Merge ~ahasenack/ubuntu/+source/apache2:bionic-balance-member-hostname-1750356 into ubuntu/+source/apache2:ubuntu/bionic-devel

Proposed by Andreas Hasenack on 2018-06-27
Status: Merged
Approved by: Robie Basak on 2018-07-03
Approved revision: 8b6ec8cea379f63aa0e907cec8f70dc4d86e7e83
Merge reported by: Andreas Hasenack
Merged at revision: 8b6ec8cea379f63aa0e907cec8f70dc4d86e7e83
Proposed branch: ~ahasenack/ubuntu/+source/apache2:bionic-balance-member-hostname-1750356
Merge into: ubuntu/+source/apache2:ubuntu/bionic-devel
Diff against target: 422830 lines (+414538/-0)
1366 files modified
debian/changelog (+9/-0)
debian/patches/balance-member-long-hostname-part1.patch (+30/-0)
debian/patches/balance-member-long-hostname-part2.patch (+430/-0)
debian/patches/series (+2/-0)
docs/manual/style/latex/atbeginend.sty (+80/-0)
docs/manual/style/manualpage.dtd (+29/-0)
docs/manual/style/modulesynopsis.dtd (+85/-0)
docs/manual/style/scripts/MINIFY (+5/-0)
docs/manual/style/scripts/prettify.js (+1622/-0)
docs/manual/style/scripts/prettify.min.js (+123/-0)
docs/manual/style/sitemap.dtd (+42/-0)
docs/manual/style/version.ent (+24/-0)
docs/manual/suexec.html (+21/-0)
docs/manual/suexec.html.en (+643/-0)
docs/manual/suexec.html.fr (+689/-0)
docs/manual/suexec.html.ja.utf8 (+643/-0)
docs/manual/suexec.html.ko.euc-kr (+564/-0)
docs/manual/suexec.html.tr.utf8 (+583/-0)
docs/manual/upgrading.html (+9/-0)
docs/manual/upgrading.html.en (+530/-0)
docs/manual/upgrading.html.fr (+589/-0)
docs/manual/urlmapping.html (+21/-0)
docs/manual/urlmapping.html.en (+379/-0)
docs/manual/urlmapping.html.fr (+402/-0)
docs/manual/urlmapping.html.ja.utf8 (+318/-0)
docs/manual/urlmapping.html.ko.euc-kr (+277/-0)
docs/manual/urlmapping.html.tr.utf8 (+365/-0)
docs/manual/vhosts/details.html (+17/-0)
docs/manual/vhosts/details.html.en (+348/-0)
docs/manual/vhosts/details.html.fr (+369/-0)
docs/manual/vhosts/details.html.ko.euc-kr (+412/-0)
docs/manual/vhosts/details.html.tr.utf8 (+319/-0)
docs/manual/vhosts/examples.html (+21/-0)
docs/manual/vhosts/examples.html.en (+566/-0)
docs/manual/vhosts/examples.html.fr (+586/-0)
docs/manual/vhosts/examples.html.ja.utf8 (+680/-0)
docs/manual/vhosts/examples.html.ko.euc-kr (+657/-0)
docs/manual/vhosts/examples.html.tr.utf8 (+562/-0)
docs/manual/vhosts/fd-limits.html (+21/-0)
docs/manual/vhosts/fd-limits.html.en (+155/-0)
docs/manual/vhosts/fd-limits.html.fr (+167/-0)
docs/manual/vhosts/fd-limits.html.ja.utf8 (+157/-0)
docs/manual/vhosts/fd-limits.html.ko.euc-kr (+152/-0)
docs/manual/vhosts/fd-limits.html.tr.utf8 (+150/-0)
docs/manual/vhosts/index.html (+29/-0)
docs/manual/vhosts/index.html.de (+124/-0)
docs/manual/vhosts/index.html.en (+126/-0)
docs/manual/vhosts/index.html.fr (+127/-0)
docs/manual/vhosts/index.html.ja.utf8 (+120/-0)
docs/manual/vhosts/index.html.ko.euc-kr (+119/-0)
docs/manual/vhosts/index.html.tr.utf8 (+123/-0)
docs/manual/vhosts/index.html.zh-cn.utf8 (+105/-0)
docs/manual/vhosts/ip-based.html (+21/-0)
docs/manual/vhosts/ip-based.html.en (+210/-0)
docs/manual/vhosts/ip-based.html.fr (+213/-0)
docs/manual/vhosts/ip-based.html.ja.utf8 (+190/-0)
docs/manual/vhosts/ip-based.html.ko.euc-kr (+180/-0)
docs/manual/vhosts/ip-based.html.tr.utf8 (+211/-0)
docs/manual/vhosts/mass.html (+17/-0)
docs/manual/vhosts/mass.html.en (+337/-0)
docs/manual/vhosts/mass.html.fr (+352/-0)
docs/manual/vhosts/mass.html.ko.euc-kr (+453/-0)
docs/manual/vhosts/mass.html.tr.utf8 (+324/-0)
docs/manual/vhosts/name-based.html (+25/-0)
docs/manual/vhosts/name-based.html.de (+299/-0)
docs/manual/vhosts/name-based.html.en (+224/-0)
docs/manual/vhosts/name-based.html.fr (+267/-0)
docs/manual/vhosts/name-based.html.ja.utf8 (+303/-0)
docs/manual/vhosts/name-based.html.ko.euc-kr (+266/-0)
docs/manual/vhosts/name-based.html.tr.utf8 (+238/-0)
docs/server-status/README.md (+40/-0)
docs/server-status/server-status.lua (+1901/-0)
emacs-style (+12/-0)
httpd.dep (+68/-0)
httpd.dsp (+111/-0)
httpd.mak (+344/-0)
httpd.spec (+506/-0)
include/.indent.pro (+54/-0)
include/ap_compat.h (+30/-0)
include/ap_config.h (+206/-0)
include/ap_config_auto.h.in (+298/-0)
include/ap_config_layout.h.in (+64/-0)
include/ap_expr.h (+353/-0)
include/ap_hooks.h (+162/-0)
include/ap_listen.h (+163/-0)
include/ap_mmn.h (+538/-0)
include/ap_mpm.h (+235/-0)
include/ap_provider.h (+100/-0)
include/ap_regex.h (+248/-0)
include/ap_regkey.h (+219/-0)
include/ap_release.h (+83/-0)
include/ap_slotmem.h (+199/-0)
include/ap_socache.h (+230/-0)
include/apache_noprobes.h (+344/-0)
include/heartbeat.h (+60/-0)
include/http_config.h (+1379/-0)
include/http_connection.h (+168/-0)
include/http_core.h (+1049/-0)
include/http_log.h (+836/-0)
include/http_main.h (+88/-0)
include/http_protocol.h (+1021/-0)
include/http_request.h (+630/-0)
include/http_vhost.h (+119/-0)
include/httpd.h (+2403/-0)
include/mod_auth.h (+141/-0)
include/mod_core.h (+103/-0)
include/mod_request.h (+64/-0)
include/mpm_common.h (+470/-0)
include/scoreboard.h (+244/-0)
include/util_cfgtree.h (+98/-0)
include/util_charset.h (+72/-0)
include/util_cookies.h (+146/-0)
include/util_ebcdic.h (+92/-0)
include/util_fcgi.h (+280/-0)
include/util_filter.h (+639/-0)
include/util_ldap.h (+398/-0)
include/util_md5.h (+72/-0)
include/util_mutex.h (+223/-0)
include/util_script.h (+233/-0)
include/util_time.h (+117/-0)
include/util_varbuf.h (+197/-0)
include/util_xml.h (+51/-0)
libhttpd.dep (+2421/-0)
libhttpd.dsp (+842/-0)
libhttpd.mak (+1354/-0)
modules/Makefile.in (+6/-0)
modules/NWGNUmakefile (+121/-0)
modules/README (+67/-0)
modules/aaa/.indent.pro (+54/-0)
modules/aaa/Makefile.in (+3/-0)
modules/aaa/NWGNUaccesscompat (+248/-0)
modules/aaa/NWGNUallowmethods (+248/-0)
modules/aaa/NWGNUauthbasc (+248/-0)
modules/aaa/NWGNUauthdigt (+248/-0)
modules/aaa/NWGNUauthform (+250/-0)
modules/aaa/NWGNUauthnano (+248/-0)
modules/aaa/NWGNUauthndbd (+249/-0)
modules/aaa/NWGNUauthndbm (+248/-0)
modules/aaa/NWGNUauthnfil (+248/-0)
modules/aaa/NWGNUauthnsocache (+248/-0)
modules/aaa/NWGNUauthnzldap (+264/-0)
modules/aaa/NWGNUauthzdbd (+249/-0)
modules/aaa/NWGNUauthzdbm (+248/-0)
modules/aaa/NWGNUauthzgrp (+247/-0)
modules/aaa/NWGNUauthzusr (+247/-0)
modules/aaa/NWGNUmakefile (+270/-0)
modules/aaa/config.m4 (+84/-0)
modules/aaa/mod_access_compat.c (+374/-0)
modules/aaa/mod_access_compat.dep (+59/-0)
modules/aaa/mod_access_compat.dsp (+111/-0)
modules/aaa/mod_access_compat.mak (+353/-0)
modules/aaa/mod_allowmethods.c (+158/-0)
modules/aaa/mod_allowmethods.dep (+56/-0)
modules/aaa/mod_allowmethods.dsp (+111/-0)
modules/aaa/mod_allowmethods.mak (+353/-0)
modules/aaa/mod_auth_basic.c (+512/-0)
modules/aaa/mod_auth_basic.dep (+63/-0)
modules/aaa/mod_auth_basic.dsp (+111/-0)
modules/aaa/mod_auth_basic.mak (+353/-0)
modules/aaa/mod_auth_digest.c (+2115/-0)
modules/aaa/mod_auth_digest.dep (+68/-0)
modules/aaa/mod_auth_digest.dsp (+111/-0)
modules/aaa/mod_auth_digest.mak (+353/-0)
modules/aaa/mod_auth_form.c (+1333/-0)
modules/aaa/mod_auth_form.dep (+66/-0)
modules/aaa/mod_auth_form.dsp (+111/-0)
modules/aaa/mod_auth_form.mak (+353/-0)
modules/aaa/mod_authn_anon.c (+215/-0)
modules/aaa/mod_authn_anon.dep (+58/-0)
modules/aaa/mod_authn_anon.dsp (+111/-0)
modules/aaa/mod_authn_anon.mak (+381/-0)
modules/aaa/mod_authn_core.c (+386/-0)
modules/aaa/mod_authn_core.dep (+58/-0)
modules/aaa/mod_authn_core.dsp (+111/-0)
modules/aaa/mod_authn_core.mak (+381/-0)
modules/aaa/mod_authn_dbd.c (+309/-0)
modules/aaa/mod_authn_dbd.dep (+56/-0)
modules/aaa/mod_authn_dbd.dsp (+115/-0)
modules/aaa/mod_authn_dbd.mak (+409/-0)
modules/aaa/mod_authn_dbm.c (+208/-0)
modules/aaa/mod_authn_dbm.dep (+61/-0)
modules/aaa/mod_authn_dbm.dsp (+111/-0)
modules/aaa/mod_authn_dbm.mak (+381/-0)
modules/aaa/mod_authn_file.c (+194/-0)
modules/aaa/mod_authn_file.dep (+60/-0)
modules/aaa/mod_authn_file.dsp (+111/-0)
modules/aaa/mod_authn_file.mak (+381/-0)
modules/aaa/mod_authn_socache.c (+475/-0)
modules/aaa/mod_authn_socache.dep (+62/-0)
modules/aaa/mod_authn_socache.dsp (+111/-0)
modules/aaa/mod_authn_socache.mak (+353/-0)
modules/aaa/mod_authnz_fcgi.c (+1363/-0)
modules/aaa/mod_authnz_fcgi.dep (+61/-0)
modules/aaa/mod_authnz_fcgi.dsp (+119/-0)
modules/aaa/mod_authnz_fcgi.mak (+353/-0)
modules/aaa/mod_authnz_ldap.c (+1958/-0)
modules/aaa/mod_authnz_ldap.dep (+70/-0)
modules/aaa/mod_authnz_ldap.dsp (+111/-0)
modules/aaa/mod_authnz_ldap.mak (+381/-0)
modules/aaa/mod_authz_core.c (+1164/-0)
modules/aaa/mod_authz_core.dep (+60/-0)
modules/aaa/mod_authz_core.dsp (+111/-0)
modules/aaa/mod_authz_core.mak (+381/-0)
modules/aaa/mod_authz_dbd.c (+409/-0)
modules/aaa/mod_authz_dbd.dep (+61/-0)
modules/aaa/mod_authz_dbd.dsp (+119/-0)
modules/aaa/mod_authz_dbd.h (+44/-0)
modules/aaa/mod_authz_dbd.mak (+409/-0)
modules/aaa/mod_authz_dbm.c (+336/-0)
modules/aaa/mod_authz_dbm.dep (+62/-0)
modules/aaa/mod_authz_dbm.dsp (+111/-0)
modules/aaa/mod_authz_dbm.mak (+381/-0)
modules/aaa/mod_authz_groupfile.c (+331/-0)
modules/aaa/mod_authz_groupfile.dep (+61/-0)
modules/aaa/mod_authz_groupfile.dsp (+111/-0)
modules/aaa/mod_authz_groupfile.mak (+381/-0)
modules/aaa/mod_authz_host.c (+389/-0)
modules/aaa/mod_authz_host.dep (+60/-0)
modules/aaa/mod_authz_host.dsp (+111/-0)
modules/aaa/mod_authz_host.mak (+381/-0)
modules/aaa/mod_authz_owner.c (+189/-0)
modules/aaa/mod_authz_owner.dep (+59/-0)
modules/aaa/mod_authz_owner.dsp (+111/-0)
modules/aaa/mod_authz_owner.h (+27/-0)
modules/aaa/mod_authz_owner.mak (+381/-0)
modules/aaa/mod_authz_user.c (+146/-0)
modules/aaa/mod_authz_user.dep (+58/-0)
modules/aaa/mod_authz_user.dsp (+111/-0)
modules/aaa/mod_authz_user.mak (+381/-0)
modules/arch/netware/libprews.c (+79/-0)
modules/arch/netware/mod_netware.c (+206/-0)
modules/arch/netware/mod_nw_ssl.c (+1285/-0)
modules/arch/unix/Makefile.in (+3/-0)
modules/arch/unix/config5.m4 (+24/-0)
modules/arch/unix/mod_privileges.c (+588/-0)
modules/arch/unix/mod_unixd.c (+426/-0)
modules/arch/unix/mod_unixd.h (+41/-0)
modules/arch/win32/Makefile.in (+3/-0)
modules/arch/win32/config.m4 (+9/-0)
modules/arch/win32/mod_isapi.c (+1727/-0)
modules/arch/win32/mod_isapi.dep (+61/-0)
modules/arch/win32/mod_isapi.dsp (+115/-0)
modules/arch/win32/mod_isapi.h (+271/-0)
modules/arch/win32/mod_isapi.mak (+353/-0)
modules/arch/win32/mod_win32.c (+563/-0)
modules/cache/.indent.pro (+54/-0)
modules/cache/Makefile.in (+3/-0)
modules/cache/NWGNUcach_dsk (+262/-0)
modules/cache/NWGNUcach_socache (+263/-0)
modules/cache/NWGNUmakefile (+250/-0)
modules/cache/NWGNUmod_cach (+265/-0)
modules/cache/NWGNUsocachdbm (+261/-0)
modules/cache/NWGNUsocachmem (+261/-0)
modules/cache/NWGNUsocachshmcb (+261/-0)
modules/cache/cache_common.h (+56/-0)
modules/cache/cache_disk_common.h (+68/-0)
modules/cache/cache_socache_common.h (+57/-0)
modules/cache/cache_storage.c (+791/-0)
modules/cache/cache_storage.h (+76/-0)
modules/cache/cache_util.c (+1344/-0)
modules/cache/cache_util.h (+341/-0)
modules/cache/config.m4 (+142/-0)
modules/cache/mod_cache.c (+2717/-0)
modules/cache/mod_cache.dep (+194/-0)
modules/cache/mod_cache.dsp (+131/-0)
modules/cache/mod_cache.h (+192/-0)
modules/cache/mod_cache.mak (+370/-0)
modules/cache/mod_cache_disk.c (+1584/-0)
modules/cache/mod_cache_disk.dep (+59/-0)
modules/cache/mod_cache_disk.dsp (+115/-0)
modules/cache/mod_cache_disk.h (+91/-0)
modules/cache/mod_cache_disk.mak (+381/-0)
modules/cache/mod_cache_socache.c (+1542/-0)
modules/cache/mod_cache_socache.dep (+67/-0)
modules/cache/mod_cache_socache.dsp (+115/-0)
modules/cache/mod_cache_socache.mak (+381/-0)
modules/cache/mod_file_cache.c (+414/-0)
modules/cache/mod_file_cache.dep (+56/-0)
modules/cache/mod_file_cache.dsp (+111/-0)
modules/cache/mod_file_cache.exp (+1/-0)
modules/cache/mod_file_cache.mak (+353/-0)
modules/cache/mod_socache_dbm.c (+595/-0)
modules/cache/mod_socache_dbm.dep (+60/-0)
modules/cache/mod_socache_dbm.dsp (+111/-0)
modules/cache/mod_socache_dbm.mak (+353/-0)
modules/cache/mod_socache_dc.c (+198/-0)
modules/cache/mod_socache_dc.dep (+55/-0)
modules/cache/mod_socache_dc.dsp (+111/-0)
modules/cache/mod_socache_dc.mak (+353/-0)
modules/cache/mod_socache_memcache.c (+431/-0)
modules/cache/mod_socache_memcache.dep (+59/-0)
modules/cache/mod_socache_memcache.dsp (+111/-0)
modules/cache/mod_socache_memcache.mak (+353/-0)
modules/cache/mod_socache_shmcb.c (+1072/-0)
modules/cache/mod_socache_shmcb.dep (+56/-0)
modules/cache/mod_socache_shmcb.dsp (+111/-0)
modules/cache/mod_socache_shmcb.mak (+353/-0)
modules/cluster/Makefile.in (+3/-0)
modules/cluster/NWGNUmakefile (+246/-0)
modules/cluster/NWGNUmodheartbeat (+257/-0)
modules/cluster/NWGNUmodheartmonitor (+257/-0)
modules/cluster/README.heartbeat (+33/-0)
modules/cluster/README.heartmonitor (+30/-0)
modules/cluster/config5.m4 (+17/-0)
modules/cluster/mod_heartbeat.c (+228/-0)
modules/cluster/mod_heartbeat.dep (+55/-0)
modules/cluster/mod_heartbeat.dsp (+123/-0)
modules/cluster/mod_heartbeat.mak (+380/-0)
modules/cluster/mod_heartmonitor.c (+918/-0)
modules/cluster/mod_heartmonitor.dep (+63/-0)
modules/cluster/mod_heartmonitor.dsp (+123/-0)
modules/cluster/mod_heartmonitor.mak (+380/-0)
modules/config7.m4 (+56/-0)
modules/core/Makefile.in (+3/-0)
modules/core/NWGNUmakefile (+257/-0)
modules/core/config.m4 (+60/-0)
modules/core/mod_macro.c (+955/-0)
modules/core/mod_macro.dep (+45/-0)
modules/core/mod_macro.dsp (+111/-0)
modules/core/mod_macro.mak (+353/-0)
modules/core/mod_so.c (+442/-0)
modules/core/mod_so.h (+38/-0)
modules/core/mod_watchdog.c (+723/-0)
modules/core/mod_watchdog.dep (+59/-0)
modules/core/mod_watchdog.dsp (+115/-0)
modules/core/mod_watchdog.h (+213/-0)
modules/core/mod_watchdog.mak (+353/-0)
modules/core/test/Makefile (+67/-0)
