 #ifdef CHARSET_EBCDIC
@@ -219,9 +258,9 @@
     ascii2ebcdic(buffer, buffer, (size_t)i);
 #endif
     if (sscanf(buffer, "%u , %u : USERID :%*[^:]:%512s", &rmt_port, &our_port,
-	       user) != 3 || ntohs(rmt_sin->sin_port) != rmt_port
-	|| ntohs(our_sin->sin_port) != our_port)
+	       user) != 3 || o_rmt_port != rmt_port || o_our_port != our_port) {
 	return -1;
+    }
 
     /*
      * Strip trailing carriage return. It is part of the
@@ -243,7 +282,7 @@
 
     result = FROM_UNKNOWN;
 
-    sock = ap_psocket(conn->pool, AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    sock = ap_psocket(conn->pool, conn->remote_addr.ss_family, SOCK_STREAM, IPPROTO_TCP);
     if (sock < 0) {
 	ap_log_error(APLOG_MARK, APLOG_CRIT, srv,
 		    "socket: rfc1413: error creating socket");
@@ -256,8 +295,10 @@
     if (ap_setjmp(timebuf) == 0) {
 	ap_set_callback_and_alarm(ident_timeout, ap_rfc1413_timeout);
 
-	if (get_rfc1413(sock, &conn->local_addr, &conn->remote_addr, user, srv) >= 0)
+	if (get_rfc1413(sock, (struct sockaddr *)&conn->local_addr,
+		(struct sockaddr *)&conn->remote_addr, user, srv) >= 0) {
 	    result = user;
+	}
     }
     ap_set_callback_and_alarm(NULL, 0);
     ap_pclosesocket(conn->pool, sock);
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/util.c usr.sbin/httpd/src/main/util.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/util.c	Thu Feb 13 12:15:14 2003
+++ usr.sbin/httpd/src/main/util.c	Sun Feb 16 16:05:23 2003
@@ -2017,52 +2017,87 @@
  * Parses a host of the form 
    [:port]
  * :port is permitted if 'port' is not NULL
  */
-API_EXPORT(unsigned long) ap_get_virthost_addr(char *w, unsigned short *ports)
+API_EXPORT(struct sockaddr *) ap_get_virthost_addr(char *w, unsigned short *ports)
 {
-    struct hostent *hep;
-    unsigned long my_addr;
-    char *p;
-
-    p = strchr(w, ':');
+    static struct sockaddr_storage ss;
+    struct addrinfo hints, *res;
+    char *p, *r;
+    char *host;
+    char *port = "0";
+    int error;
+    char servbuf[NI_MAXSERV];
+
+    if (w == NULL)
+	w = "*";
+    p = r = NULL;
+    if (*w == '['){
+	if (r = strrchr(w+1, ']')){
+	    *r = '\0';
+	    p = r + 1;
+	    switch(*p){
+	    case ':':
+	      p++;
+	      /* nobreak; */
+	    case '\0':
+	      w++;
+	      break;
+	    default:
+	      p = NULL;
+	    }
+	}
+    }
+    else{
+	p = strchr(w, ':');
+	if (p != NULL && strchr(p+1, ':') != NULL)
+	    p = NULL;
+    }
     if (ports != NULL) {
-	*ports = 0;
-	if (p != NULL && strcmp(p + 1, "*") != 0)
-	    *ports = atoi(p + 1);
+	if (p != NULL && *p && strcmp(p + 1, "*") != 0)
+	    port = p + 1;
     }
 
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_socktype = SOCK_STREAM;
     if (p != NULL)
 	*p = '\0';
     if (strcmp(w, "*") == 0) {
-	if (p != NULL)
-	    *p = ':';
-	return htonl(INADDR_ANY);
-    }
-
-    my_addr = ap_inet_addr((char *)w);
-    if (my_addr != INADDR_NONE) {
-	if (p != NULL)
-	    *p = ':';
-	return my_addr;
+	host = NULL;
+	hints.ai_flags = AI_PASSIVE;
+	hints.ai_family = ap_default_family;
+    } else {
+	host = w;
+	hints.ai_family = PF_UNSPEC;
     }
 
-    hep = gethostbyname(w);
+    error = getaddrinfo(host, port, &hints, &res);
 
-    if ((!hep) || (hep->h_addrtype != AF_INET || !hep->h_addr_list[0])) {
-	fprintf(stderr, "Cannot resolve host name %s --- exiting!\n", w);
+    if (error || !res) {
+	fprintf(stderr, "ap_get_vitrhost_addr(): getaddrinfo(%s):%s --- exiting!\n", w, gai_strerror(error));
 	exit(1);
     }
 
-    if (hep->h_addr_list[1]) {
-	fprintf(stderr, "Host %s has multiple addresses ---\n", w);
+    if (res->ai_next) {
+	fprintf(stderr, "ap_get_vitrhost_addr(): Host %s has multiple addresses ---\n", w);
 	fprintf(stderr, "you must choose one explicitly for use as\n");
 	fprintf(stderr, "a virtual host.  Exiting!!!\n");
 	exit(1);
     }
 
+    if (r != NULL)
+	*r = ']';
     if (p != NULL)
 	*p = ':';
 
-    return ((struct in_addr *) (hep->h_addr))->s_addr;
+    memcpy(&ss, res->ai_addr, res->ai_addrlen);
+    if (getnameinfo(res->ai_addr, res->ai_addrlen,
+		    NULL, 0, servbuf, sizeof(servbuf),
+		    NI_NUMERICSERV)){
+	fprintf(stderr, "ap_get_virthost_addr(): getnameinfo() failed --- Exiting!!!\n");
+	exit(1);
+    }
+    if (ports) *ports = atoi(servbuf);
+    freeaddrinfo(res);
+    return (struct sockaddr *)&ss;
 }
 
 
@@ -2090,7 +2125,8 @@
 #endif
     char str[MAXHOSTNAMELEN];
     char *server_hostname = NULL;
-    struct hostent *p;
+    struct addrinfo hints, *res;
+    int error;
 
 #ifdef BEOS /* BeOS returns zero as an error for gethostname */
     if (gethostname(str, sizeof(str) - 1) == 0) {
@@ -2104,25 +2140,27 @@
     else 
     {
         str[sizeof(str) - 1] = '\0';
-        if ((!(p = gethostbyname(str))) 
-            || (!(server_hostname = find_fqdn(a, p)))) {
-           if (p == NULL || p->h_addr_list == NULL)
-              server_hostname=NULL;
-           else {
-              /* Recovery - return the default servername by IP: */
-              if (p->h_addr_list[0]) {
-		      ap_snprintf(str, sizeof(str), "%pA", p->h_addr_list[0]);
-		      server_hostname = ap_pstrdup(a, str);
-                    /* We will drop through to report the IP-named server */
-	      }
-	   }
-        }
-	else
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = PF_UNSPEC;
+        hints.ai_flags = AI_CANONNAME;
+        res = NULL;
+        error = getaddrinfo(str, NULL, &hints, &res);
+        if (error == 0 && res)
+        {
             /* Since we found a fdqn, return it with no logged message. */
+            server_hostname = ap_pstrdup(a, res->ai_canonname);
+            freeaddrinfo(res);
             return server_hostname;
+        }
+	else
+        {
+            /* Recovery - return the default servername by IP: */
+            server_hostname = ap_pstrdup(a, str);
+            /* We will drop through to report the IP-named server */
+         }
     }
 
-    /* If we don't have an fdqn or IP, fall back to the loopback addr */
+    /* If we don't have an fqdn or IP, fall back to the loopback addr */
     if (!server_hostname) 
         server_hostname = ap_pstrdup(a, "127.0.0.1");
     
@@ -2131,6 +2169,8 @@
                  "domain name, using %s for ServerName",
                  ap_server_argv0, server_hostname);
     
+    if (res)
+	freeaddrinfo(res);
     return server_hostname;
 }
 
@@ -2373,3 +2413,11 @@
     }
     *dest = 0;
 }
+
+#ifdef NEED_GETADDRINFO
+#include "getaddrinfo.c"
+#endif
+
+#ifdef NEED_GETNAMEINFO
+#include "getnameinfo.c"
+#endif
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/util_script.c usr.sbin/httpd/src/main/util_script.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/util_script.c	Thu Feb 13 12:15:14 2003
+++ usr.sbin/httpd/src/main/util_script.c	Sun Feb 16 16:05:23 2003
@@ -67,6 +67,7 @@
 #include "http_request.h"	/* for sub_req_lookup_uri() */
 #include "util_script.h"
 #include "util_date.h"		/* For parseHTTPdate() */
+#include "sa_len.h"
 
 #ifdef OS2
 #define INCL_DOS
@@ -203,6 +204,7 @@
     array_header *hdrs_arr = ap_table_elts(r->headers_in);
     table_entry *hdrs = (table_entry *) hdrs_arr->elts;
     int i;
+    char servbuf[NI_MAXSERV];
 
     /* use a temporary table which we'll overlap onto
      * r->subprocess_env later
@@ -280,7 +282,8 @@
     ap_table_addn(e, "PATH", env_path);
     ap_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r));
     ap_table_addn(e, "SERVER_SOFTWARE", ap_get_server_version());
-    ap_table_addn(e, "SERVER_NAME", ap_get_server_name(r));
+    ap_table_addn(e, "SERVER_NAME", 
+		  ap_escape_html(r->pool,ap_get_server_name(r)));
     ap_table_addn(e, "SERVER_ADDR", r->connection->local_ip);	/* Apache */
     ap_table_addn(e, "SERVER_PORT",
 		  ap_psprintf(r->pool, "%u", ap_get_server_port(r)));
@@ -293,8 +296,16 @@
     ap_table_addn(e, "SERVER_ADMIN", s->server_admin);	/* Apache */
     ap_table_addn(e, "SCRIPT_FILENAME", r->filename);	/* Apache */
 
-    ap_table_addn(e, "REMOTE_PORT",
-		  ap_psprintf(r->pool, "%d", ntohs(c->remote_addr.sin_port)));
+    servbuf[0] = '\0';
+    if (!getnameinfo((struct sockaddr *)&c->remote_addr,
+#ifndef HAVE_SOCKADDR_LEN
+		     SA_LEN((struct sockaddr *)&c->remote_addr),
+#else
+		     c->remote_addr.ss_len,
+#endif
+		     NULL, 0, servbuf, sizeof(servbuf), NI_NUMERICSERV)){
+	ap_table_addn(e, "REMOTE_PORT", ap_pstrdup(r->pool, servbuf));
+    }
 
     if (c->user) {
 	ap_table_addn(e, "REMOTE_USER", c->user);
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/util_uri.c usr.sbin/httpd/src/main/util_uri.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/main/util_uri.c	Thu Feb 13 12:15:14 2003
+++ usr.sbin/httpd/src/main/util_uri.c	Sun Feb 16 16:05:23 2003
@@ -410,45 +410,50 @@
      * &hostinfo[-1] < &hostinfo[0] ... and this loop is valid C.
      */
     do {
-        --s;
+	--s;
     } while (s >= hostinfo && *s != '@');
     if (s < hostinfo) {
-        /* again we want the common case to be fall through */
-      deal_with_host:
-        /* We expect hostinfo to point to the first character of
-         * the hostname.  If there's a port it is the first colon.
-         */
-        s = memchr(hostinfo, ':', uri - hostinfo);
-        if (s == NULL) {
-            /* we expect the common case to have no port */
-            uptr->hostname = ap_pstrndup(p, hostinfo, uri - hostinfo);
-            goto deal_with_path;
-        }
-        uptr->hostname = ap_pstrndup(p, hostinfo, s - hostinfo);
-        ++s;
-        uptr->port_str = ap_pstrndup(p, s, uri - s);
-        if (uri != s) {
-            port = ap_strtol(uptr->port_str, &endstr, 10);
-            uptr->port = port;
-            if (*endstr == '\0') {
-                goto deal_with_path;
-            }
-            /* Invalid characters after ':' found */
-            return HTTP_BAD_REQUEST;
-        }
-        uptr->port = ap_default_port_for_scheme(uptr->scheme);
-        goto deal_with_path;
+	/* again we want the common case to be fall through */
+deal_with_host:
+	/* We expect hostinfo to point to the first character of
+	 * the hostname.  If there's a port it is the first colon.
+	 */
+	if (*hostinfo == '[') {
+	    s = memchr(hostinfo+1, ']', uri - hostinfo - 1);
+	    if (s)
+		s = strchr(s, ':');
+	} else
+	    s = memchr(hostinfo, ':', uri - hostinfo);
+	if (s == NULL) {
+	    /* we expect the common case to have no port */
+	    uptr->hostname = ap_pstrndup(p, hostinfo, uri - hostinfo);
+	    goto deal_with_path;
+	}
+	uptr->hostname = ap_pstrndup(p, hostinfo, s - hostinfo);
+	++s;
+	uptr->port_str = ap_pstrndup(p, s, uri - s);
+	if (uri != s) {
+	    port = ap_strtol(uptr->port_str, &endstr, 10);
+	    uptr->port = port;
+	    if (*endstr == '\0') {
+		goto deal_with_path;
+	    }
+	    /* Invalid characters after ':' found */
+	    return HTTP_BAD_REQUEST;
+	}
+	uptr->port = ap_default_port_for_scheme(uptr->scheme);
+	goto deal_with_path;
     }
 