modules/core/test/conf/inc63_1.conf (+5/-0)
modules/core/test/conf/inc63_2.conf (+3/-0)
modules/core/test/conf/test01.conf (+3/-0)
modules/core/test/conf/test02.conf (+3/-0)
modules/core/test/conf/test03.conf (+5/-0)
modules/core/test/conf/test04.conf (+5/-0)
modules/core/test/conf/test05.conf (+5/-0)
modules/core/test/conf/test06.conf (+6/-0)
modules/core/test/conf/test07.conf (+3/-0)
modules/core/test/conf/test08.conf (+3/-0)
modules/core/test/conf/test09.conf (+6/-0)
modules/core/test/conf/test10.conf (+10/-0)
modules/core/test/conf/test11.conf (+15/-0)
modules/core/test/conf/test12.conf (+12/-0)
modules/core/test/conf/test13.conf (+18/-0)
modules/core/test/conf/test14.conf (+23/-0)
modules/core/test/conf/test15.conf (+9/-0)
modules/core/test/conf/test16.conf (+11/-0)
modules/core/test/conf/test17.conf (+10/-0)
modules/core/test/conf/test18.conf (+10/-0)
modules/core/test/conf/test19.conf (+26/-0)
modules/core/test/conf/test20.conf (+11/-0)
modules/core/test/conf/test21.conf (+11/-0)
modules/core/test/conf/test22.conf (+11/-0)
modules/core/test/conf/test23.conf (+15/-0)
modules/core/test/conf/test24.conf (+23/-0)
modules/core/test/conf/test25.conf (+27/-0)
modules/core/test/conf/test26.conf (+19/-0)
modules/core/test/conf/test27.conf (+22/-0)
modules/core/test/conf/test28.conf (+13/-0)
modules/core/test/conf/test29.conf (+10/-0)
modules/core/test/conf/test30.conf (+12/-0)
modules/core/test/conf/test31.conf (+16/-0)
modules/core/test/conf/test32.conf (+7/-0)
modules/core/test/conf/test33.conf (+3/-0)
modules/core/test/conf/test34.conf (+14/-0)
modules/core/test/conf/test35.conf (+10/-0)
modules/core/test/conf/test36.conf (+12/-0)
modules/core/test/conf/test37.conf (+7/-0)
modules/core/test/conf/test38.conf (+10/-0)
modules/core/test/conf/test39.conf (+23/-0)
modules/core/test/conf/test40.conf (+33/-0)
modules/core/test/conf/test41.conf (+20/-0)
modules/core/test/conf/test42.conf (+13/-0)
modules/core/test/conf/test43.conf (+29/-0)
modules/core/test/conf/test44.conf (+19/-0)
modules/core/test/conf/test45.conf (+7/-0)
modules/core/test/conf/test46.conf (+11/-0)
modules/core/test/conf/test47.conf (+15/-0)
modules/core/test/conf/test48.conf (+23/-0)
modules/core/test/conf/test49.conf (+2/-0)
modules/core/test/conf/test50.conf (+5/-0)
modules/core/test/conf/test51.conf (+9/-0)
modules/core/test/conf/test52.conf (+8/-0)
modules/core/test/conf/test53.conf (+2/-0)
modules/core/test/conf/test54.conf (+6/-0)
modules/core/test/conf/test55.conf (+11/-0)
modules/core/test/conf/test56.conf (+18/-0)
modules/core/test/conf/test57.conf (+4/-0)
modules/core/test/conf/test58.conf (+4/-0)
modules/core/test/conf/test59.conf (+4/-0)
modules/core/test/conf/test60.conf (+17/-0)
modules/core/test/conf/test61.conf (+18/-0)
modules/core/test/conf/test62.conf (+25/-0)
modules/core/test/conf/test63.conf (+9/-0)
modules/core/test/conf/test64.conf (+5/-0)
modules/core/test/conf/test65.conf (+11/-0)
modules/core/test/conf/test66.conf (+7/-0)
modules/core/test/conf/test67.conf (+1/-0)
modules/core/test/conf/test68.conf (+5/-0)
modules/core/test/conf/test69.conf (+14/-0)
modules/core/test/ref/test01.out (+3/-0)
modules/core/test/ref/test02.out (+3/-0)
modules/core/test/ref/test03.out (+3/-0)
modules/core/test/ref/test04.out (+3/-0)
modules/core/test/ref/test05.out (+3/-0)
modules/core/test/ref/test06.out (+3/-0)
modules/core/test/ref/test07.out (+3/-0)
modules/core/test/ref/test08.out (+3/-0)
modules/core/test/ref/test09.out (+3/-0)
modules/core/test/ref/test10.out (+3/-0)
modules/core/test/ref/test11.out (+6/-0)
modules/core/test/ref/test12.out (+7/-0)
modules/core/test/ref/test13.out (+8/-0)
modules/core/test/ref/test14.out (+14/-0)
modules/core/test/ref/test15.out (+6/-0)
modules/core/test/ref/test16.out (+5/-0)
modules/core/test/ref/test17.out (+7/-0)
modules/core/test/ref/test18.out (+7/-0)
modules/core/test/ref/test19.out (+9/-0)
modules/core/test/ref/test20.out (+4/-0)
modules/core/test/ref/test21.out (+5/-0)
modules/core/test/ref/test22.out (+6/-0)
modules/core/test/ref/test23.out (+7/-0)
modules/core/test/ref/test24.out (+8/-0)
modules/core/test/ref/test25.out (+9/-0)
modules/core/test/ref/test26.out (+11/-0)
modules/core/test/ref/test27.out (+8/-0)
modules/core/test/ref/test28.out (+6/-0)
modules/core/test/ref/test29.out (+4/-0)
modules/core/test/ref/test30.out (+7/-0)
modules/core/test/ref/test31.out (+23/-0)
modules/core/test/ref/test32.out (+3/-0)
modules/core/test/ref/test33.out (+3/-0)
modules/core/test/ref/test34.out (+13/-0)
modules/core/test/ref/test35.out (+13/-0)
modules/core/test/ref/test36.out (+20/-0)
modules/core/test/ref/test37.out (+3/-0)
modules/core/test/ref/test38.out (+6/-0)
modules/core/test/ref/test39.out (+7/-0)
modules/core/test/ref/test40.out (+18/-0)
modules/core/test/ref/test41.out (+9/-0)
modules/core/test/ref/test42.out (+15/-0)
modules/core/test/ref/test43.out (+8/-0)
modules/core/test/ref/test44.out (+5/-0)
modules/core/test/ref/test45.out (+19/-0)
modules/core/test/ref/test46.out (+9/-0)
modules/core/test/ref/test47.out (+8/-0)
modules/core/test/ref/test48.out (+20/-0)
modules/core/test/ref/test49.out (+3/-0)
modules/core/test/ref/test50.out (+3/-0)
modules/core/test/ref/test51.out (+3/-0)
modules/core/test/ref/test52.out (+6/-0)
modules/core/test/ref/test53.out (+3/-0)
modules/core/test/ref/test54.out (+6/-0)
modules/core/test/ref/test55.out (+8/-0)
modules/core/test/ref/test56.out (+12/-0)
modules/core/test/ref/test57.out (+3/-0)
modules/core/test/ref/test58.out (+3/-0)
modules/core/test/ref/test59.out (+3/-0)
modules/core/test/ref/test60.out (+15/-0)
modules/core/test/ref/test61.out (+9/-0)
modules/core/test/ref/test62.out (+15/-0)
modules/core/test/ref/test63.out (+10/-0)
modules/core/test/ref/test64.out (+7/-0)
modules/core/test/ref/test65.out (+7/-0)
modules/core/test/ref/test66.out (+7/-0)
modules/core/test/ref/test67.out (+5/-0)
modules/core/test/ref/test68.out (+6/-0)
modules/core/test/ref/test69.out (+10/-0)
modules/database/Makefile.in (+3/-0)
modules/database/NWGNUmakefile (+262/-0)
modules/database/config.m4 (+8/-0)
modules/database/mod_dbd.c (+992/-0)
modules/database/mod_dbd.dep (+58/-0)
modules/database/mod_dbd.dsp (+115/-0)
modules/database/mod_dbd.h (+123/-0)
modules/database/mod_dbd.mak (+353/-0)
modules/dav/fs/Makefile.in (+3/-0)
modules/dav/fs/NWGNUmakefile (+269/-0)
modules/dav/fs/config6.m4 (+23/-0)
modules/dav/fs/dbm.c (+771/-0)
modules/dav/fs/lock.c (+1445/-0)
modules/dav/fs/mod_dav_fs.c (+108/-0)
modules/dav/fs/mod_dav_fs.dep (+203/-0)
modules/dav/fs/mod_dav_fs.dsp (+135/-0)
modules/dav/fs/mod_dav_fs.mak (+407/-0)
modules/dav/fs/repos.c (+2254/-0)
modules/dav/fs/repos.h (+84/-0)
modules/dav/lock/Makefile.in (+3/-0)
modules/dav/lock/NWGNUmakefile (+259/-0)
modules/dav/lock/config6.m4 (+17/-0)
modules/dav/lock/locks.c (+1211/-0)
modules/dav/lock/locks.h (+33/-0)
modules/dav/lock/mod_dav_lock.c (+104/-0)
modules/dav/lock/mod_dav_lock.dep (+100/-0)
modules/dav/lock/mod_dav_lock.dsp (+127/-0)
modules/dav/lock/mod_dav_lock.mak (+389/-0)
modules/dav/main/Makefile.in (+3/-0)
modules/dav/main/NWGNUmakefile (+268/-0)
modules/dav/main/config5.m4 (+21/-0)
modules/dav/main/liveprop.c (+140/-0)
modules/dav/main/mod_dav.c (+4946/-0)
modules/dav/main/mod_dav.dep (+354/-0)
modules/dav/main/mod_dav.dsp (+147/-0)
modules/dav/main/mod_dav.h (+2553/-0)
modules/dav/main/mod_dav.mak (+406/-0)
modules/dav/main/props.c (+1125/-0)
modules/dav/main/providers.c (+58/-0)
modules/dav/main/std_liveprop.c (+226/-0)
modules/dav/main/util.c (+2152/-0)
modules/dav/main/util_lock.c (+798/-0)
modules/debugging/Makefile.in (+3/-0)
modules/debugging/NWGNUmakefile (+246/-0)
modules/debugging/NWGNUmodbucketeer (+248/-0)
modules/debugging/NWGNUmoddumpio (+248/-0)
modules/debugging/README (+1/-0)
modules/debugging/config.m4 (+7/-0)
modules/debugging/mod_bucketeer.c (+187/-0)
modules/debugging/mod_bucketeer.dep (+53/-0)
modules/debugging/mod_bucketeer.dsp (+111/-0)
modules/debugging/mod_bucketeer.mak (+353/-0)
modules/debugging/mod_dumpio.c (+250/-0)
modules/debugging/mod_dumpio.dep (+50/-0)
modules/debugging/mod_dumpio.dsp (+111/-0)
modules/debugging/mod_dumpio.mak (+353/-0)
modules/echo/.indent.pro (+54/-0)
modules/echo/Makefile.in (+3/-0)
modules/echo/NWGNUmakefile (+257/-0)
modules/echo/config.m4 (+9/-0)
modules/echo/mod_echo.c (+218/-0)
modules/echo/mod_echo.dep (+56/-0)
modules/echo/mod_echo.dsp (+111/-0)
modules/echo/mod_echo.mak (+353/-0)
modules/examples/Makefile.in (+3/-0)
modules/examples/NWGNUcase_flt (+256/-0)
modules/examples/NWGNUcase_flt_in (+256/-0)
modules/examples/NWGNUexample_hooks (+257/-0)
modules/examples/NWGNUexample_ipc (+257/-0)
modules/examples/NWGNUmakefile (+257/-0)
modules/examples/README (+54/-0)
modules/examples/config.m4 (+9/-0)
modules/examples/mod_case_filter.c (+139/-0)
modules/examples/mod_case_filter.dep (+46/-0)
modules/examples/mod_case_filter.dsp (+111/-0)
modules/examples/mod_case_filter.mak (+353/-0)
modules/examples/mod_case_filter_in.c (+160/-0)
modules/examples/mod_case_filter_in.dep (+46/-0)
modules/examples/mod_case_filter_in.dsp (+111/-0)
modules/examples/mod_case_filter_in.mak (+353/-0)
modules/examples/mod_example_hooks.c (+1534/-0)
modules/examples/mod_example_hooks.dep (+62/-0)
modules/examples/mod_example_hooks.dsp (+111/-0)
modules/examples/mod_example_hooks.mak (+353/-0)
modules/examples/mod_example_ipc.c (+356/-0)
modules/examples/mod_example_ipc.dep (+56/-0)
modules/examples/mod_example_ipc.dsp (+111/-0)
modules/examples/mod_example_ipc.mak (+353/-0)
modules/experimental/.indent.pro (+54/-0)
modules/experimental/Makefile.in (+3/-0)
modules/experimental/NWGNUmakefile (+253/-0)
modules/experimental/config.m4 (+4/-0)
modules/filters/.indent.pro (+54/-0)
modules/filters/Makefile.in (+3/-0)
modules/filters/NWGNUcharsetl (+257/-0)
modules/filters/NWGNUdeflate (+279/-0)
modules/filters/NWGNUextfiltr (+248/-0)
modules/filters/NWGNUmakefile (+273/-0)
modules/filters/NWGNUmod_data (+248/-0)
modules/filters/NWGNUmod_filter (+248/-0)
modules/filters/NWGNUmod_request (+248/-0)
modules/filters/NWGNUmodbuffer (+256/-0)
modules/filters/NWGNUmodsed (+259/-0)
modules/filters/NWGNUproxyhtml (+261/-0)
modules/filters/NWGNUratelimit (+256/-0)
modules/filters/NWGNUreflector (+256/-0)
modules/filters/NWGNUreqtimeout (+256/-0)
modules/filters/NWGNUsubstitute (+256/-0)
modules/filters/NWGNUxml2enc (+258/-0)
modules/filters/config.m4 (+197/-0)
modules/filters/libsed.h (+172/-0)
modules/filters/mod_brotli.c (+592/-0)
modules/filters/mod_brotli.dep (+45/-0)
modules/filters/mod_brotli.dsp (+111/-0)
modules/filters/mod_brotli.mak (+353/-0)
modules/filters/mod_buffer.c (+353/-0)
modules/filters/mod_buffer.dep (+48/-0)
modules/filters/mod_buffer.dsp (+111/-0)
modules/filters/mod_buffer.mak (+353/-0)
modules/filters/mod_charset_lite.c (+1142/-0)
modules/filters/mod_charset_lite.dep (+60/-0)
modules/filters/mod_charset_lite.dsp (+111/-0)
modules/filters/mod_charset_lite.exp (+1/-0)
modules/filters/mod_charset_lite.mak (+353/-0)
modules/filters/mod_data.c (+255/-0)
modules/filters/mod_data.dep (+55/-0)
modules/filters/mod_data.dsp (+111/-0)
modules/filters/mod_data.mak (+353/-0)
modules/filters/mod_deflate.c (+1912/-0)
modules/filters/mod_deflate.dep (+52/-0)
modules/filters/mod_deflate.dsp (+111/-0)
modules/filters/mod_deflate.exp (+1/-0)
modules/filters/mod_deflate.mak (+353/-0)
modules/filters/mod_ext_filter.c (+956/-0)
modules/filters/mod_ext_filter.dep (+58/-0)
modules/filters/mod_ext_filter.dsp (+111/-0)
modules/filters/mod_ext_filter.exp (+1/-0)
modules/filters/mod_ext_filter.mak (+353/-0)
modules/filters/mod_filter.c (+767/-0)
modules/filters/mod_filter.dep (+50/-0)
modules/filters/mod_filter.dsp (+111/-0)
modules/filters/mod_filter.mak (+353/-0)
modules/filters/mod_include.c (+4236/-0)
modules/filters/mod_include.dep (+63/-0)
modules/filters/mod_include.dsp (+115/-0)
modules/filters/mod_include.exp (+1/-0)
modules/filters/mod_include.h (+120/-0)
modules/filters/mod_include.mak (+353/-0)
modules/filters/mod_proxy_html.c (+1281/-0)
modules/filters/mod_proxy_html.dep (+58/-0)
modules/filters/mod_proxy_html.dsp (+123/-0)
modules/filters/mod_proxy_html.mak (+352/-0)
modules/filters/mod_ratelimit.c (+356/-0)
modules/filters/mod_ratelimit.dep (+45/-0)
modules/filters/mod_ratelimit.dsp (+115/-0)
modules/filters/mod_ratelimit.h (+51/-0)
modules/filters/mod_ratelimit.mak (+353/-0)
modules/filters/mod_reflector.c (+226/-0)
modules/filters/mod_reflector.dep (+57/-0)
modules/filters/mod_reflector.dsp (+111/-0)
modules/filters/mod_reflector.mak (+353/-0)
modules/filters/mod_reqtimeout.c (+657/-0)
modules/filters/mod_reqtimeout.dep (+58/-0)
modules/filters/mod_reqtimeout.dsp (+111/-0)
modules/filters/mod_reqtimeout.mak (+353/-0)
modules/filters/mod_request.c (+397/-0)
modules/filters/mod_request.dep (+55/-0)
modules/filters/mod_request.dsp (+115/-0)
modules/filters/mod_request.mak (+353/-0)
modules/filters/mod_sed.c (+537/-0)
modules/filters/mod_sed.dep (+109/-0)
modules/filters/mod_sed.dsp (+135/-0)
modules/filters/mod_sed.mak (+380/-0)
modules/filters/mod_substitute.c (+730/-0)
modules/filters/mod_substitute.dep (+53/-0)
modules/filters/mod_substitute.dsp (+111/-0)
modules/filters/mod_substitute.mak (+353/-0)
modules/filters/mod_xml2enc.c (+631/-0)
modules/filters/mod_xml2enc.dep (+54/-0)
modules/filters/mod_xml2enc.dsp (+123/-0)
modules/filters/mod_xml2enc.h (+55/-0)
modules/filters/mod_xml2enc.mak (+352/-0)
modules/filters/regexp.c (+599/-0)
modules/filters/regexp.h (+112/-0)
modules/filters/sed.h (+61/-0)
modules/filters/sed0.c (+1026/-0)
modules/filters/sed1.c (+1020/-0)
modules/generators/.indent.pro (+54/-0)
modules/generators/Makefile.in (+3/-0)
modules/generators/NWGNUautoindex (+249/-0)
modules/generators/NWGNUinfo (+248/-0)
modules/generators/NWGNUmakefile (+249/-0)
modules/generators/NWGNUmod_asis (+249/-0)
modules/generators/NWGNUmod_cgi (+249/-0)
modules/generators/NWGNUstatus (+248/-0)
modules/generators/config5.m4 (+81/-0)
modules/generators/mod_asis.c (+128/-0)
modules/generators/mod_asis.dep (+56/-0)
modules/generators/mod_asis.dsp (+111/-0)
modules/generators/mod_asis.exp (+1/-0)
modules/generators/mod_asis.mak (+353/-0)
modules/generators/mod_autoindex.c (+2348/-0)
modules/generators/mod_autoindex.dep (+61/-0)
modules/generators/mod_autoindex.dsp (+111/-0)
modules/generators/mod_autoindex.exp (+1/-0)
modules/generators/mod_autoindex.mak (+353/-0)
modules/generators/mod_cgi.c (+1281/-0)
modules/generators/mod_cgi.dep (+64/-0)
modules/generators/mod_cgi.dsp (+115/-0)
modules/generators/mod_cgi.exp (+1/-0)
modules/generators/mod_cgi.h (+67/-0)
modules/generators/mod_cgi.mak (+353/-0)
modules/generators/mod_cgid.c (+1980/-0)
modules/generators/mod_cgid.exp (+1/-0)
modules/generators/mod_info.c (+1011/-0)
modules/generators/mod_info.dep (+66/-0)
modules/generators/mod_info.dsp (+111/-0)
modules/generators/mod_info.exp (+1/-0)
modules/generators/mod_info.mak (+353/-0)
modules/generators/mod_status.c (+1014/-0)
modules/generators/mod_status.dep (+60/-0)
modules/generators/mod_status.dsp (+111/-0)
modules/generators/mod_status.exp (+1/-0)
modules/generators/mod_status.h (+64/-0)
modules/generators/mod_status.mak (+353/-0)
modules/generators/mod_suexec.c (+139/-0)
modules/generators/mod_suexec.h (+33/-0)
modules/http/.indent.pro (+54/-0)
modules/http/Makefile.in (+3/-0)
modules/http/byterange_filter.c (+611/-0)
modules/http/chunk_filter.c (+196/-0)
modules/http/config.m4 (+20/-0)
modules/http/http_core.c (+328/-0)
modules/http/http_etag.c (+220/-0)
modules/http/http_filters.c (+1907/-0)
modules/http/http_protocol.c (+1690/-0)
modules/http/http_request.c (+836/-0)
modules/http/mod_mime.c (+1026/-0)
modules/http/mod_mime.dep (+55/-0)
modules/http/mod_mime.dsp (+111/-0)
modules/http/mod_mime.exp (+1/-0)
modules/http/mod_mime.mak (+353/-0)
modules/http2/.gitignore (+35/-0)
modules/http2/Makefile.in (+20/-0)
modules/http2/NWGNUmakefile (+246/-0)
modules/http2/NWGNUmod_http2 (+395/-0)
modules/http2/NWGNUproxyht2 (+288/-0)
modules/http2/README.h2 (+70/-0)
modules/http2/config2.m4 (+235/-0)
modules/http2/h2.h (+160/-0)
modules/http2/h2_alt_svc.c (+130/-0)
modules/http2/h2_alt_svc.h (+39/-0)
modules/http2/h2_bucket_beam.c (+1273/-0)
modules/http2/h2_bucket_beam.h (+405/-0)
modules/http2/h2_bucket_eos.c (+111/-0)
modules/http2/h2_bucket_eos.h (+31/-0)
modules/http2/h2_config.c (+677/-0)
modules/http2/h2_config.h (+103/-0)
modules/http2/h2_conn.c (+366/-0)
modules/http2/h2_conn.h (+76/-0)
modules/http2/h2_conn_io.c (+388/-0)
modules/http2/h2_conn_io.h (+76/-0)
modules/http2/h2_ctx.c (+120/-0)
modules/http2/h2_ctx.h (+77/-0)
modules/http2/h2_filter.c (+560/-0)
modules/http2/h2_filter.h (+72/-0)
modules/http2/h2_from_h1.c (+862/-0)
modules/http2/h2_from_h1.h (+49/-0)
modules/http2/h2_h2.c (+765/-0)
modules/http2/h2_h2.h (+78/-0)
modules/http2/h2_headers.c (+177/-0)
modules/http2/h2_headers.h (+76/-0)
modules/http2/h2_mplx.c (+1270/-0)
modules/http2/h2_mplx.h (+329/-0)
modules/http2/h2_ngn_shed.c (+391/-0)
modules/http2/h2_ngn_shed.h (+78/-0)
modules/http2/h2_private.h (+27/-0)
modules/http2/h2_proxy_session.c (+1583/-0)
modules/http2/h2_proxy_session.h (+127/-0)
modules/http2/h2_proxy_util.c (+1336/-0)
modules/http2/h2_proxy_util.h (+255/-0)
modules/http2/h2_push.c (+1059/-0)
modules/http2/h2_push.h (+118/-0)
modules/http2/h2_request.c (+337/-0)
modules/http2/h2_request.h (+47/-0)
modules/http2/h2_session.c (+2288/-0)
modules/http2/h2_session.h (+224/-0)
modules/http2/h2_stream.c (+1083/-0)
modules/http2/h2_stream.h (+314/-0)
modules/http2/h2_switch.c (+194/-0)
modules/http2/h2_switch.h (+29/-0)
modules/http2/h2_task.c (+761/-0)
modules/http2/h2_task.h (+126/-0)
modules/http2/h2_util.c (+2010/-0)
modules/http2/h2_util.h (+543/-0)
modules/http2/h2_version.h (+40/-0)
modules/http2/h2_workers.c (+371/-0)
modules/http2/h2_workers.h (+82/-0)
modules/http2/mod_http2.c (+383/-0)
modules/http2/mod_http2.dep (+1433/-0)
modules/http2/mod_http2.dsp (+195/-0)
modules/http2/mod_http2.h (+95/-0)
modules/http2/mod_http2.mak (+542/-0)
modules/http2/mod_proxy_http2.c (+670/-0)
modules/http2/mod_proxy_http2.dep (+208/-0)
modules/http2/mod_proxy_http2.dsp (+119/-0)
modules/http2/mod_proxy_http2.h (+20/-0)
modules/http2/mod_proxy_http2.mak (+427/-0)
modules/ldap/Makefile.in (+3/-0)
modules/ldap/NWGNUmakefile (+264/-0)
modules/ldap/README.ldap (+47/-0)
modules/ldap/config.m4 (+25/-0)
modules/ldap/mod_ldap.dep (+192/-0)
modules/ldap/mod_ldap.dsp (+127/-0)
modules/ldap/mod_ldap.mak (+371/-0)
modules/ldap/util_ldap.c (+3222/-0)
modules/ldap/util_ldap_cache.c (+464/-0)
modules/ldap/util_ldap_cache.h (+204/-0)
modules/ldap/util_ldap_cache_mgr.c (+882/-0)
modules/loggers/.indent.pro (+54/-0)
modules/loggers/Makefile.in (+3/-0)
modules/loggers/NWGNUforensic (+258/-0)
modules/loggers/NWGNUlogdebug (+258/-0)
modules/loggers/NWGNUmakefile (+247/-0)
modules/loggers/NWGNUmodlogio (+258/-0)
modules/loggers/config.m4 (+20/-0)
modules/loggers/mod_log_config.c (+1858/-0)
modules/loggers/mod_log_config.dep (+62/-0)
modules/loggers/mod_log_config.dsp (+111/-0)
modules/loggers/mod_log_config.exp (+1/-0)
modules/loggers/mod_log_config.h (+74/-0)
modules/loggers/mod_log_config.mak (+353/-0)
modules/loggers/mod_log_debug.c (+287/-0)
modules/loggers/mod_log_debug.dep (+54/-0)
modules/loggers/mod_log_debug.dsp (+111/-0)
modules/loggers/mod_log_debug.mak (+325/-0)
modules/loggers/mod_log_forensic.c (+289/-0)
modules/loggers/mod_log_forensic.dep (+53/-0)
modules/loggers/mod_log_forensic.dsp (+111/-0)
modules/loggers/mod_log_forensic.exp (+1/-0)
modules/loggers/mod_log_forensic.mak (+353/-0)
modules/loggers/mod_logio.c (+284/-0)
modules/loggers/mod_logio.dep (+59/-0)
modules/loggers/mod_logio.dsp (+111/-0)
modules/loggers/mod_logio.mak (+353/-0)
modules/lua/Makefile.in (+3/-0)
modules/lua/NWGNUmakefile (+287/-0)
modules/lua/README (+54/-0)
modules/lua/config.m4 (+113/-0)
modules/lua/docs/README (+12/-0)
modules/lua/docs/basic-configuration.txt (+141/-0)
modules/lua/docs/building-from-subversion.txt (+72/-0)
modules/lua/docs/running-developer-tests.txt (+16/-0)
modules/lua/docs/writing-handlers.txt (+49/-0)
modules/lua/lua_apr.c (+104/-0)
modules/lua/lua_apr.h (+36/-0)
modules/lua/lua_config.c (+277/-0)
modules/lua/lua_config.h (+31/-0)
modules/lua/lua_dbd.c (+843/-0)
modules/lua/lua_dbd.h (+66/-0)
modules/lua/lua_passwd.c (+178/-0)
modules/lua/lua_passwd.h (+90/-0)
modules/lua/lua_request.c (+3024/-0)
modules/lua/lua_request.h (+58/-0)
modules/lua/lua_vmprep.c (+551/-0)
modules/lua/lua_vmprep.h (+147/-0)
modules/lua/mod_lua.c (+2174/-0)
modules/lua/mod_lua.dep (+418/-0)
modules/lua/mod_lua.dsp (+163/-0)
modules/lua/mod_lua.h (+177/-0)
modules/lua/mod_lua.mak (+407/-0)
modules/lua/test/helpers.lua (+36/-0)
modules/lua/test/htdocs/config_tests.lua (+37/-0)
modules/lua/test/htdocs/filters.lua (+7/-0)
modules/lua/test/htdocs/find_me.txt (+1/-0)
modules/lua/test/htdocs/headers.lua (+6/-0)
modules/lua/test/htdocs/hooks.lua (+29/-0)
modules/lua/test/htdocs/other.lua (+21/-0)
modules/lua/test/htdocs/simple.lua (+4/-0)
modules/lua/test/htdocs/test.lua (+129/-0)
modules/lua/test/lib/kangaroo.lua (+19/-0)
modules/lua/test/moonunit.lua (+52/-0)
modules/lua/test/test.lua (+126/-0)
modules/lua/test/test_httpd.conf (+31/-0)
modules/mappers/.indent.pro (+54/-0)
modules/mappers/Makefile.in (+3/-0)
modules/mappers/NWGNUactions (+248/-0)
modules/mappers/NWGNUimagemap (+249/-0)
modules/mappers/NWGNUmakefile (+250/-0)
modules/mappers/NWGNUrewrite (+250/-0)
modules/mappers/NWGNUspeling (+248/-0)
modules/mappers/NWGNUuserdir (+249/-0)
modules/mappers/NWGNUvhost (+249/-0)
modules/mappers/config9.m4 (+19/-0)
modules/mappers/mod_actions.c (+230/-0)
modules/mappers/mod_actions.dep (+58/-0)
modules/mappers/mod_actions.dsp (+111/-0)
modules/mappers/mod_actions.exp (+1/-0)
modules/mappers/mod_actions.mak (+353/-0)
modules/mappers/mod_alias.c (+726/-0)
modules/mappers/mod_alias.dep (+51/-0)
modules/mappers/mod_alias.dsp (+111/-0)
modules/mappers/mod_alias.exp (+1/-0)
modules/mappers/mod_alias.mak (+353/-0)
modules/mappers/mod_dir.c (+417/-0)
modules/mappers/mod_dir.dep (+60/-0)
modules/mappers/mod_dir.dsp (+111/-0)
modules/mappers/mod_dir.exp (+1/-0)
modules/mappers/mod_dir.mak (+353/-0)
modules/mappers/mod_imagemap.c (+897/-0)
modules/mappers/mod_imagemap.dep (+60/-0)
modules/mappers/mod_imagemap.dsp (+111/-0)
modules/mappers/mod_imagemap.exp (+1/-0)
modules/mappers/mod_imagemap.mak (+353/-0)
modules/mappers/mod_negotiation.c (+3228/-0)
modules/mappers/mod_negotiation.dep (+58/-0)
modules/mappers/mod_negotiation.dsp (+111/-0)
modules/mappers/mod_negotiation.exp (+1/-0)
modules/mappers/mod_negotiation.mak (+353/-0)
modules/mappers/mod_rewrite.c (+5326/-0)
modules/mappers/mod_rewrite.dep (+65/-0)
modules/mappers/mod_rewrite.dsp (+111/-0)
modules/mappers/mod_rewrite.exp (+1/-0)
modules/mappers/mod_rewrite.h (+42/-0)
modules/mappers/mod_rewrite.mak (+353/-0)
modules/mappers/mod_speling.c (+533/-0)
modules/mappers/mod_speling.dep (+51/-0)
modules/mappers/mod_speling.dsp (+111/-0)
modules/mappers/mod_speling.exp (+1/-0)
modules/mappers/mod_speling.mak (+353/-0)
modules/mappers/mod_userdir.c (+390/-0)
modules/mappers/mod_userdir.dep (+46/-0)
modules/mappers/mod_userdir.dsp (+111/-0)
modules/mappers/mod_userdir.exp (+1/-0)
modules/mappers/mod_userdir.mak (+353/-0)
modules/mappers/mod_vhost_alias.c (+457/-0)
modules/mappers/mod_vhost_alias.dep (+50/-0)
modules/mappers/mod_vhost_alias.dsp (+111/-0)
modules/mappers/mod_vhost_alias.exp (+1/-0)
modules/mappers/mod_vhost_alias.mak (+353/-0)
modules/metadata/.indent.pro (+54/-0)
modules/metadata/Makefile.in (+3/-0)
modules/metadata/NWGNUcernmeta (+248/-0)
modules/metadata/NWGNUexpires (+248/-0)
modules/metadata/NWGNUheaders (+249/-0)
modules/metadata/NWGNUmakefile (+254/-0)
modules/metadata/NWGNUmimemagi (+248/-0)
modules/metadata/NWGNUmodident (+248/-0)
modules/metadata/NWGNUmodversion (+248/-0)
modules/metadata/NWGNUremoteip (+248/-0)
modules/metadata/NWGNUuniqueid (+257/-0)
modules/metadata/NWGNUusertrk (+248/-0)
modules/metadata/config.m4 (+24/-0)
modules/metadata/mod_cern_meta.c (+371/-0)
modules/metadata/mod_cern_meta.dep (+55/-0)
modules/metadata/mod_cern_meta.dsp (+111/-0)
modules/metadata/mod_cern_meta.exp (+1/-0)
modules/metadata/mod_cern_meta.mak (+353/-0)
modules/metadata/mod_env.c (+190/-0)
modules/metadata/mod_env.dep (+47/-0)
modules/metadata/mod_env.dsp (+111/-0)
modules/metadata/mod_env.exp (+1/-0)
modules/metadata/mod_env.mak (+353/-0)
modules/metadata/mod_expires.c (+571/-0)
modules/metadata/mod_expires.dep (+54/-0)
modules/metadata/mod_expires.dsp (+111/-0)
modules/metadata/mod_expires.exp (+1/-0)
modules/metadata/mod_expires.mak (+353/-0)
modules/metadata/mod_headers.c (+1020/-0)
modules/metadata/mod_headers.dep (+57/-0)
modules/metadata/mod_headers.dsp (+111/-0)
modules/metadata/mod_headers.exp (+1/-0)
modules/metadata/mod_headers.mak (+353/-0)
modules/metadata/mod_ident.c (+344/-0)
modules/metadata/mod_ident.dep (+52/-0)
modules/metadata/mod_ident.dsp (+111/-0)
modules/metadata/mod_ident.exp (+1/-0)
modules/metadata/mod_ident.mak (+353/-0)
modules/metadata/mod_mime_magic.c (+2471/-0)
modules/metadata/mod_mime_magic.dep (+58/-0)
modules/metadata/mod_mime_magic.dsp (+111/-0)
modules/metadata/mod_mime_magic.exp (+1/-0)
modules/metadata/mod_mime_magic.mak (+353/-0)
modules/metadata/mod_remoteip.c (+466/-0)
modules/metadata/mod_remoteip.dep (+53/-0)
modules/metadata/mod_remoteip.dsp (+111/-0)
modules/metadata/mod_remoteip.mak (+353/-0)
modules/metadata/mod_setenvif.c (+648/-0)
modules/metadata/mod_setenvif.dep (+56/-0)
modules/metadata/mod_setenvif.dsp (+111/-0)
modules/metadata/mod_setenvif.exp (+1/-0)
modules/metadata/mod_setenvif.mak (+353/-0)
modules/metadata/mod_unique_id.c (+316/-0)
modules/metadata/mod_unique_id.dep (+50/-0)
modules/metadata/mod_unique_id.dsp (+111/-0)
modules/metadata/mod_unique_id.exp (+1/-0)
modules/metadata/mod_unique_id.mak (+353/-0)
modules/metadata/mod_usertrack.c (+459/-0)
modules/metadata/mod_usertrack.dep (+51/-0)
modules/metadata/mod_usertrack.dsp (+111/-0)
modules/metadata/mod_usertrack.exp (+1/-0)
modules/metadata/mod_usertrack.mak (+353/-0)
modules/metadata/mod_version.c (+313/-0)
modules/metadata/mod_version.dep (+45/-0)
modules/metadata/mod_version.dsp (+111/-0)
modules/metadata/mod_version.exp (+1/-0)
modules/metadata/mod_version.mak (+353/-0)
modules/proxy/.indent.pro (+58/-0)
modules/proxy/CHANGES (+223/-0)
modules/proxy/Makefile.in (+4/-0)
modules/proxy/NWGNUmakefile (+259/-0)
modules/proxy/NWGNUproxy (+337/-0)
modules/proxy/NWGNUproxyajp (+264/-0)
modules/proxy/NWGNUproxybalancer (+260/-0)
modules/proxy/NWGNUproxycon (+251/-0)
modules/proxy/NWGNUproxyexpress (+256/-0)
modules/proxy/NWGNUproxyfcgi (+261/-0)
modules/proxy/NWGNUproxyftp (+260/-0)
modules/proxy/NWGNUproxyhcheck (+254/-0)
modules/proxy/NWGNUproxyhtp (+260/-0)
modules/proxy/NWGNUproxylbm_busy (+250/-0)
modules/proxy/NWGNUproxylbm_hb (+251/-0)
modules/proxy/NWGNUproxylbm_req (+251/-0)
modules/proxy/NWGNUproxylbm_traf (+251/-0)
modules/proxy/NWGNUproxyscgi (+260/-0)
modules/proxy/NWGNUproxywstunnel (+250/-0)
modules/proxy/ajp.h (+520/-0)
modules/proxy/ajp_header.c (+885/-0)
modules/proxy/ajp_header.h (+195/-0)
modules/proxy/ajp_link.c (+115/-0)
modules/proxy/ajp_msg.c (+641/-0)
modules/proxy/ajp_utils.c (+137/-0)