     /* first colon delimits username:password */
     s1 = memchr(hostinfo, ':', s - hostinfo);
     if (s1) {
-        uptr->user = ap_pstrndup(p, hostinfo, s1 - hostinfo);
-        ++s1;
-        uptr->password = ap_pstrndup(p, s1, s - s1);
+	uptr->user = ap_pstrndup(p, hostinfo, s1 - hostinfo);
+	++s1;
+	uptr->password = ap_pstrndup(p, s1, s - s1);
     }
     else {
-        uptr->user = ap_pstrndup(p, hostinfo, s - hostinfo);
+	uptr->user = ap_pstrndup(p, hostinfo, s - hostinfo);
     }
     hostinfo = s + 1;
     goto deal_with_host;
@@ -475,7 +480,12 @@
     /* We expect hostinfo to point to the first character of
      * the hostname.  There must be a port, separated by a colon
      */
-    s = strchr(hostinfo, ':');
+    if (*hostinfo == '[') {
+        s = strchr(hostinfo+1, ']');
+        if (s)
+            s = strchr(s, ':');
+    } else
+        s = strchr(hostinfo, ':');
     if (s == NULL) {
         return HTTP_BAD_REQUEST;
     }
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/proxy/mod_proxy.c usr.sbin/httpd/src/modules/proxy/mod_proxy.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/proxy/mod_proxy.c	Thu Feb 13 12:15:13 2003
+++ usr.sbin/httpd/src/modules/proxy/mod_proxy.c	Sun Feb 16 16:05:26 2003
@@ -574,11 +574,31 @@
     struct proxy_remote *new;
     char *p, *q;
     int port;
+    char *bl = NULL, *br = NULL;
 
     p = strchr(r, ':');
     if (p == NULL || p[1] != '/' || p[2] != '/' || p[3] == '\0')
-        return "ProxyRemote: Bad syntax for a remote proxy server";
-    q = strchr(p + 3, ':');
+	return "ProxyRemote: Bad syntax for a remote proxy server";
+    bl = p + 3;
+    if (*bl == '['){
+	br = strrchr(bl+1, ']');
+	if (br){
+	    bl++;
+	    *br = '\0';
+	    if (*(br+1) == ':'){	/* [host]:xx */
+		q = br+1;
+	    }
+	    else if (*(br+1) == '\0'){	/* [host] */
+		q = NULL;
+	    }
+	    else
+		q = strrchr(br, ':');	/* XXX */
+	}
+	else
+	    q = strrchr(bl, ':');	/* XXX */
+    }
+    else
+	q = strrchr(bl, ':');
     if (q != NULL) {
         if (sscanf(q + 1, "%u", &port) != 1 || port > 65535)
             return "ProxyRemote: Bad syntax for a remote proxy server (bad port number)";
@@ -589,7 +609,7 @@
     *p = '\0';
     if (strchr(f, ':') == NULL)
         ap_str_tolower(f);      /* lowercase scheme */
-    ap_str_tolower(p + 3);      /* lowercase hostname */
+    ap_str_tolower(bl);         /* lowercase hostname */
 
     if (port == -1) {
         int i;
@@ -602,7 +622,7 @@
     new = ap_push_array(conf->proxies);
     new->scheme = f;
     new->protocol = r;
-    new->hostname = p + 3;
+    new->hostname = bl;
     new->port = port;
     return NULL;
 }
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/proxy/mod_proxy.h usr.sbin/httpd/src/modules/proxy/mod_proxy.h
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/proxy/mod_proxy.h	Thu Feb 13 12:15:13 2003
+++ usr.sbin/httpd/src/modules/proxy/mod_proxy.h	Sun Feb 16 16:05:26 2003
@@ -310,7 +310,7 @@
 int ap_proxy_is_domainname(struct dirconn_entry *This, pool *p);
 int ap_proxy_is_hostname(struct dirconn_entry *This, pool *p);
 int ap_proxy_is_word(struct dirconn_entry *This, pool *p);
-int ap_proxy_doconnect(int sock, struct sockaddr_in *addr, request_rec *r);
+int ap_proxy_doconnect(int sock, struct sockaddr *addr, request_rec *r);
 int ap_proxy_garbage_init(server_rec *, pool *);
 /* This function is called by ap_table_do() for all header lines */
 int ap_proxy_send_hdr_line(void *p, const char *key, const char *value);
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/proxy/proxy_cache.c usr.sbin/httpd/src/modules/proxy/proxy_cache.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/proxy/proxy_cache.c	Thu Feb 13 12:15:13 2003
+++ usr.sbin/httpd/src/modules/proxy/proxy_cache.c	Sun Feb 16 16:05:26 2003
@@ -1524,7 +1524,7 @@
     if (clen == NULL)
         c->len = -1;
     else
-        c->len = atoi(clen);
+        c->len = ap_strtol(clen, NULL, 10);
 
 /* we have all the header information we need - write it to the cache file */
     c->version++;
@@ -1560,6 +1560,21 @@
  */
 
         if (c->hdrs) {
+            /* recall at this point that c->len is already set from resp_hdrs.
+               If Content-Length was NULL, then c->len is -1, otherwise it's
+               set to whatever the value was. */
+            if (c->len == 0 || c->len == -1) {
+                const char *c_clen_str;
+                off_t c_clen;
+                if ( (c_clen_str = ap_table_get(c->hdrs, "Content-Length")) &&
+                   ( (c_clen = ap_strtol(c_clen_str, NULL, 10)) > 0) ) {
+                        ap_table_set(resp_hdrs, "Content-Length", c_clen_str);
+                        c->len = c_clen;
+                        ap_proxy_sec2hex(c->len, buff + 17 * (6));
+                        buff[17 * (7) - 1] = '\n';
+                        buff[17 * (7)] = '\0';
+                }
+            }
             if (!ap_proxy_table_replace(c->hdrs, resp_hdrs)) {
                 c->xcache = ap_pstrcat(r->pool, "HIT from ", ap_get_server_name(r), " (with revalidation)", NULL);
                 return ap_proxy_cache_conditional(r, c, c->fp);
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/proxy/proxy_connect.c usr.sbin/httpd/src/modules/proxy/proxy_connect.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/proxy/proxy_connect.c	Thu Feb 13 12:15:13 2003
+++ usr.sbin/httpd/src/modules/proxy/proxy_connect.c	Sun Feb 16 16:05:26 2003
@@ -113,14 +113,15 @@
                                  const char *proxyhost, int proxyport)
 {
     struct sockaddr_in server;
-    struct in_addr destaddr;
-    struct hostent server_hp;
-    const char *host, *err;
+    struct addrinfo hints, *res, *res0;
+    const char *hoststr;
+    const char *portstr = NULL;
     char *p;
     int port, sock;
     char buffer[HUGE_STRING_LEN];
-    int nbytes, i, j;
+    int nbytes, i;
     fd_set fds;
+    int error;
 
     void *sconf = r->server->module_config;
     proxy_server_conf *conf =
@@ -128,27 +129,60 @@
     struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
 
     memset(&server, '\0', sizeof(server));
+#ifdef HAVE_SOCKADDR_LEN
+    server.sin_len = sizeof(server);
+#endif
     server.sin_family = AF_INET;
 
     /* Break the URL into host:port pairs */
 
-    host = url;
+    hoststr = url;
     p = strchr(url, ':');
-    if (p == NULL)
-        port = DEFAULT_HTTPS_PORT;
-    else {
-        port = atoi(p + 1);
-        *p = '\0';
+    if (p == NULL) {
+	char pbuf[32];
+	ap_snprintf(pbuf, sizeof(pbuf), "%d", DEFAULT_HTTPS_PORT);
+	portstr = pbuf;
+    } else {
+	portstr = p + 1;
+	*p = '\0';
+    }
+    port = atoi(portstr);
+
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = PF_UNSPEC;
+    hints.ai_socktype = SOCK_STREAM;
+    hints.ai_protocol = IPPROTO_TCP;
+    error = getaddrinfo(hoststr, portstr, &hints, &res0);
+    if (error && proxyhost == NULL) {
+	return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
+		    gai_strerror(error));       /* give up */
     }
 
 /* check if ProxyBlock directive on this host */
-    destaddr.s_addr = ap_inet_addr(host);
     for (i = 0; i < conf->noproxies->nelts; i++) {
-        if ((npent[i].name != NULL && strstr(host, npent[i].name) != NULL)
-            || destaddr.s_addr == npent[i].addr.s_addr
-            || npent[i].name[0] == '*')
-            return ap_proxyerror(r, HTTP_FORBIDDEN,
-                                 "Connect to remote machine blocked");
+	int fail;
+	struct sockaddr_in *sin;
+
+	fail = 0;
+	if (npent[i].name != NULL && strstr(hoststr, npent[i].name))
+	    fail++;
+	if (npent[i].name != NULL && strcmp(npent[i].name, "*") == 0)
+	    fail++;
+	for (res = res0; res; res = res->ai_next) {
+	    switch (res->ai_family) {
+	    case AF_INET:
+		sin = (struct sockaddr_in *)res->ai_addr;
+		if (sin->sin_addr.s_addr == npent[i].addr.s_addr)
+		    fail++;
+		break;
+	    }
+	}
+	if (fail) {
+	    if (res0 != NULL)
+		freeaddrinfo(res0);
+	    return ap_proxyerror(r, HTTP_FORBIDDEN,
+				 "Connect to remote machine blocked");
+	}
     }
 
     /* Check if it is an allowed port */
@@ -159,56 +193,62 @@
         case DEFAULT_SNEWS_PORT:
             break;
         default:
+            if (res0 != NULL)
+                freeaddrinfo(res0);
             return HTTP_FORBIDDEN;
         }
     }
-    else if (!allowed_port(conf, port))
+    else if(!allowed_port(conf, port)) {
+        if (res0 == NULL)
+                freeaddrinfo(res0);
         return HTTP_FORBIDDEN;
+    }
 
     if (proxyhost) {
+	char pbuf[10];
+
+	if (res0 != NULL)
+		freeaddrinfo(res0);
+	ap_snprintf(pbuf, sizeof(pbuf), "%d", proxyport);
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = PF_UNSPEC;
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_protocol = IPPROTO_TCP;
+	error = getaddrinfo(proxyhost, pbuf, &hints, &res0);
+	if (error)
+		return HTTP_INTERNAL_SERVER_ERROR;  /* XXX */
+
         ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
              "CONNECT to remote proxy %s on port %d", proxyhost, proxyport);
     }
     else {
         ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                     "CONNECT to %s on port %d", host, port);
+                     "CONNECT to %s on port %d", hoststr, port);
     }
 
-    /* Nasty cast to work around broken terniary expressions on MSVC */
-    server.sin_port = htons((unsigned short)(proxyport ? proxyport : port));
-    err = ap_proxy_host2addr(proxyhost ? proxyhost : host, &server_hp);
-
-    if (err != NULL)
-        return ap_proxyerror(r,
-            proxyhost ? HTTP_BAD_GATEWAY : HTTP_INTERNAL_SERVER_ERROR, err);
-
-    sock = ap_psocket(r->pool, PF_INET, SOCK_STREAM, IPPROTO_TCP);
-    if (sock == -1) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r, "proxy: error creating socket");
-        return HTTP_INTERNAL_SERVER_ERROR;
-    }
+    sock = i = -1;
+    for (res = res0; res; res = res->ai_next) {
+	sock = ap_psocket(r->pool, res->ai_family, res->ai_socktype, res->ai_protocol);
+	if (sock == -1)
+	    continue;
 
 #ifdef CHECK_FD_SETSIZE
-    if (sock >= FD_SETSIZE) {
-        ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_WARNING, NULL,
-                     "proxy_connect_handler: filedescriptor (%u) "
-                     "larger than FD_SETSIZE (%u) "
-                     "found, you probably need to rebuild Apache with a "
-                     "larger FD_SETSIZE", sock, FD_SETSIZE);
-        ap_pclosesocket(r->pool, sock);
-        return HTTP_INTERNAL_SERVER_ERROR;
-    }
+        if (sock >= FD_SETSIZE) {
+            ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_WARNING, NULL,
+                         "proxy_connect_handler: filedescriptor (%u) "
+                         "larger than FD_SETSIZE (%u) "
+                         "found, you probably need to rebuild Apache with a "
+                         "larger FD_SETSIZE", sock, FD_SETSIZE);
+            ap_pclosesocket(r->pool, sock);
+            return HTTP_INTERNAL_SERVER_ERROR;
+        }
 #endif
 
-    j = 0;
-    while (server_hp.h_addr_list[j] != NULL) {
-        memcpy(&server.sin_addr, server_hp.h_addr_list[j],
-               sizeof(struct in_addr));
-        i = ap_proxy_doconnect(sock, &server, r);
-        if (i == 0)
-            break;
-        j++;
+	i = ap_proxy_doconnect(sock, res->ai_addr, r);
+	if (i == 0)
+	    break;
     }
+    freeaddrinfo(res0);
     if (i == -1) {
         ap_pclosesocket(r->pool, sock);
         return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, ap_pstrcat(r->pool,
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/proxy/proxy_ftp.c usr.sbin/httpd/src/modules/proxy/proxy_ftp.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/proxy/proxy_ftp.c	Thu Feb 13 12:15:13 2003
+++ usr.sbin/httpd/src/modules/proxy/proxy_ftp.c	Sun Feb 16 16:05:26 2003
@@ -62,6 +62,7 @@
 #include "http_main.h"
 #include "http_log.h"
 #include "http_core.h"
+#include "sa_len.h"
 
 #define AUTODETECT_PWD
 
@@ -555,8 +556,10 @@
     const char *err;
     int port, i, j, len, rc, nocache = 0;
     int csd = 0, sock = -1, dsock = -1;
-    struct sockaddr_in server;
-    struct hostent server_hp;
+    struct sockaddr_storage server;
+    struct addrinfo hints, *res, *res0;
+    char portbuf[10];
+    int error;
     struct in_addr destaddr;
     table *resp_hdrs;
     BUFF *ctrl = NULL;
@@ -577,11 +580,18 @@
     unsigned int presult, h0, h1, h2, h3, p0, p1;
     unsigned int paddr;
     unsigned short pport;
-    struct sockaddr_in data_addr;
+    struct sockaddr_storage data_addr;
+    struct sockaddr_in *sin;
     int pasvmode = 0;
     char pasv[64];
     char *pstr;
 
+/* stuff for LPSV/EPSV */
+    unsigned int paf, holen, ho[16], polen, po[2];
+    struct sockaddr_in6 *sin6;
+    int lpsvmode = 0;
+    char *cmd;
+
 /* stuff for responses */
     char resp[MAX_STRING_LEN];
     char *size = NULL;
@@ -658,19 +668,22 @@
     if (parms != NULL)
         *(parms++) = '\0';
 
-    memset(&server, 0, sizeof(struct sockaddr_in));
-    server.sin_family = AF_INET;
-    server.sin_port = htons((unsigned short)port);
-    err = ap_proxy_host2addr(host, &server_hp);
-    if (err != NULL)
-        return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, err);
-
-    sock = ap_psocket(p, PF_INET, SOCK_STREAM, IPPROTO_TCP);
-    if (sock == -1) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                      "proxy: error creating socket");
-        return HTTP_INTERNAL_SERVER_ERROR;
-    }
+    ap_snprintf(portbuf, sizeof(portbuf), "%d", port);
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = PF_UNSPEC;
+    hints.ai_socktype = SOCK_STREAM;
+    error = getaddrinfo(host, portbuf, &hints, &res0);
+    if (error) {
+       return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
+           gai_strerror(error));
+    }
+
+    i = -1;
+    for (res = res0; res; res = res->ai_next) {
+       sock = ap_psocket(p, res->ai_family, res->ai_socktype,
+           res->ai_protocol);
+       if (sock == -1)
+           continue;
 
 #if !defined(TPF) && !defined(BEOS)
     if (conf->recv_buffer_size > 0
@@ -688,32 +701,19 @@
         ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
          "proxy: error setting reuseaddr option: setsockopt(SO_REUSEADDR)");
         ap_pclosesocket(p, sock);
+            freeaddrinfo(res0);
         return HTTP_INTERNAL_SERVER_ERROR;
 #endif                          /* _OSD_POSIX */
     }
 
-#ifdef SINIX_D_RESOLVER_BUG
-    {
-        struct in_addr *ip_addr = (struct in_addr *)*server_hp.h_addr_list;
-
-        for (; ip_addr->s_addr != 0; ++ip_addr) {
-            memcpy(&server.sin_addr, ip_addr, sizeof(struct in_addr));
-            i = ap_proxy_doconnect(sock, &server, r);
-            if (i == 0)
-                break;
-        }
-    }
-#else
-    j = 0;
-    while (server_hp.h_addr_list[j] != NULL) {
-        memcpy(&server.sin_addr, server_hp.h_addr_list[j],
-               sizeof(struct in_addr));
-        i = ap_proxy_doconnect(sock, &server, r);
-        if (i == 0)
+        i = ap_proxy_doconnect(sock, res->ai_addr, r);
+        if (i == 0){
+            memcpy(&server, res->ai_addr, res->ai_addrlen);
             break;
-        j++;
+        }
+        ap_pclosesocket(p, sock);
     }
-#endif
+    freeaddrinfo(res0);
     if (i == -1) {
         return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
                       ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
@@ -944,7 +944,7 @@
     }
 
 /* try to set up PASV data connection first */
-    dsock = ap_psocket(p, PF_INET, SOCK_STREAM, IPPROTO_TCP);
+    dsock = ap_psocket(p, server.ss_family, SOCK_STREAM, IPPROTO_TCP);
     if (dsock == -1) {
         return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
                                 ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
@@ -961,11 +961,21 @@
     }
 #endif
 
-    ap_bputs("PASV" CRLF, ctrl);
+lpsvagain:
+    if (server.ss_family == AF_INET)
+      cmd = "PASV";
+    else if (lpsvmode)
+      cmd = "LPSV";
+    else
+      cmd = "EPSV";
+    ap_bputs(cmd, ctrl);
+    ap_bputs(CRLF, ctrl);
     ap_bflush(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: PASV command issued");
+    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: passive command issued");
 /* possible results: 227, 421, 500, 501, 502, 530 */
     /* 227 Entering Passive Mode (h1,h2,h3,h4,p1,p2). */
+    /* 228 Entering Long Passive Mode (...). */
+    /* 229 Entering Extended Passive Mode (...). */
     /* 421 Service not available, closing control connection. */
     /* 500 Syntax error, command unrecognized. */
     /* 501 Syntax error in parameters or arguments. */
@@ -976,7 +986,7 @@
     if (i == -1 || i == 421) {
         return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
                                 ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-                               "proxy: PASV: control connection is toast"));
+                               "proxy: passive: control connection is toast"));
     }
     else {
         pasv[i - 1] = '\0';
@@ -1004,10 +1014,14 @@
             pport = (p1 << 8) + p0;
             ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: contacting host %d.%d.%d.%d:%d",
                          h3, h2, h1, h0, pport);
-            data_addr.sin_family = AF_INET;
-            data_addr.sin_addr.s_addr = htonl(paddr);
-            data_addr.sin_port = htons(pport);
-            i = ap_proxy_doconnect(dsock, &data_addr, r);
+            sin = (struct sockaddr_in *)&data_addr;
+            sin->sin_family = AF_INET;
+#ifdef SIN6_LEN
+            sin->sin_len = sizeof(*sin);
+#endif
+            sin->sin_addr.s_addr = htonl(paddr);
+            sin->sin_port = htons(pport);
+            i = ap_proxy_doconnect(dsock, (struct sockaddr *)&data_addr, r);
 
             if (i == -1) {
                 return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
@@ -1017,6 +1031,64 @@
                                                    strerror(errno), NULL)));
             }
             pasvmode = 1;
+	} else if (presult == 228 && pstr != NULL
+		&& sscanf(pstr,
+"%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u",
+		    &paf, &holen, &ho[0], &ho[1], &ho[2], &ho[3],
+		    &ho[4], &ho[5], &ho[6], &ho[7], &ho[8], &ho[9], &ho[10], &ho[11],
+		    &ho[12], &ho[13], &ho[14], &ho[15], &polen, &po[0], &po[1]) == 21
+		&& paf == 6 && holen == 16 && polen == 2) {
+	    int i;
+	    sin6 = (struct sockaddr_in6 *)&data_addr;
+	    sin6->sin6_family = AF_INET6;
+#ifdef SIN6_LEN
+	    sin6->sin6_len = sizeof(*sin6);
+#endif
+	    for (i = 0; i < 16; i++)
+		sin6->sin6_addr.s6_addr[i] = ho[i] & 0xff;
+	    sin6->sin6_port = htons(((po[0] & 0xff) << 8) | (po[1] & 0xff));
+	    i = ap_proxy_doconnect(dsock, (struct sockaddr *)&data_addr, r);
+
+	    if (i == -1) {
+		ap_kill_timeout(r);
+		return ap_proxyerror(r, HTTP_BAD_GATEWAY,
+				     ap_pstrcat(r->pool,
+						"Could not connect to remote machine: ",
+						strerror(errno), NULL));
+	    }
+ 	    pasvmode = 1;
+	} else if (presult == 229 && pstr != NULL
+		&& pstr[0] == pstr[1] && pstr[0] == pstr[2]
+		&& pstr[0] == pstr[strlen(pstr) - 1]) {
+	    /* expect "|||port|" */
+#ifndef SIN6_LEN
+	    memcpy(&data_addr, &server, SA_LEN((struct sockaddr *)&server));
+#else
+	    memcpy(&data_addr, &server, server.ss_len);
+#endif
+	    switch (data_addr.ss_family) {
+	    case AF_INET:
+		sin = (struct sockaddr_in *)&data_addr;
+		sin->sin_port = htons(atoi(pstr + 3));
+		break;
+	    case AF_INET6:
+		sin6 = (struct sockaddr_in6 *)&data_addr;
+		sin6->sin6_port = htons(atoi(pstr + 3));
+		break;
+	    }
+	    i = ap_proxy_doconnect(dsock, (struct sockaddr *)&data_addr, r);
+
+	    if (i == -1) {
+		ap_kill_timeout(r);
+		return ap_proxyerror(r, HTTP_BAD_GATEWAY,
+				     ap_pstrcat(r->pool,
+						"Could not connect to remote machine: ",
+						strerror(errno), NULL));
+	    }
+	    pasvmode = 1;
+	} else if (!lpsvmode && strcmp(cmd, "EPSV") == 0) {
+	    lpsvmode = 1;
+	    goto lpsvagain;
         }
         else {
             ap_pclosesocket(p, dsock);  /* and try the regular way */
@@ -1025,14 +1097,14 @@
     }
 
     if (!pasvmode) {            /* set up data connection */
-        clen = sizeof(struct sockaddr_in);
+	clen = sizeof(server);
         if (getsockname(sock, (struct sockaddr *)&server, &clen) < 0) {
             return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
                                 ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
                                     "proxy: error getting socket address"));
         }
 
-        dsock = ap_psocket(p, PF_INET, SOCK_STREAM, IPPROTO_TCP);
+	dsock = ap_psocket(p, server.ss_family, SOCK_STREAM, IPPROTO_TCP);
         if (dsock == -1) {
             return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
                                 ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
@@ -1048,13 +1120,28 @@
 #endif                          /* _OSD_POSIX */
         }
 
-        if (bind(dsock, (struct sockaddr *)&server,
-                 sizeof(struct sockaddr_in)) == -1) {
+#ifndef SIN6_LEN
+	if (bind(dsock, (struct sockaddr *) &server, SA_LEN((struct sockaddr *)&server)) == -1)
+#else
+	if (bind(dsock, (struct sockaddr *) &server, server.ss_len) == -1)
+#endif
+	{
+	    char hostnamebuf[MAXHOSTNAMELEN], portnamebuf[MAXHOSTNAMELEN];
+
+	    getnameinfo((struct sockaddr *)&server,
+#ifndef SIN6_LEN
+		    SA_LEN((struct sockaddr *)&server),
+#else
+		    server.ss_len,
+#endif
+		hostnamebuf, sizeof(hostnamebuf),
+		portnamebuf, sizeof(portnamebuf),
+		NI_NUMERICHOST | NI_NUMERICSERV);
 
             return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-             ap_psprintf(p, "proxy: error binding to ftp data socket %s:%d",
-                         inet_ntoa(server.sin_addr), server.sin_port)));
+                                ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, 
+             ap_psprintf(p, "proxy: error binding to ftp data socket %s:%s",
+                         hostnamebuf, portnamebuf)));
         }
         listen(dsock, 2);       /* only need a short queue */
     }
@@ -1308,7 +1395,7 @@
 
     if (!pasvmode) {            /* wait for connection */
         ap_hard_timeout("proxy ftp data connect", r);
-        clen = sizeof(struct sockaddr_in);
+        clen = sizeof(server);
         do
             csd = accept(dsock, (struct sockaddr *)&server, &clen);
         while (csd == -1 && errno == EINTR);
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/proxy/proxy_http.c usr.sbin/httpd/src/modules/proxy/proxy_http.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/proxy/proxy_http.c	Thu Feb 13 12:15:13 2003
+++ usr.sbin/httpd/src/modules/proxy/proxy_http.c	Sun Feb 16 16:05:26 2003
@@ -156,9 +156,6 @@
     table *req_hdrs, *resp_hdrs;
     array_header *reqhdrs_arr;
     table_entry *reqhdrs_elts;
-    struct sockaddr_in server;
-    struct in_addr destaddr;
-    struct hostent server_hp;
     BUFF *f;
     char buffer[HUGE_STRING_LEN];
     char portstr[32];
@@ -170,6 +167,8 @@
     const char *datestr, *urlstr;
     int result, major, minor;
     const char *content_length;
+    struct addrinfo hints, *res, *res0;
+    int error;
 #ifdef EAPI
     char *peer;
 #endif
@@ -184,9 +183,6 @@
     if (conf->cache.root == NULL)
         nocache = 1;
 