modules/proxy/balancers/Makefile.in (+3/-0)
modules/proxy/balancers/config2.m4 (+8/-0)
modules/proxy/balancers/mod_lbmethod_bybusyness.c (+161/-0)
modules/proxy/balancers/mod_lbmethod_bybusyness.dep (+76/-0)
modules/proxy/balancers/mod_lbmethod_bybusyness.dsp (+123/-0)
modules/proxy/balancers/mod_lbmethod_bybusyness.mak (+408/-0)
modules/proxy/balancers/mod_lbmethod_byrequests.c (+201/-0)
modules/proxy/balancers/mod_lbmethod_byrequests.dep (+76/-0)
modules/proxy/balancers/mod_lbmethod_byrequests.dsp (+123/-0)
modules/proxy/balancers/mod_lbmethod_byrequests.mak (+408/-0)
modules/proxy/balancers/mod_lbmethod_bytraffic.c (+170/-0)
modules/proxy/balancers/mod_lbmethod_bytraffic.dep (+76/-0)
modules/proxy/balancers/mod_lbmethod_bytraffic.dsp (+123/-0)
modules/proxy/balancers/mod_lbmethod_bytraffic.mak (+408/-0)
modules/proxy/balancers/mod_lbmethod_heartbeat.c (+467/-0)
modules/proxy/balancers/mod_lbmethod_heartbeat.dep (+77/-0)
modules/proxy/balancers/mod_lbmethod_heartbeat.dsp (+123/-0)
modules/proxy/balancers/mod_lbmethod_heartbeat.mak (+408/-0)
modules/proxy/config.m4 (+76/-0)
modules/proxy/libproxy.exp (+1/-0)
modules/proxy/mod_proxy.c (+2916/-0)
modules/proxy/mod_proxy.dep (+153/-0)
modules/proxy/mod_proxy.dsp (+127/-0)
modules/proxy/mod_proxy.h (+1211/-0)
modules/proxy/mod_proxy.mak (+361/-0)
modules/proxy/mod_proxy_ajp.c (+829/-0)
modules/proxy/mod_proxy_ajp.dep (+356/-0)
modules/proxy/mod_proxy_ajp.dsp (+151/-0)
modules/proxy/mod_proxy_ajp.mak (+416/-0)
modules/proxy/mod_proxy_balancer.c (+1829/-0)
modules/proxy/mod_proxy_balancer.dep (+76/-0)
modules/proxy/mod_proxy_balancer.dsp (+123/-0)
modules/proxy/mod_proxy_balancer.mak (+380/-0)
modules/proxy/mod_proxy_connect.c (+486/-0)
modules/proxy/mod_proxy_connect.dep (+73/-0)
modules/proxy/mod_proxy_connect.dsp (+123/-0)
modules/proxy/mod_proxy_connect.mak (+380/-0)
modules/proxy/mod_proxy_express.c (+221/-0)
modules/proxy/mod_proxy_express.dep (+74/-0)
modules/proxy/mod_proxy_express.dsp (+123/-0)
modules/proxy/mod_proxy_express.mak (+380/-0)
modules/proxy/mod_proxy_fcgi.c (+1174/-0)
modules/proxy/mod_proxy_fcgi.dep (+75/-0)
modules/proxy/mod_proxy_fcgi.dsp (+123/-0)
modules/proxy/mod_proxy_fcgi.mak (+380/-0)
modules/proxy/mod_proxy_fdpass.c (+241/-0)
modules/proxy/mod_proxy_fdpass.h (+41/-0)
modules/proxy/mod_proxy_ftp.c (+2125/-0)
modules/proxy/mod_proxy_ftp.dep (+74/-0)
modules/proxy/mod_proxy_ftp.dsp (+123/-0)
modules/proxy/mod_proxy_ftp.mak (+380/-0)
modules/proxy/mod_proxy_hcheck.c (+1224/-0)
modules/proxy/mod_proxy_hcheck.dep (+5/-0)
modules/proxy/mod_proxy_hcheck.dsp (+123/-0)
modules/proxy/mod_proxy_hcheck.mak (+380/-0)
modules/proxy/mod_proxy_http.c (+2043/-0)
modules/proxy/mod_proxy_http.dep (+73/-0)
modules/proxy/mod_proxy_http.dsp (+123/-0)
modules/proxy/mod_proxy_http.mak (+380/-0)
modules/proxy/mod_proxy_scgi.c (+674/-0)
modules/proxy/mod_proxy_scgi.dep (+75/-0)
modules/proxy/mod_proxy_scgi.dsp (+123/-0)
modules/proxy/mod_proxy_scgi.mak (+380/-0)
modules/proxy/mod_proxy_wstunnel.c (+390/-0)
modules/proxy/mod_proxy_wstunnel.dep (+73/-0)
modules/proxy/mod_proxy_wstunnel.dsp (+123/-0)
modules/proxy/mod_proxy_wstunnel.mak (+380/-0)
modules/proxy/proxy_util.c (+3867/-0)
modules/proxy/proxy_util.h (+45/-0)
modules/proxy/scgi.h (+36/-0)
modules/session/Makefile.in (+4/-0)
modules/session/NWGNUmakefile (+257/-0)
modules/session/NWGNUsession (+254/-0)
modules/session/NWGNUsession_cookie (+253/-0)
modules/session/NWGNUsession_crypto (+255/-0)
modules/session/NWGNUsession_dbd (+253/-0)
modules/session/config.m4 (+68/-0)
modules/session/mod_session.c (+668/-0)
modules/session/mod_session.dep (+56/-0)
modules/session/mod_session.dsp (+115/-0)
modules/session/mod_session.h (+186/-0)
modules/session/mod_session.mak (+353/-0)
modules/session/mod_session_cookie.c (+284/-0)
modules/session/mod_session_cookie.dep (+49/-0)
modules/session/mod_session_cookie.dsp (+111/-0)
modules/session/mod_session_cookie.mak (+381/-0)
modules/session/mod_session_crypto.c (+805/-0)
modules/session/mod_session_crypto.dep (+57/-0)
modules/session/mod_session_crypto.dsp (+111/-0)
modules/session/mod_session_crypto.mak (+381/-0)
modules/session/mod_session_dbd.c (+640/-0)
modules/session/mod_session_dbd.dep (+60/-0)
modules/session/mod_session_dbd.dsp (+111/-0)
modules/session/mod_session_dbd.mak (+409/-0)
modules/slotmem/Makefile.in (+3/-0)
modules/slotmem/NWGNUmakefile (+246/-0)
modules/slotmem/NWGNUslotmem_plain (+250/-0)
modules/slotmem/NWGNUslotmem_shm (+250/-0)
modules/slotmem/config.m4 (+10/-0)
modules/slotmem/mod_slotmem_plain.c (+343/-0)
modules/slotmem/mod_slotmem_plain.dep (+51/-0)
modules/slotmem/mod_slotmem_plain.dsp (+111/-0)
modules/slotmem/mod_slotmem_plain.mak (+353/-0)
modules/slotmem/mod_slotmem_shm.c (+809/-0)
modules/slotmem/mod_slotmem_shm.dep (+57/-0)
modules/slotmem/mod_slotmem_shm.dsp (+111/-0)
modules/slotmem/mod_slotmem_shm.mak (+353/-0)
modules/ssl/Makefile.in (+20/-0)
modules/ssl/NWGNUmakefile (+327/-0)
modules/ssl/README (+106/-0)
modules/ssl/README.dsov.fig (+346/-0)
modules/ssl/README.dsov.ps (+1138/-0)
modules/ssl/config.m4 (+57/-0)
modules/ssl/mod_ssl.c (+716/-0)
modules/ssl/mod_ssl.dep (+1086/-0)
modules/ssl/mod_ssl.dsp (+195/-0)
modules/ssl/mod_ssl.h (+88/-0)
modules/ssl/mod_ssl.mak (+500/-0)
modules/ssl/mod_ssl_openssl.h (+73/-0)
modules/ssl/ssl_engine_config.c (+2032/-0)
modules/ssl/ssl_engine_init.c (+2020/-0)
modules/ssl/ssl_engine_io.c (+2215/-0)
modules/ssl/ssl_engine_kernel.c (+2457/-0)
modules/ssl/ssl_engine_log.c (+238/-0)
modules/ssl/ssl_engine_mutex.c (+111/-0)
modules/ssl/ssl_engine_ocsp.c (+304/-0)
modules/ssl/ssl_engine_pphrase.c (+621/-0)
modules/ssl/ssl_engine_rand.c (+177/-0)
modules/ssl/ssl_engine_vars.c (+1244/-0)
modules/ssl/ssl_private.h (+1068/-0)
modules/ssl/ssl_scache.c (+239/-0)
modules/ssl/ssl_util.c (+471/-0)
modules/ssl/ssl_util_ocsp.c (+419/-0)
modules/ssl/ssl_util_ssl.c (+505/-0)
modules/ssl/ssl_util_ssl.h (+78/-0)
modules/ssl/ssl_util_stapling.c (+873/-0)
modules/test/.indent.pro (+54/-0)
modules/test/Makefile.in (+3/-0)
modules/test/NWGNUmakefile (+257/-0)
modules/test/NWGNUoptfnexport (+256/-0)
modules/test/NWGNUoptfnimport (+256/-0)
modules/test/NWGNUopthookexport (+256/-0)
modules/test/NWGNUopthookimport (+256/-0)
modules/test/README (+1/-0)
modules/test/config.m4 (+13/-0)
modules/test/mod_dialup.c (+306/-0)
modules/test/mod_optional_fn_export.c (+48/-0)
modules/test/mod_optional_fn_export.h (+19/-0)
modules/test/mod_optional_fn_import.c (+55/-0)
modules/test/mod_optional_hook_export.c (+44/-0)
modules/test/mod_optional_hook_export.h (+24/-0)
modules/test/mod_optional_hook_import.c (+45/-0)
os/.indent.pro (+54/-0)
os/Makefile.in (+4/-0)
os/bs2000/ebcdic.c (+210/-0)
os/bs2000/ebcdic.h (+33/-0)
os/bs2000/os.c (+136/-0)
os/bs2000/os.h (+40/-0)
os/config.m4 (+26/-0)
os/netware/modules.c (+117/-0)
os/netware/netware_config_layout.h (+31/-0)
os/netware/os.h (+57/-0)
os/netware/pre_nw.h (+70/-0)
os/netware/util_nw.c (+112/-0)
os/os2/Makefile.in (+5/-0)
os/os2/config.m4 (+3/-0)
os/os2/core.mk (+7/-0)
os/os2/core_header.def (+19/-0)
os/os2/os.h (+40/-0)
os/os2/util_os2.c (+39/-0)
os/unix/Makefile.in (+5/-0)
os/unix/config.m4 (+7/-0)
os/unix/os.h (+52/-0)
os/unix/unixd.c (+690/-0)
os/unix/unixd.h (+142/-0)
os/win32/BaseAddr.ref (+132/-0)
os/win32/Makefile.in (+5/-0)
os/win32/ap_regkey.c (+642/-0)
os/win32/modules.c (+56/-0)
os/win32/os.h (+139/-0)
os/win32/util_win32.c (+148/-0)
os/win32/win32_config_layout.h (+31/-0)
server/.indent.pro (+54/-0)
server/Makefile.in (+103/-0)
server/NWGNUmakefile (+261/-0)
server/buildmark.c (+29/-0)
server/config.c (+2699/-0)
server/config.m4 (+19/-0)
server/connection.c (+228/-0)
server/core.c (+5401/-0)
server/core_filters.c (+889/-0)
server/eoc_bucket.c (+55/-0)
server/eor_bucket.c (+102/-0)
server/error_bucket.c (+77/-0)
server/gen_test_char.c (+173/-0)
server/gen_test_char.dep (+7/-0)
server/gen_test_char.dsp (+94/-0)
server/gen_test_char.mak (+234/-0)
server/listen.c (+938/-0)
server/log.c (+1956/-0)
server/main.c (+827/-0)
server/mpm/MPM.NAMING (+14/-0)
server/mpm/Makefile.in (+4/-0)
server/mpm/config.m4 (+128/-0)
server/mpm/config2.m4 (+89/-0)
server/mpm/event/Makefile.in (+1/-0)
server/mpm/event/config.m4 (+15/-0)
server/mpm/event/config3.m4 (+7/-0)
server/mpm/event/event.c (+3756/-0)
server/mpm/event/fdqueue.c (+533/-0)
server/mpm/event/fdqueue.h (+106/-0)
server/mpm/event/mpm_default.h (+56/-0)
server/mpm/mpmt_os2/Makefile.in (+1/-0)
server/mpm/mpmt_os2/config.m4 (+10/-0)
server/mpm/mpmt_os2/config5.m4 (+3/-0)
server/mpm/mpmt_os2/mpm_default.h (+57/-0)
server/mpm/mpmt_os2/mpmt_os2.c (+614/-0)
server/mpm/mpmt_os2/mpmt_os2_child.c (+488/-0)
server/mpm/netware/mpm_default.h (+78/-0)
server/mpm/netware/mpm_netware.c (+1363/-0)
server/mpm/prefork/Makefile.in (+1/-0)
server/mpm/prefork/config.m4 (+7/-0)
server/mpm/prefork/config3.m4 (+1/-0)
server/mpm/prefork/mpm_default.h (+51/-0)
server/mpm/prefork/prefork.c (+1516/-0)
server/mpm/winnt/Makefile.in (+1/-0)
server/mpm/winnt/child.c (+1266/-0)
server/mpm/winnt/config.m4 (+10/-0)
server/mpm/winnt/config3.m4 (+2/-0)
server/mpm/winnt/mpm_default.h (+60/-0)
server/mpm/winnt/mpm_winnt.c (+1785/-0)
server/mpm/winnt/mpm_winnt.h (+96/-0)
server/mpm/winnt/nt_eventlog.c (+171/-0)
server/mpm/winnt/service.c (+1241/-0)
server/mpm/worker/Makefile.in (+2/-0)
server/mpm/worker/config.m4 (+11/-0)
server/mpm/worker/config3.m4 (+5/-0)
server/mpm/worker/fdqueue.c (+412/-0)
server/mpm/worker/fdqueue.h (+75/-0)
server/mpm/worker/mpm_default.h (+55/-0)
server/mpm/worker/worker.c (+2382/-0)
server/mpm_common.c (+571/-0)
server/mpm_unix.c (+1078/-0)
server/protocol.c (+2391/-0)
server/provider.c (+197/-0)
server/request.c (+2511/-0)
server/scoreboard.c (+666/-0)
server/util.c (+3309/-0)
server/util_cfgtree.c (+46/-0)
server/util_charset.c (+28/-0)
server/util_cookies.c (+290/-0)
server/util_debug.c (+225/-0)
server/util_ebcdic.c (+117/-0)
server/util_expr_eval.c (+1822/-0)
server/util_expr_parse.c (+2130/-0)
server/util_expr_parse.h (+104/-0)
server/util_expr_parse.y (+217/-0)
server/util_expr_private.h (+141/-0)
server/util_expr_scan.c (+2669/-0)
server/util_expr_scan.l (+400/-0)
server/util_fcgi.c (+290/-0)
server/util_filter.c (+732/-0)
server/util_md5.c (+166/-0)
server/util_mutex.c (+561/-0)
server/util_pcre.c (+299/-0)
server/util_regex.c (+210/-0)
server/util_script.c (+900/-0)
server/util_time.c (+306/-0)
server/util_xml.c (+140/-0)
server/vhost.c (+1267/-0)
srclib/Makefile.in (+5/-0)
support/.indent.pro (+54/-0)
support/Makefile.in (+89/-0)
support/NWGNUab (+330/-0)
support/NWGNUhtcacheclean (+253/-0)
support/NWGNUhtdbm (+252/-0)
support/NWGNUhtdigest (+251/-0)
support/NWGNUhtpasswd (+252/-0)
support/NWGNUhttxt2dbm (+251/-0)
support/NWGNUlogres (+258/-0)
support/NWGNUmakefile (+51/-0)
support/NWGNUrotlogs (+250/-0)
support/README (+65/-0)
support/SHA1/README.sha1 (+34/-0)
support/SHA1/convert-sha1.pl (+36/-0)
support/SHA1/htpasswd-sha1.pl (+22/-0)
support/SHA1/ldif-sha1.example (+19/-0)
support/ab.c (+2553/-0)
support/ab.dep (+37/-0)
support/ab.dsp (+106/-0)
support/ab.mak (+317/-0)
support/abs.dep (+37/-0)
support/abs.dsp (+144/-0)
support/abs.mak (+374/-0)
support/apachectl.in (+106/-0)
support/apxs.in (+791/-0)
support/check_forensic (+51/-0)
support/checkgid.c (+110/-0)
support/config.m4 (+151/-0)
support/dbmmanage.in (+312/-0)
support/envvars-std.in (+28/-0)
support/fcgistarter.c (+220/-0)
support/fcgistarter.dep (+29/-0)
support/fcgistarter.dsp (+106/-0)
support/fcgistarter.mak (+317/-0)
support/htcacheclean.c (+1829/-0)
support/htcacheclean.dep (+37/-0)
support/htcacheclean.dsp (+106/-0)
support/htcacheclean.mak (+317/-0)
support/htdbm.c (+472/-0)
support/htdbm.dep (+58/-0)
support/htdbm.dsp (+110/-0)
support/htdbm.mak (+326/-0)
support/htdigest.c (+303/-0)
support/htdigest.dep (+27/-0)
support/htdigest.dsp (+106/-0)
support/htdigest.mak (+317/-0)
support/htpasswd.c (+509/-0)
support/htpasswd.dep (+57/-0)
support/htpasswd.dsp (+110/-0)
support/htpasswd.mak (+326/-0)
support/httxt2dbm.c (+335/-0)
support/httxt2dbm.dep (+26/-0)
support/httxt2dbm.dsp (+106/-0)
support/httxt2dbm.mak (+317/-0)
support/list_hooks.pl (+101/-0)
support/log_server_status.in (+76/-0)
support/logresolve.c (+329/-0)
support/logresolve.dep (+26/-0)
support/logresolve.dsp (+106/-0)
support/logresolve.mak (+317/-0)
support/logresolve.pl.in (+225/-0)
support/passwd_common.c (+344/-0)
support/passwd_common.h (+123/-0)
support/phf_abuse_log.cgi.in (+38/-0)
support/rotatelogs.c (+731/-0)
support/rotatelogs.dep (+28/-0)
support/rotatelogs.dsp (+106/-0)
support/rotatelogs.mak (+317/-0)
support/split-logfile.in (+69/-0)
support/suexec.c (+652/-0)
support/suexec.h (+109/-0)
support/win32/ApacheMonitor.c (+1671/-0)
support/win32/ApacheMonitor.dep (+18/-0)
support/win32/ApacheMonitor.dsp (+143/-0)
support/win32/ApacheMonitor.h (+78/-0)
support/win32/ApacheMonitor.mak (+309/-0)
support/win32/ApacheMonitor.manifest (+10/-0)
support/win32/ApacheMonitor.rc (+103/-0)
support/win32/wintty.c (+374/-0)
support/win32/wintty.dep (+5/-0)
support/win32/wintty.dsp (+106/-0)
support/win32/wintty.mak (+317/-0)
test/.indent.pro (+54/-0)
test/Makefile.in (+20/-0)
test/README (+3/-0)
test/check_chunked (+58/-0)
test/cls.c (+182/-0)
test/make_sni.sh (+396/-0)
test/tcpdumpscii.txt (+50/-0)
test/test-writev.c (+101/-0)
test/test_find.c (+78/-0)
test/test_limits.c (+200/-0)
test/test_parser.c (+75/-0)
test/test_select.c (+46/-0)
test/time-sem.c (+591/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  2018-06-27 Approve on 2018-06-28
Canonical Server Team 2018-06-27 Pending
Review via email: mp+348632@code.launchpad.net