-    memset(&server, '\0', sizeof(server));
-    server.sin_family = AF_INET;
-
     /* We break the URL into host, port, path-search */
 
     urlptr = strstr(url, "://");
@@ -194,6 +190,8 @@
         return HTTP_BAD_REQUEST;
     urlptr += 3;
     destport = DEFAULT_HTTP_PORT;
+    ap_snprintf(portstr, sizeof(portstr), "%d", DEFAULT_HTTP_PORT);
+    destportstr = portstr;
 #ifdef EAPI
     ap_hook_use("ap::mod_proxy::http::handler::set_destport", 
                 AP_HOOK_SIG2(int,ptr), 
@@ -213,7 +211,25 @@
         desthost = q;
     }
 
-    strp2 = strchr(desthost, ':');
+    if (*desthost == '['){
+	char *u = strrchr(desthost+1, ']');
+	if (u){
+	    desthost++;
+	    *u = '\0';
+	    if (*(u+1) == ':'){		/* [host]:xx */
+		strp2 = u+1;
+	    }
+	    else if (*(u+1) == '\0'){	/* [host] */
+		strp2 = NULL;
+	    }
+	    else
+		return HTTP_BAD_REQUEST;
+	}
+	else
+	    return HTTP_BAD_REQUEST;
+    }
+    else
+	strp2 = strrchr(desthost, ':');
     if (strp2 != NULL) {
         *(strp2++) = '\0';
         if (ap_isdigit(*strp2)) {
@@ -222,80 +238,91 @@
         }
     }
 
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = PF_UNSPEC;
+    hints.ai_socktype = SOCK_STREAM;
+    hints.ai_protocol = IPPROTO_TCP;
+    error = getaddrinfo(desthost, destportstr, &hints, &res0);
+    if (error && proxyhost == NULL) {
+	return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
+		    gai_strerror(error));	/* give up */
+    }
+
     /* check if ProxyBlock directive on this host */
-    destaddr.s_addr = ap_inet_addr(desthost);
     for (i = 0; i < conf->noproxies->nelts; i++) {
-        if (destaddr.s_addr == npent[i].addr.s_addr ||
-            (npent[i].name != NULL &&
-             (npent[i].name[0] == '*' || strstr(desthost, npent[i].name) != NULL)))
+	int fail;
+	struct sockaddr_in *sin;
+
+	fail = 0;
+	if (npent[i].name != NULL && strstr(desthost, npent[i].name))
+	    fail++;
+	if (npent[i].name != NULL && strcmp(npent[i].name, "*") == 0)
+	    fail++;
+	for (res = res0; res; res = res->ai_next) {
+	    switch (res->ai_family) {
+	    case AF_INET:
+		sin = (struct sockaddr_in *)res->ai_addr;
+		if (sin->sin_addr.s_addr == npent[i].addr.s_addr)
+		    fail++;
+		break;
+	    }
+	}
+	if (fail) {
+	    if (res0 != NULL)
+		freeaddrinfo(res0);
             return ap_proxyerror(r, HTTP_FORBIDDEN,
                                  "Connect to remote machine blocked");
+	}
     }
 
     if (proxyhost != NULL) {
-        server.sin_port = htons((unsigned short)proxyport);
-        err = ap_proxy_host2addr(proxyhost, &server_hp);
-        if (err != NULL)
+	char pbuf[10];
+
+	if (res0 != NULL)
+	    freeaddrinfo(res0);
+
+	ap_snprintf(pbuf, sizeof(pbuf), "%d", proxyport);
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = PF_UNSPEC;
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_protocol = IPPROTO_TCP;
+	error = getaddrinfo(proxyhost, pbuf, &hints, &res0);
+	if (error)
             return DECLINED;    /* try another */
 #ifdef EAPI
 	peer = ap_psprintf(p, "%s:%u", proxyhost, proxyport);  
 #endif
     }
-    else {
-        server.sin_port = htons((unsigned short)destport);
-        err = ap_proxy_host2addr(desthost, &server_hp);
-        if (err != NULL)
-            return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, err);
-#ifdef EAPI
-	peer =  ap_psprintf(p, "%s:%u", desthost, destport);  
-#endif
-    }
 
 
     /*
      * we have worked out who exactly we are going to connect to, now make
      * that connection...
      */
-    sock = ap_psocket(p, PF_INET, SOCK_STREAM, IPPROTO_TCP);
-    if (sock == -1) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                      "proxy: error creating socket");
-        return HTTP_INTERNAL_SERVER_ERROR;
-    }
+    sock = i = -1;
+    for (res = res0; res; res = res->ai_next) {
+	sock = ap_psocket(p, res->ai_family, res->ai_socktype,
+	    res->ai_protocol);
+	if (sock < 0)
+	    continue;
 
 #if !defined(TPF) && !defined(BEOS)
-    if (conf->recv_buffer_size) {
-        if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-                       (const char *)&conf->recv_buffer_size, sizeof(int))
-            == -1) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                          "setsockopt(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
+        if (conf->recv_buffer_size) {
+            if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF,
+                           (const char *)&conf->recv_buffer_size, sizeof(int))
+                == -1) {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
+                              "setsockopt(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
+            }
         }
-    }
 #endif
 
-#ifdef SINIX_D_RESOLVER_BUG
-    {
-        struct in_addr *ip_addr = (struct in_addr *)*server_hp.h_addr_list;
-
-        for (; ip_addr->s_addr != 0; ++ip_addr) {
-            memcpy(&server.sin_addr, ip_addr, sizeof(struct in_addr));
-            i = ap_proxy_doconnect(sock, &server, r);
-            if (i == 0)
-                break;
-        }
-    }
-#else
-    j = 0;
-    while (server_hp.h_addr_list[j] != NULL) {
-        memcpy(&server.sin_addr, server_hp.h_addr_list[j],
-               sizeof(struct in_addr));
-        i = ap_proxy_doconnect(sock, &server, r);
+	i = ap_proxy_doconnect(sock, res->ai_addr, r);
         if (i == 0)
             break;
-        j++;
+	ap_pclosesocket(p, sock);
     }
-#endif
+    freeaddrinfo(res0);
     if (i == -1) {
         if (proxyhost != NULL)
             return DECLINED;    /* try again another way */
@@ -563,8 +590,6 @@
             c->len = ap_strtol(content_length, NULL, 10);
         }
 
-        /* Now add out bound headers set by other modules */
-        resp_hdrs = ap_overlay_tables(r->pool, r->err_headers_out, resp_hdrs);
     }
     else {
         /* an http/0.9 response */
@@ -599,31 +624,44 @@
         ap_table_set(resp_hdrs, "Content-Location", proxy_location_reverse_map(r, urlstr));
 
 /* check if NoCache directive on this host */
+  {
+    struct sockaddr_in *sin;
+#ifdef INET6
+    struct sockaddr_in6 *sin6;
+#endif
+
     if (nocache == 0) {
         for (i = 0; i < conf->nocaches->nelts; i++) {
-            if (destaddr.s_addr == ncent[i].addr.s_addr ||
-                (ncent[i].name != NULL &&
-                 (ncent[i].name[0] == '*' ||
-                  strstr(desthost, ncent[i].name) != NULL))) {
-                nocache = 1;
-                break;
-            }
-        }
-
-        /*
-         * update the cache file, possibly even fulfilling the request if it
-         * turns out a conditional allowed us to serve the object from the
-         * cache...
-         */
-        i = ap_proxy_cache_update(c, resp_hdrs, !backasswards, nocache);
-        if (i != DECLINED) {
-            ap_bclose(f);
-            return i;
-        }
+	    if (ncent[i].name != NULL && 
+                  (ncent[i].name[0] == '*' ||
+		 strstr(desthost, ncent[i].name) != NULL)) {
+		nocache = 1;
+		break;
+	    }
+	    switch (res->ai_addr->sa_family) {
+	    case AF_INET:
+		sin = (struct sockaddr_in *)res->ai_addr;
+		if (sin->sin_addr.s_addr == ncent[i].addr.s_addr) {
+		    nocache = 1;
+		    break;
+		}
+	    }
+	}
+
+	/* update the cache file, possibly even fulfilling the request if
+	 * it turns out a conditional allowed us to serve the object from the
+	 * cache...
+	 */
+	i = ap_proxy_cache_update(c, resp_hdrs, !backasswards, nocache);
+	if (i != DECLINED) {
+	    ap_bclose(f);
+	    return i;
+	}
 
         /* write status line and headers to the cache file */
         ap_proxy_write_headers(c, ap_pstrcat(p, "HTTP/1.1 ", r->status_line, NULL), resp_hdrs);
     }
+  }
 
     /* Setup the headers for our client from upstreams response-headers */
     ap_proxy_table_replace(r->headers_out, resp_hdrs);
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/proxy/proxy_util.c usr.sbin/httpd/src/modules/proxy/proxy_util.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/proxy/proxy_util.c	Thu Feb 13 12:15:13 2003
+++ usr.sbin/httpd/src/modules/proxy/proxy_util.c	Sun Feb 16 16:05:26 2003
@@ -64,6 +64,7 @@
 #include "http_log.h"
 #include "util_uri.h"
 #include "util_date.h"          /* get ap_checkmask() decl. */
+#include "sa_len.h"
 
 static int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r);
 static int proxy_match_domainname(struct dirconn_entry *This, request_rec *r);
@@ -219,6 +220,7 @@
     int i;
     char *strp, *host, *url = *urlp;
     char *user = NULL, *password = NULL;
+    char *t = NULL, *u = NULL, *v = NULL;
 
     if (url[0] != '/' || url[1] != '/')
         return "Malformed URL";
@@ -257,40 +259,63 @@
         *passwordp = password;
     }
 
-    strp = strrchr(host, ':');
-    if (strp != NULL) {
-        *(strp++) = '\0';
-
-        for (i = 0; strp[i] != '\0'; i++)
-            if (!ap_isdigit(strp[i]))
-                break;
-
-        /* if (i == 0) the no port was given; keep default */
-        if (strp[i] != '\0') {
-            return "Bad port number in URL";
-        }
+    v = host;
+    if (*host == '['){
+	u = strrchr(host, ']');
+	if (u){
+	    host++;
+	    *u = '\0';
+	    v = u + 1;
+	}
+    }
+    t = strrchr(v, ':');
+    if (t){
+	*t = '\0';
+	strp = t + 1;
+    }
+    if (strp){
+	for (i=0; strp[i] != '\0'; i++)
+	    if (!ap_isdigit(strp[i]))
+		break;
+
+	/* if (i == 0) the no port was given; keep default */
+	if (strp[i] != '\0') {
+	    return "Bad port number in URL";
+	}
         else if (i > 0) {
-            *port = atoi(strp);
-            if (*port > 65535)
-                return "Port number in URL > 65535";
-        }
+	    *port = atoi(strp);
+	    if (*port > 65535)
+		return "Port number in URL > 65535";
+	}
     }
     ap_str_tolower(host);       /* DNS names are case-insensitive */
     if (*host == '\0')
         return "Missing host in URL";
 /* check hostname syntax */
     for (i = 0; host[i] != '\0'; i++)
-        if (!ap_isdigit(host[i]) && host[i] != '.')
-            break;
+	if (!ap_isxdigit(host[i]) && host[i] != '.' && host[i] != ':')
+	    break;
     /* must be an IP address */
 #if defined(WIN32) || defined(NETWARE) || defined(TPF) || defined(BEOS)
     if (host[i] == '\0' && (inet_addr(host) == -1))
+	return "Bad IP address in URL";
 #else
-    if (host[i] == '\0' && (ap_inet_addr(host) == -1 || inet_network(host) == -1))
+    if (host[i] == '\0') {
+	struct addrinfo hints, *res0;
+	int gai;
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = PF_UNSPEC;
+	hints.ai_flags = AI_NUMERICHOST;
+	if (gai = getaddrinfo(host, NULL, &hints, &res0)) {
+#if 0
+	    return gai_strerror(gai);
+#else
+	    return "Bad IP address in URL";
 #endif
-    {
-        return "Bad IP address in URL";
+	}
+	freeaddrinfo(res0);
     }
+#endif
 
 /*    if (strchr(host,'.') == NULL && domain != NULL)
    host = pstrcat(p, host, domain, NULL);
@@ -1359,22 +1384,45 @@
     return host != NULL && strstr(host, This->name) != NULL;
 }
 
-int ap_proxy_doconnect(int sock, struct sockaddr_in *addr, request_rec *r)
+int ap_proxy_doconnect(int sock, struct sockaddr *addr, request_rec *r)
 {
     int i;
+    int salen;
+    char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
+#ifdef NI_WITHSCOPEID
+    const int niflags = NI_NUMERICHOST | NI_NUMERICSERV | NI_WITHSCOPEID;
+#else
+    const int niflags = NI_NUMERICHOST | NI_NUMERICSERV;
+#endif
 
     ap_hard_timeout("proxy connect", r);
+#ifdef HAVE_SOCKADDR_LEN
+    salen = addr->sa_len;
+#else
+    switch (addr->sa_family) {
+    case AF_INET6:
+	salen = sizeof(struct sockaddr_in6);
+	break;
+    default:
+	salen = sizeof(struct sockaddr_in);
+	break;
+    }
+#endif
     do {
-        i = connect(sock, (struct sockaddr *)addr, sizeof(struct sockaddr_in));
+	i = connect(sock,  addr, salen);
 #if defined(WIN32) || defined(NETWARE)
         if (i == SOCKET_ERROR)
             errno = WSAGetLastError();
 #endif                          /* WIN32 */
     } while (i == -1 && errno == EINTR);
     if (i == -1) {
+	if (getnameinfo(addr, salen, hbuf, sizeof(hbuf), pbuf, sizeof(pbuf),
+		niflags) != 0) {
+	    strcpy(hbuf, "?");
+	    strcpy(pbuf, "?");
+	}
         ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                      "proxy connect to %s port %d failed",
-                      inet_ntoa(addr->sin_addr), ntohs(addr->sin_port));
+                      "proxy connect to %s port %s failed", hbuf, pbuf);
     }
     ap_kill_timeout(r);
 
@@ -1607,6 +1655,12 @@
         }
         *backasswards = 0;
 
+        /* there need not be a reason phrase in the response,
+	 * and ap_getline() already deleted trailing whitespace.
+	 * But RFC2616 requires a SP after the Status-Code. Add one:
+	 */
+	if (strlen(buffer) < sizeof("HTTP/1.x 200 ")-1)
+	  buffer = ap_pstrcat(r->pool, buffer, " ", NULL);
         buffer[12] = '\0';
         r->status = atoi(&buffer[9]);
         buffer[12] = ' ';
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/libssl.module usr.sbin/httpd/src/modules/ssl/libssl.module
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/libssl.module	Thu Feb 13 12:15:12 2003
+++ usr.sbin/httpd/src/modules/ssl/libssl.module	Sun Feb 16 16:05:26 2003
@@ -331,6 +331,11 @@
                 SSL_BINDIR='$(SSL_BASE)/bin'
                 break;
             fi
+            if [ -f "$SSL_BASE/sbin/$name" ]; then
+                SSL_PROGRAM="$SSL_BASE/sbin/$name"
+                SSL_BINDIR='$(SSL_BASE)/sbin'
+                break;
+            fi
             if [ -f "$SSL_BASE/apps/$name" ]; then
                 SSL_PROGRAM="$SSL_BASE/apps/$name"
                 SSL_BINDIR='$(SSL_BASE)/apps'
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/libssl.version usr.sbin/httpd/src/modules/ssl/libssl.version
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/libssl.version	Thu Feb 13 12:15:13 2003
+++ usr.sbin/httpd/src/modules/ssl/libssl.version	Sun Feb 16 16:05:26 2003
@@ -1 +1 @@
-mod_ssl/2.8.10-1.3.26
+mod_ssl/2.8.12-1.3.27
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c	Thu Feb 13 12:15:13 2003
+++ usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c	Sun Feb 16 16:05:26 2003
@@ -756,7 +756,7 @@
                 return "SSLSessionCache: Invalid argument: no closing parenthesis";
             *cp2 = NUL;
             mc->nSessionCacheDataSize = atoi(cp);
-            if (mc->nSessionCacheDataSize <= 8192)
+            if (mc->nSessionCacheDataSize < 8192)
                 return "SSLSessionCache: Invalid argument: size has to be >= 8192 bytes";
             maxsize = ap_mm_core_maxsegsize();
             if (mc->nSessionCacheDataSize >= maxsize)
@@ -778,7 +778,7 @@
                 return "SSLSessionCache: Invalid argument: no closing parenthesis";
             *cp2 = NUL;
             mc->nSessionCacheDataSize = atoi(cp);
-            if (mc->nSessionCacheDataSize <= 8192)
+            if (mc->nSessionCacheDataSize < 8192)
                 return "SSLSessionCache: Invalid argument: size has to be >= 8192 bytes";
             maxsize = ap_mm_core_maxsegsize();
             if (mc->nSessionCacheDataSize >= maxsize)
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c	Thu Feb 13 12:15:13 2003
+++ usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c	Sun Feb 16 16:05:26 2003
@@ -239,11 +239,17 @@
 #ifdef SHARED_MODULE
     ssl_log(s, SSL_LOG_INFO, "Init: %snitializing %s library",
             mc->nInitCount == 1 ? "I" : "Rei", SSL_LIBRARY_NAME);
+#ifdef SSL_EXPERIMENTAL_ENGINE
+    ssl_init_Engine(s, p);
+#endif
     ssl_init_SSLLibrary();
 #else
     if (mc->nInitCount <= 2) {
         ssl_log(s, SSL_LOG_INFO, "Init: %snitializing %s library",
                 mc->nInitCount == 1 ? "I" : "Rei", SSL_LIBRARY_NAME);
+#ifdef SSL_EXPERIMENTAL_ENGINE
+        ssl_init_Engine(s, p);
+#endif
         ssl_init_SSLLibrary();
     }
 #endif
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/ssl_engine_io.c usr.sbin/httpd/src/modules/ssl/ssl_engine_io.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/ssl_engine_io.c	Thu Feb 13 12:15:13 2003
+++ usr.sbin/httpd/src/modules/ssl/ssl_engine_io.c	Sun Feb 16 16:05:26 2003
@@ -488,10 +488,10 @@
     struct timeval tv;
     int err = WSAEWOULDBLOCK;
     int rv;
-    int retry;
     int sock = fb->fd;
-    SSL *ssl;
     int retry;
+    SSL *ssl;
+
 
     ssl = ap_ctx_get(fb->ctx, "ssl");
 
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c	Thu Feb 13 12:15:13 2003
+++ usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c	Sun Feb 16 16:05:26 2003
@@ -1583,6 +1583,7 @@
     int i, n, rc;
     char *cp;
     char *cp2;
+    ASN1_TIME *t;
 
     /*
      * Unless a revocation store for CRLs was created we
@@ -1672,14 +1673,13 @@
         /*
          * Check date of CRL to make sure it's not expired
          */
-        i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
-        if (i == 0) {
+        if ((t = X509_CRL_get_nextUpdate(crl)) == NULL) {
             ssl_log(s, SSL_LOG_WARN, "Found CRL has invalid nextUpdate field");
             X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
             X509_OBJECT_free_contents(&obj);
             return FALSE;
         }
-        if (i < 0) {
+        if (X509_cmp_current_time(t) < 0) {
             ssl_log(s, SSL_LOG_WARN,
                     "Found CRL is expired - "
                     "revoking all certificates until you get updated CRL");
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/ssl_engine_rand.c usr.sbin/httpd/src/modules/ssl/ssl_engine_rand.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/ssl_engine_rand.c	Thu Feb 13 12:15:13 2003
+++ usr.sbin/httpd/src/modules/ssl/ssl_engine_rand.c	Sun Feb 16 16:05:26 2003
@@ -126,7 +126,11 @@
                  * seed in contents provided by the external
                  * Entropy Gathering Daemon (EGD)
                  */
+#if SSL_LIBRARY_VERSION >= 0x00906000
+                if ((n = RAND_egd_bytes(pRandSeed->cpPath, pRandSeed->nBytes)) == -1)
+#else
                 if ((n = RAND_egd(pRandSeed->cpPath)) == -1)
+#endif
                     continue;
                 nDone += n;
             }
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/ssl_engine_vars.c usr.sbin/httpd/src/modules/ssl/ssl_engine_vars.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/ssl/ssl_engine_vars.c	Thu Feb 13 12:15:13 2003
+++ usr.sbin/httpd/src/modules/ssl/ssl_engine_vars.c	Sun Feb 16 16:05:26 2003
@@ -308,7 +308,7 @@
     }
     else if (ssl != NULL && strlen(var) > 18 && strcEQn(var, "CLIENT_CERT_CHAIN_", 18)) {
         sk = SSL_get_peer_cert_chain(ssl);
-        result = ssl_var_lookup_ssl_cert_chain(p, sk, var+17);
+        result = ssl_var_lookup_ssl_cert_chain(p, sk, var+18);
     }
     else if (ssl != NULL && strcEQ(var, "CLIENT_VERIFY")) {
         result = ssl_var_lookup_ssl_cert_verify(p, c);
@@ -390,10 +390,6 @@
         result = ap_pstrdup(p, result);
     return result;
 }
-
-#ifndef NID_uniqueIdentifier
-#define NID_uniqueIdentifier             102
-#endif
 
 static const struct {
     char *name;
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/standard/mod_access.c usr.sbin/httpd/src/modules/standard/mod_access.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/standard/mod_access.c	Thu Feb 13 12:15:12 2003
+++ usr.sbin/httpd/src/modules/standard/mod_access.c	Sun Feb 16 16:05:25 2003
@@ -74,7 +74,10 @@
     T_ALL,
     T_IP,
     T_HOST,
-    T_FAIL
+    T_FAIL,
+#ifdef INET6
+    T_IP6,
+#endif
 };
 
 typedef struct {
@@ -82,9 +85,15 @@
     union {
 	char *from;
 	struct {
-	    unsigned long net;
-	    unsigned long mask;
+	    struct in_addr net;
+	    struct in_addr mask;
 	} ip;
+#ifdef INET6
+	struct {
+	    struct in6_addr net6;
+	    struct in6_addr mask6;
+	} ip6;
+#endif
     } x;
     enum allowdeny_type type;
 } allowdeny;
@@ -167,90 +176,230 @@
 
     }
     else if ((s = strchr(where, '/'))) {
-	unsigned long mask;
+	struct addrinfo hints, *resnet, *resmask;
+	struct sockaddr_storage net, mask;
+	int error;
+	char *p;
+	int justdigits;
 
-	a->type = T_IP;
+	a->type = T_FAIL;	/*just in case*/
 	/* trample on where, we won't be using it any more */
 	*s++ = '\0';
 
-	if (!is_ip(where)
-	    || (a->x.ip.net = ap_inet_addr(where)) == INADDR_NONE) {
+	justdigits = 0;
+	for (p = s; *p; p++) {
+	    if (!isdigit(*p))
+		break;
+	}
+	if (!*p)
+	    justdigits++;
+
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = PF_UNSPEC;
+	hints.ai_socktype = SOCK_STREAM;	/*dummy*/
+#ifdef AI_NUMERICHOST
+	hints.ai_flags = AI_NUMERICHOST;	/*don't resolve*/
+#endif
+	resnet = NULL;
+	error = getaddrinfo(where, NULL, &hints, &resnet);
+	if (error || !resnet) {
+	    if (resnet)
+		freeaddrinfo(resnet);
 	    a->type = T_FAIL;
 	    return "syntax error in network portion of network/netmask";
 	}
+	if (resnet->ai_next) {
+	    freeaddrinfo(resnet);
+	    a->type = T_FAIL;
+	    return "network/netmask resolved to multiple addresses";
+	}
+	memcpy(&net, resnet->ai_addr, resnet->ai_addrlen);
+	freeaddrinfo(resnet);
 