Description of the change

Please use git to review the changes, as the LP diff in this MP is incorrect for some reason.

Apply upstream patches (from 2.4.30) to Bionic's 2.4.29 apache to address long hostnames used in proxy balancer members in the following way:
- provide a new attribute in the proxy structure that can hold a longer hostname. Modules that are aware of it can use this attribute
- if the hostname is still too long, truncate it and log a warning instead of causing a fatal error.

I didn't change the MODULE_MAGIC_NUMBER_MINOR define, see comments https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1750356/comments/5 through https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1750356/comments/7.

The bug has the SRU template filled out and a testing procedure.

qa-regression-testing tests for apache2 passed: https://pastebin.ubuntu.com/p/nZ6GGHXgwQ/

To post a comment you must log in.
Christian Ehrhardt  (paelzer) wrote :

Hi,
LGTM in general.
Patches look ok as taken from upstream - it is ok that we don't change the upstream STATUS/Changelog.
Packaging Changelog seems ok to me (it would fit in three lines without too early line breaks, but that isn't important)

I agree to the magic number decision, as we would have to get all other changes up to 75 in to really announce that.

The log message before also was already clear:
  BalancerMember worker hostname (xxxxx...xxxx) too long
So I'm not sure how much that is more a feature than a backport, were there earlier versions of apache in which this worked.
But this would be for the SRU Team to decide, from the code/packaging alone it LGTM.

I also tested the steps to reproduce and can confirm the issue and the fix.

The one thing I have to nack is that maybe we an Author tag on the patches?
Usually in git-format-patch exports we have the Author listed, which is why we don't need to add it in our dep-3 tags.
But in the svn export of apache2 there is no Author - I think legally you are supposed to add something when adding them - could you find the Authors name and add it?

So you are at +0.95 just missing the Author statement in the patches I'd think.

review: Needs Fixing
Andreas Hasenack (ahasenack) wrote :

I didn't add Author because I couldn't figure out who it was that authored the patch:
- svn has nicknames, not names + emails
- DEP3 says that Author is optional if Origin is given, and in this case Origin is pointing straight at svn merges/commits
- trunk and stable tree have different svn nicknames as their authors, complicating the authorship a bit more
- I fear more giving wrong authorship than not giving one

If you still think Author is warranted, I'll do some research and come up with one.

Christian Ehrhardt  (paelzer) wrote :

>
> If you still think Author is warranted, I'll do some research and come up
> with one.
>

Sure - you have my +1 if it can not be found - once you have exceeded 10
minutes it certainly isn't worth anymore.

review: Approve
Robie Basak (racb) wrote :

Blocked on previous SRU clearing but otherwise ready for upload.

Andreas Hasenack (ahasenack) wrote :

The previous SRU is done, if someone could push the upload tag I can then dput this package. Thanks.

Andreas Hasenack (ahasenack) wrote :

Thanks, uploaded.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index e81196b..58eefae 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,12 @@
6+apache2 (2.4.29-1ubuntu4.3) bionic; urgency=medium
7+
8+ * d/p/balance-member-long-hostname-part{1,2}.patch: Provide an RFC1035
9+ compliant version of the hostname in the
10+ proxy_worker_shared structure. A hostname that is too long is no longer a
11+ fatal error. (LP: #1750356)
12+
13+ -- Andreas Hasenack <andreas@canonical.com> Wed, 27 Jun 2018 14:05:04 -0300
14+
15 apache2 (2.4.29-1ubuntu4.2) bionic; urgency=medium
16
17 * debian/patches/includeoptional-ignore-non-existent.patch: silently
18diff --git a/debian/patches/balance-member-long-hostname-part1.patch b/debian/patches/balance-member-long-hostname-part1.patch
19new file mode 100644
20index 0000000..eb389a3
21--- /dev/null
22+++ b/debian/patches/balance-member-long-hostname-part1.patch
23@@ -0,0 +1,30 @@
24+Description: Too long hostnames and schemes are no longer fatal errors
25+ proxy_util: Schemes and hostnames that are "too long" are
26+ no longer automatically fatal errors but are instead logged
27+ and truncated, at which point the admin can determine if that
28+ is OK or not.
29+ trunk patch: http://svn.apache.org/r1823482
30+ +1: jim, minfrin, rpluem
31+Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=1824455
32+Bug: https://bz.apache.org/bugzilla/show_bug.cgi?id=62085
33+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1750356
34+Last-Update: 2018-06-27
35+---
36+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
37+--- 2.4.x/modules/proxy/proxy_util.c 2018/02/16 12:31:28 1824454
38++++ 2.4.x/modules/proxy/proxy_util.c 2018/02/16 12:35:03 1824455
39+@@ -1691,10 +1691,12 @@
40+ "Alert! worker name (%s) too long; truncated to: %s", ptr, wshared->name);
41+ }
42+ if (PROXY_STRNCPY(wshared->scheme, uri.scheme) != APR_SUCCESS) {
43+- return apr_psprintf(p, "worker scheme (%s) too long", uri.scheme);
44++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, APLOGNO(010117)
45++ "Alert! worker scheme (%s) too long; truncated to: %s", uri.scheme, wshared->scheme);
46+ }
47+ if (PROXY_STRNCPY(wshared->hostname, uri.hostname) != APR_SUCCESS) {
48+- return apr_psprintf(p, "worker hostname (%s) too long", uri.hostname);
49++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, APLOGNO(010118)
50++ "Alert! worker hostname (%s) too long; truncated to: %s", uri.hostname, wshared->hostname);
51+ }
52+ wshared->flush_packets = flush_off;
53+ wshared->flush_wait = PROXY_FLUSH_WAIT;
54diff --git a/debian/patches/balance-member-long-hostname-part2.patch b/debian/patches/balance-member-long-hostname-part2.patch
55new file mode 100644
56index 0000000..dc1b1ab
57--- /dev/null
58+++ b/debian/patches/balance-member-long-hostname-part2.patch
59@@ -0,0 +1,430 @@
60+Description: Provide an RFC1035 compliant version of the hostname
61+ mod_proxy: Provide an RFC1035 compliant version of the hostname in the
62+ proxy_worker_shared structure. PR62085
63+ .
64+ Tone down the message that worker hostname is too long noting it only
65+ affects legacy modules not yet using hostname_ex.
66+ .
67+ Set the notice when hostname is too long for legacy proxy modules to info level.
68+ .
69+ Submitted by: minfrin
70+ Reviewed by: minfrin, jim, ylavic
71+ .
72+ Modified in Ubuntu to not change MODULE_MAGIC_NUMBER_MINOR in include/ap_mmn.h
73+Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=1824504
74+Bug: https://bz.apache.org/bugzilla/show_bug.cgi?id=62085
75+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1750356
76+Last-Update: 2018-06-27
77+---
78+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
79+--- 2.4.x/include/ap_mmn.h 2018/02/16 14:58:32 1824503
80++++ 2.4.x/include/ap_mmn.h 2018/02/16 15:04:41 1824504
81+@@ -496,6 +496,7 @@
82+ * to ap_[r]getline()
83+ * 20120211.68 (2.4.26-dev) Add ap_get_basic_auth_components() and deprecate
84+ * ap_get_basic_auth_pw()
85++ * 20120211.75 (2.4.30-dev) Add hostname_ex to proxy_worker_shared
86+ */
87+
88+ #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
89+--- 2.4.x/modules/proxy/balancers/mod_lbmethod_heartbeat.c 2018/02/16 14:58:32 1824503
90++++ 2.4.x/modules/proxy/balancers/mod_lbmethod_heartbeat.c 2018/02/16 15:04:41 1824504
91+@@ -300,7 +300,7 @@
92+
93+ for (i = 0; i < balancer->workers->nelts; i++) {
94+ worker = &APR_ARRAY_IDX(balancer->workers, i, proxy_worker *);
95+- server = apr_hash_get(servers, (*worker)->s->hostname, APR_HASH_KEY_STRING);
96++ server = apr_hash_get(servers, (*worker)->s->hostname_ex, APR_HASH_KEY_STRING);
97+
98+ if (!server) {
99+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r, APLOGNO(01214)
100+--- 2.4.x/modules/proxy/mod_proxy.c 2018/02/16 14:58:32 1824503
101++++ 2.4.x/modules/proxy/mod_proxy.c 2018/02/16 15:04:41 1824504
102+@@ -2838,7 +2838,7 @@
103+ char fbuf[50];
104+ if (!(flags & AP_STATUS_SHORT)) {
105+ ap_rvputs(r, "<tr>\n<td>", (*worker)->s->scheme, "</td>", NULL);
106+- ap_rvputs(r, "<td>", (*worker)->s->hostname, "</td><td>", NULL);
107++ ap_rvputs(r, "<td>", (*worker)->s->hostname_ex, "</td><td>", NULL);
108+ ap_rvputs(r, ap_proxy_parse_wstatus(r->pool, *worker), NULL);
109+ ap_rvputs(r, "</td><td>", (*worker)->s->route, NULL);
110+ ap_rvputs(r, "</td><td>", (*worker)->s->redirect, NULL);
111+@@ -2930,7 +2930,8 @@
112+ ap_proxy_define_worker(p, &forward, NULL, NULL, "http://www.apache.org", 0);
113+ conf->forward = forward;
114+ PROXY_STRNCPY(conf->forward->s->name, "proxy:forward");
115+- PROXY_STRNCPY(conf->forward->s->hostname, "*");
116++ PROXY_STRNCPY(conf->forward->s->hostname, "*"); /* for compatibility */
117++ PROXY_STRNCPY(conf->forward->s->hostname_ex, "*");
118+ PROXY_STRNCPY(conf->forward->s->scheme, "*");
119+ conf->forward->hash.def = conf->forward->s->hash.def =
120+ ap_proxy_hashfunc(conf->forward->s->name, PROXY_HASHFUNC_DEFAULT);
121+@@ -2947,7 +2948,8 @@
122+ if (!reverse) {
123+ ap_proxy_define_worker(p, &reverse, NULL, NULL, "http://www.apache.org", 0);
124+ PROXY_STRNCPY(reverse->s->name, "proxy:reverse");
125+- PROXY_STRNCPY(reverse->s->hostname, "*");
126++ PROXY_STRNCPY(reverse->s->hostname, "*"); /* for compatibility */
127++ PROXY_STRNCPY(reverse->s->hostname_ex, "*");
128+ PROXY_STRNCPY(reverse->s->scheme, "*");
129+ reverse->hash.def = reverse->s->hash.def =
130+ ap_proxy_hashfunc(reverse->s->name, PROXY_HASHFUNC_DEFAULT);
131+--- 2.4.x/modules/proxy/mod_proxy.h 2018/02/16 14:58:32 1824503
132++++ 2.4.x/modules/proxy/mod_proxy.h 2018/02/16 15:04:41 1824504
133+@@ -354,6 +354,8 @@
134+ #define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
135+ #define PROXY_BALANCER_MAX_STICKY_SIZE 64
136+
137++#define PROXY_RFC1035_HOSTNAME_SIZE 256
138++
139+ /* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names,
140+ * dotted together(?) this would fit the below size (+ trailing NUL).
141+ */
142+@@ -384,7 +386,7 @@
143+ typedef struct {
144+ char name[PROXY_WORKER_MAX_NAME_SIZE];
145+ char scheme[PROXY_WORKER_MAX_SCHEME_SIZE]; /* scheme to use ajp|http|https */
146+- char hostname[PROXY_WORKER_MAX_HOSTNAME_SIZE]; /* remote backend address */
147++ char hostname[PROXY_WORKER_MAX_HOSTNAME_SIZE]; /* remote backend address (deprecated, use hostname_ex below) */
148+ char route[PROXY_WORKER_MAX_ROUTE_SIZE]; /* balancing route */
149+ char redirect[PROXY_WORKER_MAX_ROUTE_SIZE]; /* temporary balancing redirection route */
150+ char flusher[PROXY_WORKER_MAX_SCHEME_SIZE]; /* flush provider used by mod_proxy_fdpass */
151+@@ -444,6 +446,7 @@
152+ hcmethod_t method; /* method to use for health check */
153+ apr_interval_time_t interval;
154+ char upgrade[PROXY_WORKER_MAX_SCHEME_SIZE];/* upgrade protocol used by mod_proxy_wstunnel */
155++ char hostname_ex[PROXY_RFC1035_HOSTNAME_SIZE]; /* RFC1035 compliant version of the remote backend address */
156+ } proxy_worker_shared;
157+
158+ #define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))
159+--- 2.4.x/modules/proxy/mod_proxy_ajp.c 2018/02/16 14:58:32 1824503
160++++ 2.4.x/modules/proxy/mod_proxy_ajp.c 2018/02/16 15:04:41 1824504
161+@@ -213,7 +213,7 @@
162+ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868)
163+ "request failed to %pI (%s)",
164+ conn->worker->cp->addr,
165+- conn->worker->s->hostname);
166++ conn->worker->s->hostname_ex);
167+ if (status == AJP_EOVERFLOW)
168+ return HTTP_BAD_REQUEST;
169+ else if (status == AJP_EBAD_METHOD) {
170+@@ -297,7 +297,7 @@
171+ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00876)
172+ "send failed to %pI (%s)",
173+ conn->worker->cp->addr,
174+- conn->worker->s->hostname);
175++ conn->worker->s->hostname_ex);
176+ /*
177+ * It is fatal when we failed to send a (part) of the request
178+ * body.
179+@@ -337,7 +337,7 @@
180+ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00878)
181+ "read response failed from %pI (%s)",
182+ conn->worker->cp->addr,
183+- conn->worker->s->hostname);
184++ conn->worker->s->hostname_ex);
185+
186+ /* If we had a successful cping/cpong and then a timeout
187+ * we assume it is a request that cause a back-end timeout,
188+@@ -635,7 +635,7 @@
189+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00892)
190+ "got response from %pI (%s)",
191+ conn->worker->cp->addr,
192+- conn->worker->s->hostname);
193++ conn->worker->s->hostname_ex);
194+
195+ if (conf->error_override && ap_is_HTTP_ERROR(r->status)) {
196+ /* clear r->status for override error, otherwise ErrorDocument
197+@@ -659,7 +659,7 @@
198+ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00893)
199+ "dialog to %pI (%s) failed",
200+ conn->worker->cp->addr,
201+- conn->worker->s->hostname);
202++ conn->worker->s->hostname_ex);
203+ /*
204+ * If we already send data, signal a broken backend connection
205+ * upwards in the chain.
206+@@ -794,7 +794,7 @@
207+ backend->close = 1;
208+ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00897)
209+ "cping/cpong failed to %pI (%s)",
210+- worker->cp->addr, worker->s->hostname);
211++ worker->cp->addr, worker->s->hostname_ex);
212+ status = HTTP_SERVICE_UNAVAILABLE;
213+ retry++;
214+ continue;
215+--- 2.4.x/modules/proxy/mod_proxy_balancer.c 2018/02/16 14:58:32 1824503
216++++ 2.4.x/modules/proxy/mod_proxy_balancer.c 2018/02/16 15:04:41 1824504
217+@@ -452,7 +452,7 @@
218+ (*worker)->s->status &= ~PROXY_WORKER_IN_ERROR;
219+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01165)
220+ "%s: Forcing recovery for worker (%s)",
221+- balancer->s->name, (*worker)->s->hostname);
222++ balancer->s->name, (*worker)->s->hostname_ex);
223+ }
224+ }
225+ }
226+@@ -1469,7 +1469,7 @@
227+ "</httpd:name>\n", NULL);
228+ ap_rvputs(r, " <httpd:scheme>", worker->s->scheme,
229+ "</httpd:scheme>\n", NULL);
230+- ap_rvputs(r, " <httpd:hostname>", worker->s->hostname,
231++ ap_rvputs(r, " <httpd:hostname>", worker->s->hostname_ex,
232+ "</httpd:hostname>\n", NULL);
233+ ap_rprintf(r, " <httpd:loadfactor>%.2f</httpd:loadfactor>\n",
234+ (float)(worker->s->lbfactor)/100.0);
235+--- 2.4.x/modules/proxy/mod_proxy_hcheck.c 2018/02/16 14:58:32 1824503
236++++ 2.4.x/modules/proxy/mod_proxy_hcheck.c 2018/02/16 15:04:41 1824504
237+@@ -416,7 +416,7 @@
238+ "OPTIONS * HTTP/1.0\r\n"
239+ "Host: %s:%d\r\n"
240+ "\r\n",
241+- hc->s->hostname, (int)hc->s->port);
242++ hc->s->hostname_ex, (int)hc->s->port);
243+ break;
244+
245+ case HEAD:
246+@@ -434,7 +434,7 @@
247+ (wctx->path ? wctx->path : ""),
248+ (wctx->path && *hc->s->hcuri ? "/" : "" ),
249+ (*hc->s->hcuri ? hc->s->hcuri : ""),
250+- hc->s->hostname, (int)hc->s->port);
251++ hc->s->hostname_ex, (int)hc->s->port);
252+ break;
253+
254+ default:
255+@@ -461,12 +461,13 @@
256+ : ap_proxy_port_of_scheme(worker->s->scheme));
257+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ctx->s, APLOGNO(03248)
258+ "Creating hc worker %pp for %s://%s:%d",
259+- worker, worker->s->scheme, worker->s->hostname,
260++ worker, worker->s->scheme, worker->s->hostname_ex,
261+ (int)port);
262+
263+ ap_proxy_define_worker(ctx->p, &hc, NULL, NULL, worker->s->name, 0);
264+ apr_snprintf(hc->s->name, sizeof hc->s->name, "%pp", worker);
265+- PROXY_STRNCPY(hc->s->hostname, worker->s->hostname);
266++ PROXY_STRNCPY(hc->s->hostname, worker->s->hostname); /* for compatibility */
267++ PROXY_STRNCPY(hc->s->hostname_ex, worker->s->hostname_ex);
268+ PROXY_STRNCPY(hc->s->scheme, worker->s->scheme);
269+ PROXY_STRNCPY(hc->s->hcuri, worker->s->hcuri);
270+ PROXY_STRNCPY(hc->s->hcexpr, worker->s->hcexpr);
271+@@ -498,7 +499,7 @@
272+ : ap_proxy_port_of_scheme(worker->s->scheme));
273+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ctx->s, APLOGNO(03311)
274+ "Updating hc worker %pp for %s://%s:%d",
275+- worker, worker->s->scheme, worker->s->hostname,
276++ worker, worker->s->scheme, worker->s->hostname_ex,
277+ (int)port);
278+ hc->s->method = worker->s->method;
279+ create_hcheck_req(wctx, hc, ctx->p);
280+@@ -519,12 +520,12 @@
281+ *addr = worker->cp->addr;
282+ }
283+ else {
284+- rv = apr_sockaddr_info_get(addr, worker->s->hostname,
285++ rv = apr_sockaddr_info_get(addr, worker->s->hostname_ex,
286+ APR_UNSPEC, worker->s->port, 0, p);
287+ if (rv != APR_SUCCESS) {
288+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ctx->s, APLOGNO(03249)
289+ "DNS lookup failure for: %s:%d",
290+- worker->s->hostname, (int)worker->s->port);
291++ worker->s->hostname_ex, (int)worker->s->port);
292+ }
293+ }
294+ return (rv == APR_SUCCESS ? OK : !OK);
295+@@ -579,7 +580,7 @@
296+ status = ap_proxy_acquire_connection(proxy_function, backend, hc, ctx->s);
297+ if (status == OK) {
298+ (*backend)->addr = hc->cp->addr;
299+- (*backend)->hostname = hc->s->hostname;
300++ (*backend)->hostname = hc->s->hostname_ex;