-	/* is_ip just tests if it matches [\d.]+ */
-	if (!is_ip(s)) {
+	switch (net.ss_family) {
+	case AF_INET:
+	    a->type = T_IP;
+	    a->x.ip.net.s_addr = ((struct sockaddr_in *)&net)->sin_addr.s_addr;
+	    break;
+#ifdef INET6
+	case AF_INET6:
+	    a->type = T_IP6;
+	    memcpy(&a->x.ip6.net6, &((struct sockaddr_in6 *)&net)->sin6_addr,
+		sizeof(a->x.ip6.net6));
+	    break;
+#endif
+	default:
 	    a->type = T_FAIL;
-	    return "syntax error in mask portion of network/netmask";
+	    return "unknown address family for network";
 	}
-	/* is it in /a.b.c.d form? */
-	if (strchr(s, '.')) {
-	    mask = ap_inet_addr(s);
-	    if (mask == INADDR_NONE) {
+
+	if (!justdigits) {
+	    memset(&hints, 0, sizeof(hints));
+	    hints.ai_family = PF_UNSPEC;
+	    hints.ai_socktype = SOCK_STREAM;	/*dummy*/ 
+#ifdef AI_NUMERICHOST
+	    hints.ai_flags = AI_NUMERICHOST;	/*don't resolve*/
+#endif
+	    resmask = NULL;
+	    error = getaddrinfo(s, NULL, &hints, &resmask);
+	    if (error || !resmask) {
+		if (resmask)
+		    freeaddrinfo(resmask);
 		a->type = T_FAIL;
 		return "syntax error in mask portion of network/netmask";
 	    }
-	}
-	else {
-	    /* assume it's in /nnn form */
-	    mask = atoi(s);
-	    if (mask > 32 || mask <= 0) {
-		a->type = T_FAIL;
-		return "invalid mask in network/netmask";
-	    }
-	    mask = 0xFFFFFFFFUL << (32 - mask);
-	    mask = htonl(mask);
-	}
-	a->x.ip.mask = mask;
-        a->x.ip.net  = (a->x.ip.net & mask);   /* pjr - This fixes PR 4770 */
-    }
-    else if (ap_isdigit(*where) && is_ip(where)) {
-	/* legacy syntax for ip addrs: a.b.c. ==> a.b.c.0/24 for example */
-	int shift;
-	char *t;
-	int octet;
-
-	a->type = T_IP;
-	/* parse components */
-	s = where;
-	a->x.ip.net = 0;
-	a->x.ip.mask = 0;
-	shift = 24;
-	while (*s) {
-	    t = s;
-	    if (!ap_isdigit(*t)) {
+	    if (resmask->ai_next) {
+		freeaddrinfo(resmask);
 		a->type = T_FAIL;
-		return "invalid ip address";
+		return "network/netmask resolved to multiple addresses";
 	    }
-	    while (ap_isdigit(*t)) {
-		++t;
-	    }
-	    if (*t == '.') {
-		*t++ = 0;
-	    }
-	    else if (*t) {
+	    memcpy(&mask, resmask->ai_addr, resmask->ai_addrlen);
+	    freeaddrinfo(resmask);
+
+	    if (net.ss_family != mask.ss_family) {
 		a->type = T_FAIL;
-		return "invalid ip address";
+		return "network/netmask resolved to different address family";
 	    }
-	    if (shift < 0) {
-		return "invalid ip address, only 4 octets allowed";
+
+	    switch (a->type) {
+	    case T_IP:
+		a->x.ip.mask.s_addr =
+		    ((struct sockaddr_in *)&mask)->sin_addr.s_addr;
+		break;
+#ifdef INET6
+	    case T_IP6:
+		memcpy(&a->x.ip6.mask6,
+		    &((struct sockaddr_in6 *)&mask)->sin6_addr,
+		    sizeof(a->x.ip6.mask6));
+		break;
+#endif
 	    }
-	    octet = atoi(s);
-	    if (octet < 0 || octet > 255) {
-		a->type = T_FAIL;
-		return "each octet must be between 0 and 255 inclusive";
+	} else {
+	    int mask;
+	    mask = atoi(s);
+	    switch (a->type) {
+	    case T_IP:
+		if (mask < 0 || 32 < mask) {
+		    a->type = T_FAIL;
+		    return "netmask out of range";
+		}
+		a->x.ip.mask.s_addr = htonl(0xFFFFFFFFUL << (32 - mask));
+		break;
+#ifdef INET6
+	    case T_IP6:
+	      {
+		int i;
+		if (mask < 0 || 128 < mask) {
+		    a->type = T_FAIL;
+		    return "netmask out of range";
+		}
+		for (i = 0; i < mask / 8; i++) {
+		    a->x.ip6.mask6.s6_addr[i] = 0xff;
+		}
+		if (mask % 8)
+		    a->x.ip6.mask6.s6_addr[i] = 0xff << (8 - (mask % 8));
+		break;
+	      }
+#endif
 	    }
-	    a->x.ip.net |= octet << shift;
-	    a->x.ip.mask |= 0xFFUL << shift;
-	    s = t;
-	    shift -= 8;
 	}
-	a->x.ip.net = ntohl(a->x.ip.net);
-	a->x.ip.mask = ntohl(a->x.ip.mask);
     }
     else {
-	a->type = T_HOST;
+	struct addrinfo hints, *res;
+	struct sockaddr_storage ss;
+	int error;
+
+	a->type = T_FAIL;	/*just in case*/
+
+	/* First, try using the old apache code to match */
+	/* legacy syntax for ip addrs: a.b.c. ==> a.b.c.0/24 for example */
+	if (ap_isdigit(*where) && is_ip(where)) {
+	    int shift;
+	    char *t;
+	    int octet;
+
+	    a->type = T_IP;
+	    /* parse components */
+	    s = where;
+	    a->x.ip.net.s_addr = 0;
+	    a->x.ip.mask.s_addr = 0;
+	    shift = 24;
+	    while (*s) {
+		t = s;
+		if (!ap_isdigit(*t)) {
+		    a->type = T_FAIL;
+		    return "invalid ip address";
+		}
+		while (ap_isdigit(*t)) {
+		    ++t;
+		}
+		if (*t == '.') {
+		    *t++ = 0;
+		}
+		else if (*t) {
+		    a->type = T_FAIL;
+		    return "invalid ip address";
+		}
+		if (shift < 0) {
+		    return "invalid ip address, only 4 octets allowed";
+		}
+		octet = atoi(s);
+		if (octet < 0 || octet > 255) {
+		    a->type = T_FAIL;
+		    return "each octet must be between 0 and 255 inclusive";
+		}
+		a->x.ip.net.s_addr |= octet << shift;
+		a->x.ip.mask.s_addr |= 0xFFUL << shift;
+		s = t;
+		shift -= 8;
+	    }
+	    a->x.ip.net.s_addr = ntohl(a->x.ip.net.s_addr);
+	    a->x.ip.mask.s_addr = ntohl(a->x.ip.mask.s_addr);
+
+	    return NULL;
+	}
+
+	/* IPv4/v6 numeric address */
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = PF_UNSPEC;
+	hints.ai_socktype = SOCK_STREAM;	/*dummy*/
+#ifdef AI_NUMERICHOST
+	hints.ai_flags = AI_NUMERICHOST;	/*don't resolve*/
+#endif
+	res = NULL;
+	error = getaddrinfo(where, NULL, &hints, &res);
+	if (error || !res) {
+	    if (res)
+		freeaddrinfo(res);
+	    a->type = T_HOST;
+	    return NULL;
+	}
+	if (res->ai_next) {
+	    freeaddrinfo(res);
+	    a->type = T_FAIL;
+	    return "network/netmask resolved to multiple addresses";
+	}
+	memcpy(&ss, res->ai_addr, res->ai_addrlen);
+	freeaddrinfo(res);
+
+	switch (ss.ss_family) {
+	case AF_INET:
+	    a->type = T_IP;
+	    a->x.ip.net.s_addr = ((struct sockaddr_in *)&ss)->sin_addr.s_addr;
+	    memset(&a->x.ip.mask, 0xff, sizeof(a->x.ip.mask));
+	    break;
+#ifdef INET6
+	case AF_INET6:
+	    a->type = T_IP6;
+	    memcpy(&a->x.ip6.net6, &((struct sockaddr_in6 *)&ss)->sin6_addr,
+		sizeof(a->x.ip6.net6));
+	    memset(&a->x.ip6.mask6, 0xff, sizeof(a->x.ip6.mask6));
+	    break;
+#endif
+	default:
+	    a->type = T_FAIL;
+	    return "unknown address family for network";
+	}
     }
 
     return NULL;
@@ -315,12 +464,63 @@
 	    return 1;
 
 	case T_IP:
-	    if (ap[i].x.ip.net != INADDR_NONE
-		&& (r->connection->remote_addr.sin_addr.s_addr
-		    & ap[i].x.ip.mask) == ap[i].x.ip.net) {
-		return 1;
+	    if (ap[i].x.ip.net.s_addr == INADDR_NONE)
+		break;
+	    switch (r->connection->remote_addr.ss_family) {
+	    case AF_INET:
+		if ((((struct sockaddr_in *)&r->connection->remote_addr)->sin_addr.s_addr
+			& ap[i].x.ip.mask.s_addr) == ap[i].x.ip.net.s_addr) {
+		    return 1;
+		}
+		break;
+#ifdef INET6
+	    case AF_INET6:
+		if (!IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&r->connection->remote_addr)->sin6_addr))	/*XXX*/
+		    break;
+		if ((*(ap_uint32_t *)&((struct sockaddr_in6 *)&r->connection->remote_addr)->sin6_addr.s6_addr[12]
+			& ap[i].x.ip.mask.s_addr) == ap[i].x.ip.net.s_addr) {
+		    return 1;
+		}
+		break;
+#endif
+	    }
+	    break;
+
+#ifdef INET6
+	case T_IP6:
+	  {
+	    struct in6_addr masked;
+	    int j;
+	    if (IN6_IS_ADDR_UNSPECIFIED(&ap[i].x.ip6.net6))
+		break;
+	    switch (r->connection->remote_addr.ss_family) {
+	    case AF_INET:
+		if (!IN6_IS_ADDR_V4MAPPED(&ap[i].x.ip6.net6))	/*XXX*/
+		    break;
+		memset(&masked, 0, sizeof(masked));
+		masked.s6_addr[10] = masked.s6_addr[11] = 0xff;
+		memcpy(&masked.s6_addr[12],
+		    &((struct sockaddr_in *)&r->connection->remote_addr)->sin_addr.s_addr,
+		    sizeof(struct sockaddr_in));
+		for (j = 0; j < sizeof(struct in6_addr); j++)
+			masked.s6_addr[j] &= ap[i].x.ip6.mask6.s6_addr[j];
+		if (memcmp(&masked, &ap[i].x.ip6.net6, sizeof(masked)) == 0)
+		    return 1;
+		break;
+	    case AF_INET6:
+		memset(&masked, 0, sizeof(masked));
+		memcpy(&masked,
+		    &((struct sockaddr_in6 *)&r->connection->remote_addr)->sin6_addr,
+		    sizeof(masked));
+		for (j = 0; j < sizeof(struct in6_addr); j++)
+		    masked.s6_addr[j] &= ap[i].x.ip6.mask6.s6_addr[j];
+		if (memcmp(&masked, &ap[i].x.ip6.net6, sizeof(masked)) == 0)
+		    return 1;
+		break;
 	    }
 	    break;
+	  }
+#endif
 
 	case T_HOST:
 	    if (!gothost) {
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/standard/mod_auth_db.c usr.sbin/httpd/src/modules/standard/mod_auth_db.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/standard/mod_auth_db.c	Thu Feb 13 12:15:12 2003
+++ usr.sbin/httpd/src/modules/standard/mod_auth_db.c	Sun Feb 16 16:05:25 2003
@@ -107,6 +107,9 @@
 #if (DB_VERSION_MAJOR == 3)
 #define DB3
 #endif
+#if (DB_VERSION_MAJOR == 4)
+#define DB4
+#endif
 #endif
 
 typedef struct {
@@ -171,7 +174,7 @@
 
     ap_server_strip_chroot(auth_dbpwfile, 1);
 
-#if defined(DB3)
+#if defined(DB3) || defined(DB4)
     if (   db_create(&f, NULL, 0) != 0 
         || f->open(f, auth_dbpwfile, NULL, DB_HASH, DB_RDONLY, 0664) != 0) {
 #elif defined(DB2)
@@ -184,7 +187,7 @@
 	return NULL;
     }
 
-#if defined(DB2) || defined(DB3)
+#if defined(DB2) || defined(DB3) || defined(DB4)
     if (!((f->get) (f, NULL, &q, &d, 0))) {
 #else
     if (!((f->get) (f, &q, &d, 0))) {
@@ -194,7 +197,7 @@
 	pw[d.size] = '\0';	/* Terminate the string */
     }
 
-#if defined(DB2) || defined(DB3)
+#if defined(DB2) || defined(DB3) || defined(DB4)
     (f->close) (f, 0);
 #else
     (f->close) (f);
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/standard/mod_digest.c usr.sbin/httpd/src/modules/standard/mod_digest.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/standard/mod_digest.c	Thu Feb 13 12:15:12 2003
+++ usr.sbin/httpd/src/modules/standard/mod_digest.c	Sun Feb 16 16:05:25 2003
@@ -179,7 +179,60 @@
     key = ap_palloc(r->pool, l);
     value = ap_palloc(r->pool, l);
 
-    /* There's probably a better way to do this, but for the time being... */
+    /* There's probably a better way to do this, but for the time being... 
+     *
+     * Right now the parsing is very 'slack'. Actual rules from RFC 2617 are:
+     *
+     * Authorization     = "Digest" digest-response
+     * digest-response   = 1#( username | realm | nonce | digest-uri |
+     * 				response | [ cnonce ] | [ algorithm ] |
+     *                    	[opaque] | [message-qop] | [nonce-count] |
+     *				[auth-param] )			(see note 4)
+     * username           = "username" "=" username-value
+     *   username-value   = quoted-string
+     * digest-uri         = "uri" "=" digest-uri-value
+     *   digest-uri-value = request-uri         
+     * message-qop      = "qop" "=" qop-value
+     *   qop-options       = "qop" "=" <"> 1#qop-value <">      (see note 3)
+     *   qop-value         = "auth" | "auth-int" | token
+     * cnonce           = "cnonce" "=" cnonce-value
+     *    cnonce-value     = nonce-value
+     * nonce-count      = "nc" "=" nc-value
+     *    nc-value         = 8LHEX
+     * response           = "response" "=" response-digest
+     *   response-digest  = <"> *LHEX <">
+     *     LHEX           = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" |
+     *                      "8" | "9" | "a" | "b" | "c" | "d" | "e" | "f"
+     * 
+     * Current Discrepancies:
+     *   quoted-string	 	section 2.2 of RFC 2068
+     *   --> We also acccept unquoted strings or strings
+     *       like foo" bar". And take a space, comma or EOL as
+     *       the terminator in that case.
+     *
+     *   request-uri		section 5.1 of RFC 2068
+     *   --> We currently also accept any quoted string - and
+     *       ignore those quotes.
+     *
+     *   response/entity-digest
+     *   --> We ignore the presense of the " if any.
+     *
+     * Note: * - not yet for  CHARSET_EBCDIC XXXX
+     *
+     * Note: There is an inherent problem with the request URI; as it should
+     *       be used unquoted - yet may contain a ',' - which is used as
+     *       a terminator:       
+     *       Authorization: Digest username="dirkx", realm="DAV", nonce="1031662894",
+     *       uri=/mary,+dirkx,+peter+and+mary.ics, response="99a6275793be28c31a5b6e4467fa4c79",
+     *       algorithm=MD5
+     *
+     * Note3: Taken from section 3.2.1 - as this is not actually defined in section 3.2.2 
+     *       which deals with the Authorization Request Header.
+     *
+     * Note4: The 'comma separated' list concept is refered to in the RFC
+     *       but whitespace eating and other such things are assumed to be
+     *       as per MIME/RFC2068 spec.
+     */
 
 #define D_KEY 0
 #define D_VALUE 1
@@ -201,13 +254,26 @@
 	    break;
 
 	case D_VALUE:
+#ifdef CHARSET_EBCDIC
+	    /* This is *wrong* - a request URI may be unquoted and yet
+             * contain non alpha/num chars. (Though gets terminated by 
+             * a ',' - which in fact may be in the URI - so I guess 
+             * 2069 should be updated to suggest strongly to quote).
+             */
 	    if (ap_isalnum(auth_line[0])) {
 		value[vv] = auth_line[0];
 		vv++;
-	    }
-	    else if (auth_line[0] == '\"') {
+	    } else
+#endif
+	    if (auth_line[0] == '\"') {
 		s = D_STRING;
 	    }
+#ifndef CHARSET_EBCDIC
+	    else if ((auth_line[0] != ',') && (auth_line[0] != ' ') && (auth_line[0] != '\0')) {
+		value[vv] = auth_line[0];
+		vv++;
+	    }
+#endif
 	    else {
 		value[vv] = '\0';
 
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/standard/mod_headers.c usr.sbin/httpd/src/modules/standard/mod_headers.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/standard/mod_headers.c	Thu Feb 13 12:15:12 2003
+++ usr.sbin/httpd/src/modules/standard/mod_headers.c	Sun Feb 16 16:05:25 2003
@@ -116,6 +116,7 @@
     hdr_actions action;
     char *header;
     char *value;
+    int do_err;
 } header_entry;
 
 /*
@@ -153,7 +154,6 @@
     return a;
 }
 
-
 static const char *header_cmd(cmd_parms *cmd, headers_conf * dirconf, char *action, char *hdr, char *value)
 {
     header_entry *new;
@@ -169,6 +169,12 @@
         new = (header_entry *) ap_push_array(serverconf->headers);
     }
 
+    if (cmd->info) {
+	new->do_err = 1;
+    } else {
+	new->do_err = 0;
+    }
+
     if (!strcasecmp(action, "set"))
         new->action = hdr_set;
     else if (!strcasecmp(action, "add"))
@@ -198,7 +204,9 @@
 
 static const command_rec headers_cmds[] =
 {
-    {"Header", header_cmd, NULL, OR_FILEINFO, TAKE23,
+    {"Header", header_cmd, (void *)0, OR_FILEINFO, TAKE23,
+     "an action, header and value"},
+    {"ErrorHeader", header_cmd, (void *)1, OR_FILEINFO, TAKE23,
      "an action, header and value"},
     {NULL}
 };
@@ -209,18 +217,19 @@
 
     for (i = 0; i < headers->nelts; ++i) {
         header_entry *hdr = &((header_entry *) (headers->elts))[i];
+	table *tbl = (hdr->do_err ? r->err_headers_out : r->headers_out);
         switch (hdr->action) {
         case hdr_add:
-            ap_table_addn(r->headers_out, hdr->header, hdr->value);
+            ap_table_addn(tbl, hdr->header, hdr->value);
             break;
         case hdr_append:
-            ap_table_mergen(r->headers_out, hdr->header, hdr->value);
+            ap_table_mergen(tbl, hdr->header, hdr->value);
             break;
         case hdr_set:
-            ap_table_setn(r->headers_out, hdr->header, hdr->value);
+            ap_table_setn(tbl, hdr->header, hdr->value);
             break;
         case hdr_unset:
-            ap_table_unset(r->headers_out, hdr->header);
+            ap_table_unset(tbl, hdr->header);
             break;
         }
     }
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/standard/mod_rewrite.c usr.sbin/httpd/src/modules/standard/mod_rewrite.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/standard/mod_rewrite.c	Thu Feb 13 12:15:12 2003
+++ usr.sbin/httpd/src/modules/standard/mod_rewrite.c	Sun Feb 16 16:05:26 2003
@@ -102,6 +102,11 @@
 #include 
 #endif
 
+#ifdef NETWARE
+#include 
+static LONG locking_sem = 0;
+#endif
+
 /*
 ** +-------------------------------------------------------+
 ** |                                                       |
@@ -3277,6 +3282,10 @@
         chown(lockname, ap_user_id, -1 /* no gid change */);
 #endif
 
+#ifdef NETWARE
+	locking_sem = OpenLocalSemaphore (1);
+#endif
+
     return;
 }
 
@@ -3309,6 +3318,10 @@
     unlink(lockname);
     lockname = NULL;
     lockfd = -1;
+#ifdef NETWARE
+	CloseLocalSemaphore (locking_sem);
+#endif
+
 }
 
 static void rewritelock_alloc(request_rec *r)
@@ -4165,6 +4178,12 @@
     rc = _locking(fd, _LK_LOCK, 1);
     lseek(fd, 0, SEEK_END);
 #endif
+#ifdef NETWARE
+	if ((locking_sem != 0) && (TimedWaitOnLocalSemaphore (locking_sem, 10000) != 0))
+		rc = -1;
+	else
+		rc = 1;
+#endif
 
     if (rc < 0) {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
@@ -4194,6 +4213,11 @@
     lseek(fd, 0, SEEK_SET);
     rc = _locking(fd, _LK_UNLCK, 1);
     lseek(fd, 0, SEEK_END);
+#endif
+#ifdef NETWARE
+	if (locking_sem)
+		SignalLocalSemaphore (locking_sem);
+	rc = 1;
 #endif
 
     if (rc < 0) {
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/standard/mod_unique_id.c usr.sbin/httpd/src/modules/standard/mod_unique_id.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/modules/standard/mod_unique_id.c	Thu Feb 13 12:15:12 2003
+++ usr.sbin/httpd/src/modules/standard/mod_unique_id.c	Sun Feb 16 16:05:26 2003
@@ -67,10 +67,20 @@
 #include "http_config.h"
 #include "http_log.h"
 #include "multithread.h"
+#include "sa_len.h"
 
 typedef struct {
     unsigned int stamp;
-    unsigned int in_addr;
+    union {
+      ap_uint32_t     in;
+#ifdef INET6
+# ifdef SHORT_UNIQUE_ID
+      ap_uint32_t     in6;
+# else
+      struct in6_addr in6;
+# endif
+#endif
+    } addr;
     unsigned int pid;
 #ifdef MULTITHREAD
     unsigned int tid;
@@ -142,7 +152,7 @@
  * this shouldn't be a problem till year 2106.
  */
 
-static unsigned global_in_addr;
+static struct sockaddr_storage global_addr;
 
 #ifdef WIN32
 
@@ -221,7 +231,8 @@
 #define MAXHOSTNAMELEN 256
 #endif
     char str[MAXHOSTNAMELEN + 1];
-    struct hostent *hent;
+    struct addrinfo hints, *res, *res0;
+    int error;
 #ifndef NO_GETTIMEOFDAY
     struct timeval tv;
 #endif
@@ -232,8 +243,8 @@
      */
     unique_id_rec_offset[0] = XtOffsetOf(unique_id_rec, stamp);
     unique_id_rec_size[0] = sizeof(cur_unique_id->stamp);
-    unique_id_rec_offset[1] = XtOffsetOf(unique_id_rec, in_addr);
-    unique_id_rec_size[1] = sizeof(cur_unique_id->in_addr);
+    unique_id_rec_offset[1] = XtOffsetOf(unique_id_rec, addr);
+    unique_id_rec_size[1] = sizeof(cur_unique_id->addr);
     unique_id_rec_offset[2] = XtOffsetOf(unique_id_rec, pid);
     unique_id_rec_size[2] = sizeof(cur_unique_id->pid);
 #ifdef MULTITHREAD
@@ -269,17 +280,44 @@
     }
     str[sizeof(str) - 1] = '\0';
 
-    if ((hent = gethostbyname(str)) == NULL) {
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = PF_UNSPEC;
+    error = getaddrinfo(str, NULL, &hints, &res0);
+    if (error) {
         ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ALERT, s,
-		     "mod_unique_id: unable to gethostbyname(\"%s\")", str);
+                     "mod_unique_id: getaddrinfo failed for \"%s\" (%s)", str,
+		     gai_strerror(error));
         exit(1);
     }
 
-    global_in_addr = ((struct in_addr *) hent->h_addr_list[0])->s_addr;
+    error = 1;
+    for (res = res0; res; res = res->ai_next) {
+	switch (res->ai_family) {
+	case AF_INET:
+#ifdef INET6
+	case AF_INET6:
+#endif
+	    memcpy(&global_addr, res->ai_addr, res->ai_addrlen);
+	    error = 0;
+	    break;
+	}
+    }
+    freeaddrinfo(res0);
+    if (error) {
+        ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ALERT, s,
+                    "mod_unique_id: no known AF found for \"%s\"", str);
+        exit(1);
+    }
 
+    getnameinfo((struct sockaddr *)&global_addr,
+#ifndef SIN6_LEN
+	SA_LEN((struct sockaddr *)&global_addr),
+#else
+	global_addr.ss_len,
+#endif
+	str, sizeof(str), NULL, 0, NI_NUMERICHOST);
     ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, s,
-		 "mod_unique_id: using ip addr %s",
-		 inet_ntoa(*(struct in_addr *) hent->h_addr_list[0]));
+                 "mod_unique_id: using ip addr %s", str);
 
     /*
      * If the server is pummelled with restart requests we could possibly end
@@ -336,7 +374,24 @@
 		     "oh no! pids are greater than 32-bits!  I'm broken!");
     }
 
-    cur_unique_id->in_addr = global_in_addr;
+    memset(&cur_unique_id->addr, 0, sizeof(cur_unique_id->addr));
+    switch (global_addr.ss_family) {
+    case AF_INET:
+      cur_unique_id->addr.in =
+          ((struct sockaddr_in *)&global_addr)->sin_addr.s_addr;
+      break;
+#ifdef INET6
+    case AF_INET6:
+#ifdef SHORT_UNIQUE_ID
+      cur_unique_id->addr.in6 =
+          ((struct sockaddr_in6 *)&global_addr)->sin6_addr.s6_addr32[3];
+#else
+      cur_unique_id->addr.in6 =
+          ((struct sockaddr_in6 *)&global_addr)->sin6_addr;
+#endif
+      break;
+#endif
+    }
 
     /*
      * If we use 0 as the initial counter we have a little less protection
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/os/tpf/os.c usr.sbin/httpd/src/os/tpf/os.c
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/os/tpf/os.c	Thu Feb 13 12:15:12 2003
+++ usr.sbin/httpd/src/os/tpf/os.c	Sun Feb 16 16:05:24 2003
@@ -423,7 +423,7 @@
         free(idct);
     } else {
         ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, s,
-                     TPF_UNABLE_TO_DETERMINE_ZINET_MODEL);
+                     TPF_UNABLE_TO_DETERMINE_ZINET_MODEL, servername);
         exit(1); /* abort start-up of server */
     }
 