301+ if (strcmp(hc->s->scheme, "https") == 0) {
302+ if (!ap_proxy_ssl_enable(NULL)) {
303+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, ctx->s, APLOGNO(03252)
304+--- 2.4.x/modules/proxy/mod_proxy_http.c 2018/02/16 14:58:32 1824503
305++++ 2.4.x/modules/proxy/mod_proxy_http.c 2018/02/16 15:04:41 1824504
306+@@ -1973,7 +1973,7 @@
307+ backend->close = 1;
308+ ap_log_rerror(APLOG_MARK, APLOG_INFO, status, r, APLOGNO(01115)
309+ "HTTP: 100-Continue failed to %pI (%s)",
310+- worker->cp->addr, worker->s->hostname);
311++ worker->cp->addr, worker->s->hostname_ex);
312+ retry++;
313+ continue;
314+ } else {
315+--- 2.4.x/modules/proxy/proxy_util.c 2018/02/16 14:58:32 1824503
316++++ 2.4.x/modules/proxy/proxy_util.c 2018/02/16 15:04:41 1824504
317+@@ -1694,9 +1694,13 @@
318+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, APLOGNO(010117)
319+ "Alert! worker scheme (%s) too long; truncated to: %s", uri.scheme, wshared->scheme);
320+ }
321++ if (PROXY_STRNCPY(wshared->hostname_ex, uri.hostname) != APR_SUCCESS) {
322++ return apr_psprintf(p, "worker hostname (%s) too long", uri.hostname);
323++ }
324+ if (PROXY_STRNCPY(wshared->hostname, uri.hostname) != APR_SUCCESS) {
325+- ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, APLOGNO(010118)
326+- "Alert! worker hostname (%s) too long; truncated to: %s", uri.hostname, wshared->hostname);
327++ ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf, APLOGNO(010118)
328++ "worker hostname (%s) too long; truncated for legacy modules that do not use "
329++ "proxy_worker_shared->hostname_ex: %s", uri.hostname, wshared->hostname);
330+ }
331+ wshared->flush_packets = flush_off;
332+ wshared->flush_wait = PROXY_FLUSH_WAIT;
333+@@ -1854,7 +1858,7 @@
334+
335+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00930)
336+ "initialized pool in child %" APR_PID_T_FMT " for (%s) min=%d max=%d smax=%d",
337+- getpid(), worker->s->hostname, worker->s->min,
338++ getpid(), worker->s->hostname_ex, worker->s->min,
339+ worker->s->hmax, worker->s->smax);
340+
341+ /* Set the acquire timeout */
342+@@ -1871,7 +1875,7 @@
343+
344+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00931)
345+ "initialized single connection worker in child %" APR_PID_T_FMT " for (%s)",
346+- getpid(), worker->s->hostname);
347++ getpid(), worker->s->hostname_ex);
348+ }
349+ apr_global_mutex_unlock(proxy_mutex);
350+
351+@@ -1890,7 +1894,7 @@
352+ if (PROXY_WORKER_IS(worker, PROXY_WORKER_STOPPED)) {
353+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(3305)
354+ "%s: Won't retry worker (%s): stopped",
355+- proxy_function, worker->s->hostname);
356++ proxy_function, worker->s->hostname_ex);
357+ return DECLINED;
358+ }
359+ if ((worker->s->status & PROXY_WORKER_IGNORE_ERRORS)
360+@@ -1899,13 +1903,13 @@
361+ worker->s->status &= ~PROXY_WORKER_IN_ERROR;
362+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00932)
363+ "%s: worker for (%s) has been marked for retry",
364+- proxy_function, worker->s->hostname);
365++ proxy_function, worker->s->hostname_ex);
366+ return OK;
367+ }
368+ else {
369+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00933)
370+ "%s: too soon to retry worker for (%s)",
371+- proxy_function, worker->s->hostname);
372++ proxy_function, worker->s->hostname_ex);
373+ return DECLINED;
374+ }
375+ }
376+@@ -2127,7 +2131,7 @@
377+ if (!PROXY_WORKER_IS_USABLE(worker)) {
378+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00940)
379+ "%s: disabled connection for (%s)",
380+- proxy_function, worker->s->hostname);
381++ proxy_function, worker->s->hostname_ex);
382+ return HTTP_SERVICE_UNAVAILABLE;
383+ }
384+ }
385+@@ -2150,12 +2154,12 @@
386+ if (rv != APR_SUCCESS) {
387+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(00941)
388+ "%s: failed to acquire connection for (%s)",
389+- proxy_function, worker->s->hostname);
390++ proxy_function, worker->s->hostname_ex);
391+ return HTTP_SERVICE_UNAVAILABLE;
392+ }
393+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00942)
394+ "%s: has acquired connection for (%s)",
395+- proxy_function, worker->s->hostname);
396++ proxy_function, worker->s->hostname_ex);
397+
398+ (*conn)->worker = worker;
399+ (*conn)->close = 0;
400+@@ -2170,7 +2174,7 @@
401+ {
402+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00943)
403+ "%s: has released connection for (%s)",
404+- proxy_function, conn->worker->s->hostname);
405++ proxy_function, conn->worker->s->hostname_ex);
406+ connection_cleanup(conn);
407+
408+ return OK;
409+@@ -2766,7 +2770,7 @@
410+ "%s: error creating Unix domain socket for "
411+ "target %s",
412+ proxy_function,
413+- worker->s->hostname);
414++ worker->s->hostname_ex);
415+ break;
416+ }
417+ conn->connection = NULL;
418+@@ -2779,7 +2783,7 @@
419+ "%s (%s) failed",
420+ proxy_function,
421+ conn->uds_path,
422+- worker->s->hostname);
423++ worker->s->hostname_ex);
424+ break;
425+ }
426+
427+@@ -2788,7 +2792,7 @@
428+ "%s (%s)",
429+ proxy_function,
430+ conn->uds_path,
431+- worker->s->hostname);
432++ worker->s->hostname_ex);
433+ }
434+ else
435+ #endif
436+@@ -2802,7 +2806,7 @@
437+ "target %s",
438+ proxy_function,
439+ backend_addr->family,
440+- worker->s->hostname);
441++ worker->s->hostname_ex);
442+ /*
443+ * this could be an IPv6 address from the DNS but the
444+ * local machine won't give us an IPv6 socket; hopefully the
445+@@ -2852,7 +2856,7 @@
446+ }
447+ ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, s,
448+ "%s: fam %d socket created to connect to %s",
449+- proxy_function, backend_addr->family, worker->s->hostname);
450++ proxy_function, backend_addr->family, worker->s->hostname_ex);
451+
452+ if (conf->source_address_set) {
453+ local_addr = apr_pmemdup(conn->scpool, conf->source_address,
454+@@ -2877,7 +2881,7 @@
455+ "%s: attempt to connect to %pI (%s) failed",
456+ proxy_function,
457+ backend_addr,
458+- worker->s->hostname);
459++ worker->s->hostname_ex);
460+ backend_addr = backend_addr->next;
461+ continue;
462+ }
463+@@ -2886,7 +2890,7 @@
464+ "%s: connection established with %pI (%s)",
465+ proxy_function,
466+ backend_addr,
467+- worker->s->hostname);
468++ worker->s->hostname_ex);
469+ }
470+
471+ /* Set a timeout on the socket */
472+@@ -2920,7 +2924,7 @@
473+ "via http CONNECT through %pI (%s) failed",
474+ proxy_function,
475+ forward->target_host, forward->target_port,
476+- backend_addr, worker->s->hostname);
477++ backend_addr, worker->s->hostname_ex);
478+ backend_addr = backend_addr->next;
479+ continue;
480+ }
481+@@ -2942,7 +2946,7 @@
482+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00959)
483+ "ap_proxy_connect_backend disabling worker for (%s) for %"
484+ APR_TIME_T_FMT "s",
485+- worker->s->hostname, apr_time_sec(worker->s->retry));
486++ worker->s->hostname_ex, apr_time_sec(worker->s->retry));
487+ }
488+ }
489+ else {
490diff --git a/debian/patches/series b/debian/patches/series
491index d9d8038..bb7ccb0 100644
492--- a/debian/patches/series
493+++ b/debian/patches/series
494@@ -23,3 +23,5 @@ CVE-2018-1301.patch
495 CVE-2018-1303.patch
496 CVE-2018-1312.patch
497 includeoptional-ignore-non-existent.patch
498+balance-member-long-hostname-part1.patch
499+balance-member-long-hostname-part2.patch
500diff --git a/docs/manual/style/latex/atbeginend.sty b/docs/manual/style/latex/atbeginend.sty
501new file mode 100644
502index 0000000..79b555d
503--- /dev/null
504+++ b/docs/manual/style/latex/atbeginend.sty
505@@ -0,0 +1,80 @@
506+% atbeginend.sty
507+%
508+% Licensed to the Apache Software Foundation (ASF) under one or more
509+% contributor license agreements. See the NOTICE file distributed with
510+% this work for additional information regarding copyright ownership.
511+% The ASF licenses this file to You under the Apache License, Version 2.0
512+% (the "License"); you may not use this file except in compliance with
513+% the License. You may obtain a copy of the License at
514+%
515+% http://www.apache.org/licenses/LICENSE-2.0
516+%
517+% Unless required by applicable law or agreed to in writing, software
518+% distributed under the License is distributed on an "AS IS" BASIS,
519+% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
520+% See the License for the specific language governing permissions and
521+% limitations under the License.
522+
523+% defines
524+% \BeforeBegin{environment}{code-to-execute}
525+% \BeforeEnd {environment}{code-to-execute}
526+% \AfterBegin {environment}{code-to-execute}
527+% \AfterEnd {environment}{code-to-execute}
528+%
529+% Save \begin and \end to \BeginEnvironment and \EndEnvironment
530+\let\BeginEnvironment=\begin
531+\let\EndEnvironment=\end
532+
533+\def\IfUnDef#1{\expandafter\ifx\csname#1\endcsname\relax}
534+
535+% Null command needed to for \nothing{something}=.nothing.
536+\def\NullCom#1{}
537+
538+\def\begin#1{%
539+%
540+% if defined \BeforeBeg for this environment, execute it
541+\IfUnDef{BeforeBeg#1}\else\csname BeforeBeg#1\endcsname\fi%
542+%
543+%
544+%
545+\IfUnDef{AfterBeg#1}% This is done to skip the command for environments
546+ % which can take arguments, like multicols; YOU MUST NOT
547+ % USE \AfterBegin{...}{...} for such environments!
548+ \let\SaveBegEng=\BeginEnvironment%
549+\else%
550+ % Start this environment
551+ \BeginEnvironment{#1}%
552+ % and execute code after \begin{environment}
553+ \csname AfterBeg#1\endcsname%
554+ %
555+ \let\SaveBegEng=\NullCom%
556+\fi%
557+\SaveBegEng{#1}%
558+}
559+
560+
561+\def\end#1{%
562+%
563+% execute code before \end{environment}
564+\IfUnDef{BeforeEnd#1}\else\csname BeforeEnd#1\endcsname\fi%
565+%
566+% close this environment
567+\EndEnvironment{#1}%
568+%
569+% and execute code after \begin{environment}
570+\IfUnDef{AfterEnd#1}\else\csname AfterEnd#1\endcsname\fi%
571+}
572+
573+
574+%% Now, define commands
575+% \BeforeBegin{environment}{code-to-execute}
576+% \BeforeEnd {environment}{code-to-execute}
577+% \AfterBegin {environment}{code-to-execute}
578+% \AfterEnd {environment}{code-to-execute}
579+
580+\def\BeforeBegin#1#2{\expandafter\gdef\csname BeforeBeg#1\endcsname
581+{#2}}
582+\def\BeforeEnd #1#2{\expandafter\gdef\csname BeforeEnd#1\endcsname
583+{#2}}
584+\def\AfterBegin #1#2{\expandafter\gdef\csname AfterBeg#1\endcsname {#2}}
585+\def\AfterEnd #1#2{\expandafter\gdef\csname AfterEnd#1\endcsname{#2}}
586diff --git a/docs/manual/style/manualpage.dtd b/docs/manual/style/manualpage.dtd
587new file mode 100644
588index 0000000..e9c22a0
589--- /dev/null
590+++ b/docs/manual/style/manualpage.dtd
591@@ -0,0 +1,29 @@
592+<?xml version='1.0' encoding='UTF-8' ?>
593+
594+<!--
595+ Licensed to the Apache Software Foundation (ASF) under one or more
596+ contributor license agreements. See the NOTICE file distributed with
597+ this work for additional information regarding copyright ownership.
598+ The ASF licenses this file to You under the Apache License, Version 2.0
599+ (the "License"); you may not use this file except in compliance with
600+ the License. You may obtain a copy of the License at
601+
602+ http://www.apache.org/licenses/LICENSE-2.0
603+
604+ Unless required by applicable law or agreed to in writing, software
605+ distributed under the License is distributed on an "AS IS" BASIS,
606+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
607+ See the License for the specific language governing permissions and
608+ limitations under the License.
609+-->
610+
611+<!ENTITY % common SYSTEM "common.dtd">
612+%common;
613+
614+<!-- <manualpage> is the root element -->
615+<!ELEMENT manualpage (parentdocument?, title, summary?,
616+seealso*, section*)>
617+
618+<!ATTLIST manualpage metafile CDATA #REQUIRED
619+ upgrade CDATA #IMPLIED
620+>
621diff --git a/docs/manual/style/modulesynopsis.dtd b/docs/manual/style/modulesynopsis.dtd
622new file mode 100644
623index 0000000..1ca9b06
624--- /dev/null
625+++ b/docs/manual/style/modulesynopsis.dtd
626@@ -0,0 +1,85 @@
627+<?xml version='1.0' encoding='UTF-8' ?>
628+
629+<!--
630+ Licensed to the Apache Software Foundation (ASF) under one or more
631+ contributor license agreements. See the NOTICE file distributed with
632+ this work for additional information regarding copyright ownership.
633+ The ASF licenses this file to You under the Apache License, Version 2.0
634+ (the "License"); you may not use this file except in compliance with
635+ the License. You may obtain a copy of the License at
636+
637+ http://www.apache.org/licenses/LICENSE-2.0
638+
639+ Unless required by applicable law or agreed to in writing, software
640+ distributed under the License is distributed on an "AS IS" BASIS,
641+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
642+ See the License for the specific language governing permissions and
643+ limitations under the License.
644+-->
645+
646+<!ENTITY % sitemap SYSTEM "sitemap.dtd">
647+%sitemap;
648+
649+<!ELEMENT modulesynopsis (name , description, status, hint?, sourcefile?,
650+identifier? , compatibility? , summary? , seealso* , section*,
651+directivesynopsis*)>
652+
653+<!ATTLIST modulesynopsis metafile CDATA #REQUIRED
654+ upgrade CDATA #IMPLIED>
655+
656+<!ELEMENT directivesynopsis (name , description? , syntax? , default?
657+, contextlist? , override? , modulelist?, status?, compatibility? ,
658+usage?, seealso*)>
659+
660+<!ELEMENT name (#PCDATA)>
661+
662+<!ELEMENT status (#PCDATA)>
663+
664+<!ELEMENT hint %Inline;>
665+
666+<!ELEMENT identifier (#PCDATA)>
667+
668+<!ELEMENT sourcefile (#PCDATA)>
669+
670+<!ELEMENT compatibility %Inline;>
671+
672+<!ELEMENT description %Inline;>
673+
674+<!ATTLIST directivesynopsis type CDATA #IMPLIED
675+ location CDATA #IMPLIED >
676+
677+<!ELEMENT syntax %Inline;>
678+