@@ -498,11 +498,14 @@
 }
 
 void os_tpf_child(APACHE_TPF_INPUT *input_parms) {
+    extern char tpf_mutex_key[TPF_MUTEX_KEY_SIZE];
+
     tpf_child = 1;
     ap_my_generation = input_parms->generation;
     ap_restart_time = input_parms->restart_time;
     tpf_fds = input_parms->tpf_fds;
     tpf_shm_static_ptr = input_parms->shm_static_ptr;
+    sprintf(tpf_mutex_key, "%.*x", TPF_MUTEX_KEY_SIZE - 1, getppid());
 }
 
 #ifndef __PIPE_
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/os/tpf/os.h usr.sbin/httpd/src/os/tpf/os.h
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/os/tpf/os.h	Thu Feb 13 12:15:12 2003
+++ usr.sbin/httpd/src/os/tpf/os.h	Sun Feb 16 16:05:24 2003
@@ -125,7 +125,7 @@
 #define FD_SET(n, p) (0)
 #endif
 
-#define  RESOURCE_KEY ((void*) 0xC1C2C1C3)
+#define TPF_MUTEX_KEY_SIZE (sizeof(pid_t)*2+1)
 
 /* TPF doesn't have, or need, tzset (it is used in mod_expires.c) */
 #define tzset()
@@ -219,7 +219,7 @@
 #endif
 
 #define TPF_UNABLE_TO_DETERMINE_ZINET_MODEL \
-        "Unable to determine ZINET model: inetd_getServer call failed" \
-        " -- Apache startup aborted"
+        "Unable to determine ZINET model: inetd_getServer(\"%s\") " \
+        "call failed -- Apache startup aborted"
 
 #endif /*! APACHE_OS_H*/
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/os/tpf/samples/linkhttp.jcl usr.sbin/httpd/src/os/tpf/samples/linkhttp.jcl
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/os/tpf/samples/linkhttp.jcl	Thu Feb 13 12:15:12 2003
+++ usr.sbin/httpd/src/os/tpf/samples/linkhttp.jcl	Sun Feb 16 16:05:24 2003
@@ -1,147 +0,0 @@
-//LINKHTTP  JOB MSGLEVEL=(1,1),CLASS=G,MSGCLASS=S
-/*ROUTE PRINT 
-/*ROUTE PUNCH 
-/*NOTIFY 
-//CCLE JCLLIB ORDER=(SYS1.CBC.SCBCPRC,SYS1.CEE.SCEEPROC)
-//PRELINK EXEC EDCPL,COND.LKED=(0,NE),
-// PPARM='OMVS,DLLNAME(CHTA)',
-// LREGSIZ='2048K',
-// LPARM='AMODE=31,RMODE=ANY,LIST,XREF'
-//PLKED.SYSLIB DD DISP=SHR,DSN=ACP.STUB.RLSE40
-//             DD DISP=SHR,DSN=ACP.CLIB.RLSE40
-//PLKED.OBJLIB DD DISP=SHR,DSN=ACP.MAIN.SYST.OBBSS
-//             DD DISP=SHR,DSN=ACP.DF.MAIN.SYST.OBBSS
-//             DD DISP=SHR,DSN=ACP.OBJ.RLSE40.BSS
-//PLKED.OBJ01  DD PATH='//src/ap/ap_base64.o'
-//PLKED.OBJ02  DD PATH='//src/ap/ap_checkpass.o'
-//PLKED.OBJ03  DD PATH='//src/ap/ap_cpystrn.o'
-//PLKED.OBJ04  DD PATH='//src/ap/ap_ebcdic.o'
-//PLKED.OBJ05  DD PATH='//src/ap/ap_execve.o'
-//PLKED.OBJ06  DD PATH='//src/ap/ap_fnmatch.o'
-//PLKED.OBJ07  DD PATH='//src/ap/ap_getpass.o'
-//PLKED.OBJ08  DD PATH='//src/ap/ap_md5c.o'
-//PLKED.OBJ09  DD PATH='//src/ap/ap_sha1.o'
-//PLKED.OBJ10  DD PATH='//src/ap/ap_signal.o'
-//PLKED.OBJ11  DD PATH='//src/ap/ap_slack.o'
-//PLKED.OBJ12  DD PATH='//src/ap/ap_snprintf.o'
-//PLKED.OBJ13  DD PATH='//src/ap/ap_strtol.o'
-//PLKED.OBJ14  DD PATH='//src/buildmark.o'
-//PLKED.OBJ15  DD PATH='//src/main/alloc.o'
-//PLKED.OBJ16  DD PATH='//src/main/buff.o'
-//PLKED.OBJ17  DD PATH='//src/main/http_config.o'
-//PLKED.OBJ18  DD PATH='//src/main/http_core.o'
-//PLKED.OBJ19  DD PATH='//src/main/http_log.o'
-//PLKED.OBJ20  DD PATH='//src/main/http_main.o'
-//PLKED.OBJ21  DD PATH='//src/main/http_protocol.o'
-//PLKED.OBJ22  DD PATH='//src/main/http_request.o'
-//PLKED.OBJ23  DD PATH='//src/main/http_vhost.o'
-//PLKED.OBJ24  DD PATH='//src/main/rfc1413.o'
-//PLKED.OBJ25  DD PATH='//src/main/util.o'
-//PLKED.OBJ26  DD PATH='//src/main/util_date.o'
-//PLKED.OBJ27  DD PATH='//src/main/util_md5.o'
-//PLKED.OBJ28  DD PATH='//src/main/util_script.o'
-//PLKED.OBJ29  DD PATH='//src/main/util_uri.o'
-//PLKED.OBJ30  DD PATH='//src/modules.o'
-//PLKED.OBJ31  DD PATH='//src/modules/standard/mod_acce\
-//             ss.o'
-//PLKED.OBJ32  DD PATH='//src/modules/standard/mod_acti\
-//             ons.o'
-//PLKED.OBJ33  DD PATH='//src/modules/standard/mod_alia\
-//             s.o'
-//PLKED.OBJ34  DD PATH='//src/modules/standard/mod_asis\
-//             .o'
-//PLKED.OBJ35  DD PATH='//src/modules/standard/mod_auth\
-//             .o'
-//PLKED.OBJ36  DD PATH='//src/modules/standard/mod_auto\
-//             index.o'
-//PLKED.OBJ37  DD PATH='//src/modules/standard/mod_cgi.\
-//             o'
-//PLKED.OBJ38  DD PATH='//src/modules/standard/mod_dir.\
-//             o'
-//PLKED.OBJ39  DD PATH='//src/modules/standard/mod_env.\
-//             o'
-//PLKED.OBJ40  DD PATH='//src/modules/standard/mod_imap\
-//             .o'
-//PLKED.OBJ41  DD PATH='//src/modules/standard/mod_incl\
-//             ude.o'
-//PLKED.OBJ42  DD PATH='//src/modules/standard/mod_log_\
-//             config.o'
-//PLKED.OBJ43  DD PATH='//src/modules/standard/mod_mime\
-//             .o'
-//PLKED.OBJ44  DD PATH='//src/modules/standard/mod_nego\
-//             tiation.o'
-//PLKED.OBJ45  DD PATH='//src/modules/standard/mod_sete\
-//             nvif.o'
-//PLKED.OBJ46  DD PATH='//src/modules/standard/mod_stat\
-//             us.o'
-//PLKED.OBJ47  DD PATH='//src/modules/standard/mod_user\
-//             dir.o'
-//PLKED.OBJ48  DD PATH='//src/os/tpf/cgetop.o'
-//PLKED.OBJ49  DD PATH='//src/os/tpf/os.o'
-//PLKED.OBJ50  DD PATH='//src/os/tpf/os-inline.o'
-//PLKED.OBJ51  DD PATH='//src/regex/regcomp.o'
-//PLKED.OBJ52  DD PATH='//src/regex/regerror.o'
-//PLKED.OBJ53  DD PATH='//src/regex/regexec.o'
-//PLKED.OBJ54  DD PATH='//src/regex/regfree.o'
-//PLKED.SYSIN DD *
- ORDER @@DLMHDR
- INCLUDE OBJLIB(CSTRTD40)
- INCLUDE OBJ01
- INCLUDE OBJ02
- INCLUDE OBJ03
- INCLUDE OBJ04
- INCLUDE OBJ05
- INCLUDE OBJ06
- INCLUDE OBJ07
- INCLUDE OBJ08
- INCLUDE OBJ09
- INCLUDE OBJ10
- INCLUDE OBJ11
- INCLUDE OBJ12
- INCLUDE OBJ13
- INCLUDE OBJ14
- INCLUDE OBJ15
- INCLUDE OBJ16
- INCLUDE OBJ17
- INCLUDE OBJ18
- INCLUDE OBJ19
- INCLUDE OBJ20
- INCLUDE OBJ21
- INCLUDE OBJ22
- INCLUDE OBJ23
- INCLUDE OBJ24
- INCLUDE OBJ25
- INCLUDE OBJ26
- INCLUDE OBJ27
- INCLUDE OBJ28
- INCLUDE OBJ29
- INCLUDE OBJ30
- INCLUDE OBJ31
- INCLUDE OBJ32
- INCLUDE OBJ33
- INCLUDE OBJ34
- INCLUDE OBJ35
- INCLUDE OBJ36
- INCLUDE OBJ37
- INCLUDE OBJ38
- INCLUDE OBJ39
- INCLUDE OBJ40
- INCLUDE OBJ41
- INCLUDE OBJ42
- INCLUDE OBJ43
- INCLUDE OBJ44
- INCLUDE OBJ45
- INCLUDE OBJ46
- INCLUDE OBJ47
- INCLUDE OBJ48
- INCLUDE OBJ49
- INCLUDE OBJ50
- INCLUDE OBJ51
- INCLUDE OBJ52
- INCLUDE OBJ53
- INCLUDE OBJ54
- INCLUDE OBJLIB(CINET640)
-/*
-//*** WARNING *** NEVER change .LK to .OB in SYSLMOD!!!
-//LKED.SYSLMOD DD DISP=OLD,DSN=(CHTA)
-//
diff -ruN --exclude=CVS -I \$Id: -I \$OpenBSD: /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/os/tpf/samples/loadset.jcl usr.sbin/httpd/src/os/tpf/samples/loadset.jcl
--- /backup/work/stable/src-OPENBSD_3_2/usr.sbin/httpd/src/os/tpf/samples/loadset.jcl	Thu Feb 13 12:15:12 2003
+++ usr.sbin/httpd/src/os/tpf/samples/loadset.jcl	Sun Feb 16 16:05:24 2003
@@ -1,41 +0,0 @@
-//LOADSET  JOB MSGLEVEL=1,CLASS=G,MSGCLASS=S
-/*ROUTE PRINT 
-/*ROUTE PUNCH 
-//TLDR   EXEC  PGM=TPFLDR40,REGION=8M,
-//             PARM='OLDR,SYS=ACP,CLMSIZE=8000000'
-//STEPLIB  DD  DSN=ACP.LINK.RLSE40.BSS,DISP=SHR
-//         DD  DSN=SYS1.CEE.SCEERUN,DISP=SHR
-//SALTB    DD  DSN=ACP.SALTBL.RLSE40.BSS,DISP=SHR
-//OBJLIB   DD  DSN=ACP.OBJ.RLSE40.BSS,DISP=SHR
-//LOADMOD  DD  DSN=,DISP=SHR
-//         DD  DSN=ACP.LINK.RLSE40.BSS,DISP=SHR
-//LOADSUM  DD  DSN=&&LOADSUM,DISP=(NEW,PASS),UNIT=SYSDA,
-//             LRECL=133,SPACE=(TRK,(10,10)),RECFM=FBA
-//CPRTEMP  DD  UNIT=SYSDA,
-//             DSN=&&CPRTEMP,SPACE=(TRK,(100,20)),
-//             DCB=(RECFM=FB,BLKSIZE=4095,LRECL=4095),
-//             DISP=(NEW,DELETE)
-//PROGTEMP DD  UNIT=SYSDA,
-//             DSN=&&PRTEMP,SPACE=(TRK,(100,20)),
-//             DCB=(RECFM=FB,BLKSIZE=4095,LRECL=4095),
-//             DISP=(NEW,DELETE)
-//OUTPUT   DD  DSN=&&VRDROUT,DISP=(NEW,PASS),UNIT=SYSDA,
-//             DCB=(RECFM=F,BLKSIZE=4095,LRECL=4095)
-//SYSUDUMP DD  DUMMY
-//SYSABEND DD  DUMMY
-//SYSOUT   DD  SYSOUT=A
-//SYSPRINT DD  SYSOUT=A
-//PRINTER  DD  SYSOUT=A
-//CEEDUMP  DD  SYSOUT=A