679+<!ELEMENT default (#PCDATA | directive | br)*>
680+
681+<!ELEMENT contextlist (context+)+>
682+
683+<!ELEMENT context (#PCDATA)>
684+
685+<!ELEMENT override (#PCDATA)>
686+
687+<!ELEMENT usage %Block;>
688+
689+<!-- Used in index.xml -->
690+<!ELEMENT moduleindex (title, summary, seealso*)>
691+
692+<!ATTLIST moduleindex metafile CDATA #REQUIRED>
693+
694+<!-- Used in directive.xml -->
695+<!ELEMENT directiveindex (title | summary)+>
696+
697+<!ATTLIST directiveindex metafile CDATA #REQUIRED>
698+
699+<!-- Used in quickreference.xml -->
700+<!ELEMENT quickreference (title | summary | legend)+>
701+<!ATTLIST quickreference metafile CDATA #REQUIRED>
702+
703+<!ELEMENT legend (table, table)>
704+
705+<!-- Used in overrides.xml -->
706+<!ELEMENT overrideindex (title | summary | overridesummary)+>
707+<!ATTLIST overrideindex metafile CDATA #REQUIRED>
708+
709+<!ELEMENT overridesummary %Block;>
710+<!ATTLIST overridesummary class CDATA #IMPLIED
711+ fallback CDATA #IMPLIED>
712diff --git a/docs/manual/style/scripts/MINIFY b/docs/manual/style/scripts/MINIFY
713new file mode 100644
714index 0000000..2c1efc3
715--- /dev/null
716+++ b/docs/manual/style/scripts/MINIFY
717@@ -0,0 +1,5 @@
718+#!/bin/sh
719+
720+(echo '// see prettify.js for copyright, license and expanded version'; python -mrjsmin <prettify.js) >prettify.min.js
721+
722+# needs python and rjsmin installed
723diff --git a/docs/manual/style/scripts/prettify.js b/docs/manual/style/scripts/prettify.js
724new file mode 100644
725index 0000000..bb74158
726--- /dev/null
727+++ b/docs/manual/style/scripts/prettify.js
728@@ -0,0 +1,1622 @@
729+// Copyright (C) 2006 Google Inc.
730+//
731+// Licensed under the Apache License, Version 2.0 (the "License");
732+// you may not use this file except in compliance with the License.
733+// You may obtain a copy of the License at
734+//
735+// http://www.apache.org/licenses/LICENSE-2.0
736+//
737+// Unless required by applicable law or agreed to in writing, software
738+// distributed under the License is distributed on an "AS IS" BASIS,
739+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
740+// See the License for the specific language governing permissions and
741+// limitations under the License.
742+
743+
744+/**
745+ * @fileoverview
746+ * some functions for browser-side pretty printing of code contained in html.
747+ *
748+ * <p>
749+ * For a fairly comprehensive set of languages see the
750+ * <a href="http://google-code-prettify.googlecode.com/svn/trunk/README.html#langs">README</a>
751+ * file that came with this source. At a minimum, the lexer should work on a
752+ * number of languages including C and friends, Java, Python, Bash, SQL, HTML,
753+ * XML, CSS, Javascript, and Makefiles. It works passably on Ruby, PHP and Awk
754+ * and a subset of Perl, but, because of commenting conventions, doesn't work on
755+ * Smalltalk, Lisp-like, or CAML-like languages without an explicit lang class.
756+ * <p>
757+ * Usage: <ol>
758+ * <li> include this source file in an html page via
759+ * {@code <script type="text/javascript" src="/path/to/prettify.js"></script>}
760+ * <li> define style rules. See the example page for examples.
761+ * <li> mark the {@code <pre>} and {@code <code>} tags in your source with
762+ * {@code class=prettyprint.}
763+ * You can also use the (html deprecated) {@code <xmp>} tag, but the pretty
764+ * printer needs to do more substantial DOM manipulations to support that, so
765+ * some css styles may not be preserved.
766+ * </ol>
767+ * That's it. I wanted to keep the API as simple as possible, so there's no
768+ * need to specify which language the code is in, but if you wish, you can add
769+ * another class to the {@code <pre>} or {@code <code>} element to specify the
770+ * language, as in {@code <pre class="prettyprint lang-java">}. Any class that
771+ * starts with "lang-" followed by a file extension, specifies the file type.
772+ * See the "lang-*.js" files in this directory for code that implements
773+ * per-language file handlers.
774+ * <p>
775+ * Change log:<br>
776+ * cbeust, 2006/08/22
777+ * <blockquote>
778+ * Java annotations (start with "@") are now captured as literals ("lit")
779+ * </blockquote>
780+ * @requires console
781+ */
782+
783+// JSLint declarations
784+/*global console, document, navigator, setTimeout, window, define */
785+
786+/**
787+ * Split {@code prettyPrint} into multiple timeouts so as not to interfere with
788+ * UI events.
789+ * If set to {@code false}, {@code prettyPrint()} is synchronous.
790+ */
791+window['PR_SHOULD_USE_CONTINUATION'] = true;
792+
793+/**
794+ * Find all the {@code <pre>} and {@code <code>} tags in the DOM with
795+ * {@code class=prettyprint} and prettify them.
796+ *
797+ * @param {Function?} opt_whenDone if specified, called when the last entry
798+ * has been finished.
799+ */
800+var prettyPrintOne;
801+/**
802+ * Pretty print a chunk of code.
803+ *
804+ * @param {string} sourceCodeHtml code as html
805+ * @return {string} code as html, but prettier
806+ */
807+var prettyPrint;
808+
809+
810+(function () {
811+ var win = window;
812+ // Keyword lists for various languages.
813+ // We use things that coerce to strings to make them compact when minified
814+ // and to defeat aggressive optimizers that fold large string constants.
815+ var FLOW_CONTROL_KEYWORDS = ["break,continue,do,else,for,if,return,while"];
816+ var C_KEYWORDS = [FLOW_CONTROL_KEYWORDS,"auto,case,char,const,default," +
817+ "double,enum,extern,float,goto,int,long,register,short,signed,sizeof,module," +
818+ "static,struct,switch,typedef,union,unsigned,void,volatile"];
819+ var COMMON_KEYWORDS = [C_KEYWORDS,"catch,class,delete,false,import," +
820+ "new,operator,private,protected,public,this,throw,true,try,typeof"];
821+ var CPP_KEYWORDS = [COMMON_KEYWORDS,"alignof,align_union,asm,axiom,bool," +
822+ "concept,concept_map,const_cast,constexpr,decltype," +
823+ "dynamic_cast,explicit,export,friend,inline,late_check," +
824+ "mutable,namespace,nullptr,reinterpret_cast,static_assert,static_cast," +
825+ "template,typeid,typename,using,virtual,where,request_req"];
826+ var JAVA_KEYWORDS = [COMMON_KEYWORDS,
827+ "abstract,boolean,byte,extends,final,finally,implements,import," +
828+ "instanceof,null,native,package,strictfp,super,synchronized,throws," +
829+ "transient"];
830+ var CSHARP_KEYWORDS = [JAVA_KEYWORDS,
831+ "as,base,by,checked,decimal,delegate,descending,dynamic,event," +
832+ "fixed,foreach,from,group,implicit,in,interface,internal,into,is,let," +
833+ "lock,object,out,override,orderby,params,partial,readonly,ref,sbyte," +
834+ "sealed,stackalloc,string,select,uint,ulong,unchecked,unsafe,ushort," +
835+ "var,virtual,where"];
836+ var COFFEE_KEYWORDS = "all,and,by,catch,class,else,extends,false,finally," +
837+ "for,if,in,is,isnt,loop,new,no,not,null,of,off,on,or,return,super,then," +
838+ "throw,true,try,unless,until,when,while,yes";
839+ var JSCRIPT_KEYWORDS = [COMMON_KEYWORDS,
840+ "debugger,eval,export,function,get,null,set,undefined,var,with," +
841+ "Infinity,NaN"];
842+ var PERL_KEYWORDS = "caller,delete,die,do,dump,else,elsif,eval,exit,foreach,for," +
843+ "goto,if,import,last,local,my,next,no,our,print,printf,package,redo,require," +
844+ "sub,undef,unless,until,use,wantarray,while,BEGIN,END";
845+ var PHP_KEYWORDS = "abstract,and,array,as,break,case,catch,cfunction,class," +
846+ "clone,const,continue,declare,default,do,else,elseif,enddeclare,endfor," +
847+ "endforeach,endif,endswitch,endwhile,extends,final,for,foreach,function," +
848+ "global,goto,if,implements,interface,instanceof,namespace,new,old_function," +
849+ "or,private,protected,public,static,switch,throw,try,use,var,while,xor," +
850+ "die,echo,empty,exit,eval,include,include_once,isset,list,require," +
851+ "require_once,return,print,unset";
852+ var PYTHON_KEYWORDS = [FLOW_CONTROL_KEYWORDS, "and,as,assert,class,def,del," +
853+ "elif,except,exec,finally,from,global,import,in,is,lambda," +
854+ "nonlocal,not,or,pass,print,raise,try,with,yield," +
855+ "False,True,None"];
856+ var RUBY_KEYWORDS = [FLOW_CONTROL_KEYWORDS, "alias,and,begin,case,class," +
857+ "def,defined,elsif,end,ensure,false,in,module,next,nil,not,or,redo," +
858+ "rescue,retry,self,super,then,true,undef,unless,until,when,yield," +
859+ "BEGIN,END"];
860+ var SH_KEYWORDS = [FLOW_CONTROL_KEYWORDS, "case,done,elif,esac,eval,fi," +
861+ "function,in,local,set,then,until,echo"];
862+ var CONFIG_ENVS = ["User-Agent,HTTP_USER_AGENT,HTTP_REFERER,HTTP_COOKIE,HTTP_FORWARDED,HTTP_HOST,HTTP_PROXY_CONNECTION,HTTP_ACCEPT,REMOTE_ADDR,REMOTE_HOST,REMOTE_PORT,REMOTE_USER,REMOTE_IDENT,REQUEST_METHOD,SCRIPT_FILENAME,PATH_INFO,QUERY_STRING,AUTH_TYPE,DOCUMENT_ROOT,SERVER_ADMIN,SERVER_NAME,SERVER_ADDR,SERVER_PORT,SERVER_PROTOCOL,SERVER_SOFTWARE,TIME_YEAR,TIME_MON,TIME_DAY,TIME_HOUR,TIME_MIN,TIME_SEC,TIME_WDAY,TIME,API_VERSION,THE_REQUEST,REQUEST_URI,REQUEST_FILENAME,IS_SUBREQ,HTTPS,REQUEST_SCHEME"];
863+ var CONFIG_KEYWORDS = ["AcceptFilter,AcceptPathInfo,AccessFileName,Action,AddAlt,AddAltByEncoding,AddAltByType,AddCharset,AddDefaultCharset,AddDescription,AddEncoding,AddHandler,AddIcon,AddIconByEncoding,AddIconByType,AddInputFilter,AddLanguage,AddModuleInfo,AddOutputFilter,AddOutputFilterByType,AddType,Alias,AliasMatch,Allow,AllowCONNECT,AllowEncodedSlashes,AllowMethods,AllowOverride,AllowOverrideList,Anonymous,Anonymous_LogEmail,Anonymous_MustGiveEmail,Anonymous_NoUserID,Anonymous_VerifyEmail,AsyncRequestWorkerFactor,AuthBasicAuthoritative,AuthBasicFake,AuthBasicProvider,AuthBasicUseDigestAlgorithm,AuthDBDUserPWQuery,AuthDBDUserRealmQuery,AuthDBMGroupFile,AuthDBMType,AuthDBMUserFile,AuthDigestAlgorithm,AuthDigestDomain,AuthDigestNonceLifetime,AuthDigestProvider,AuthDigestQop,AuthDigestShmemSize,AuthFormAuthoritative,AuthFormBody,AuthFormDisableNoStore,AuthFormFakeBasicAuth,AuthFormLocation,AuthFormLoginRequiredLocation,AuthFormLoginSuccessLocation,AuthFormLogoutLocation,AuthFormMethod,AuthFormMimetype,AuthFormPassword,AuthFormProvider,AuthFormSitePassphrase,AuthFormSize,AuthFormUsername,AuthGroupFile,AuthLDAPAuthorizePrefix,AuthLDAPBindAuthoritative,AuthLDAPBindDN,AuthLDAPBindPassword,AuthLDAPCharsetConfig,AuthLDAPCompareAsUser,AuthLDAPCompareDNOnServer,AuthLDAPDereferenceAliases,AuthLDAPGroupAttribute,AuthLDAPGroupAttributeIsDN,AuthLDAPInitialBindAsUser,AuthLDAPInitialBindPattern,AuthLDAPMaxSubGroupDepth,AuthLDAPRemoteUserAttribute,AuthLDAPRemoteUserIsDN,AuthLDAPSearchAsUser,AuthLDAPSubGroupAttribute,AuthLDAPSubGroupClass,AuthLDAPUrl,AuthMerging,AuthName,AuthnCacheContext,AuthnCacheEnable,AuthnCacheProvideFor,AuthnCacheSOCache,AuthnCacheTimeout,<AuthnProviderAlias>,AuthnzFcgiCheckAuthnProvider,AuthnzFcgiDefineProvider,AuthType,AuthUserFile,AuthzDBDLoginToReferer,AuthzDBDQuery,AuthzDBDRedirectQuery,AuthzDBMType,<AuthzProviderAlias>,AuthzSendForbiddenOnFailure,BalancerGrowth,BalancerInherit,BalancerMember,BalancerPersist,BrotliAlterETag,BrotliCompressionMaxInputBlock,BrotliCompressionQuality,BrotliCompressionWindow,BrotliFilterNote,BrowserMatch,BrowserMatchNoCase,BufferedLogs,BufferSize,CacheDefaultExpire,CacheDetailHeader,CacheDirLength,CacheDirLevels,CacheDisable,CacheEnable,CacheFile,CacheHeader,CacheIgnoreCacheControl,CacheIgnoreHeaders,CacheIgnoreNoLastMod,CacheIgnoreQueryString,CacheIgnoreURLSessionIdentifiers,CacheKeyBaseURL,CacheLastModifiedFactor,CacheLock,CacheLockMaxAge,CacheLockPath,CacheMaxExpire,CacheMaxFileSize,CacheMinExpire,CacheMinFileSize,CacheNegotiatedDocs,CacheQuickHandler,CacheReadSize,CacheReadTime,CacheRoot,CacheSocache,CacheSocacheMaxSize,CacheSocacheMaxTime,CacheSocacheMinTime,CacheSocacheReadSize,CacheSocacheReadTime,CacheStaleOnError,CacheStoreExpired,CacheStoreNoStore,CacheStorePrivate,CGIDScriptTimeout,CGIMapExtension,CGIPassAuth,CGIVar,CharsetDefault,CharsetOptions,CharsetSourceEnc,CheckCaseOnly,CheckSpelling,ChrootDir,ContentDigest,CookieDomain,CookieExpires,CookieName,CookieStyle,CookieTracking,CoreDumpDirectory,CustomLog,Dav,DavDepthInfinity,DavGenericLockDB,DavLockDB,DavMinTimeout,DBDExptime,DBDInitSQL,DBDKeep,DBDMax,DBDMin,DBDParams,DBDPersist,DBDPrepareSQL,DBDriver,DefaultIcon,DefaultLanguage,DefaultRuntimeDir,DefaultType,Define,DeflateBufferSize,DeflateCompressionLevel,DeflateFilterNote,DeflateInflateLimitRequestBody,DeflateInflateRatioBurst,DeflateInflateRatioLimit,DeflateMemLevel,DeflateWindowSize,Deny,<Directory>,DirectoryCheckHandler,DirectoryIndex,DirectoryIndexRedirect,<DirectoryMatch>,DirectorySlash,DocumentRoot,DTracePrivileges,DumpIOInput,DumpIOOutput,<Else>,<ElseIf>,EnableExceptionHook,EnableMMAP,EnableSendfile,Error,ErrorDocument,ErrorLog,ErrorLogFormat,Example,ExpiresActive,ExpiresByType,ExpiresDefault,ExtendedStatus,ExtFilterDefine,ExtFilterOptions,FallbackResource,FileETag,<Files>,<FilesMatch>,FilterChain,FilterDeclare,FilterProtocol,FilterProvider,FilterTrace,ForceLanguagePriority,ForceType,ForensicLog,GlobalLog,GprofDir,GracefulShutdownTimeout,Group,H2CopyFiles,H2Direct,H2EarlyHints,H2MaxSessionStreams,H2MaxWorkerIdleSeconds,H2MaxWorkers,H2MinWorkers,H2ModernTLSOnly,H2Push,H2PushDiarySize,H2PushPriority,H2PushResource,H2SerializeHeaders,H2StreamMaxMemSize,H2TLSCoolDownSecs,H2TLSWarmUpSize,H2Upgrade,H2WindowSize,Header,HeaderName,HeartbeatAddress,HeartbeatListen,HeartbeatMaxServers,HeartbeatStorage,HeartbeatStorage,HostnameLookups,HttpProtocolOptions,IdentityCheck,IdentityCheckTimeout,<If>,<IfDefine>,<IfModule>,<IfVersion>,ImapBase,ImapDefault,ImapMenu,Include,IncludeOptional,IndexHeadInsert,IndexIgnore,IndexIgnoreReset,IndexOptions,IndexOrderDefault,IndexStyleSheet,InputSed,ISAPIAppendLogToErrors,ISAPIAppendLogToQuery,ISAPICacheFile,ISAPIFakeAsync,ISAPILogNotSupported,ISAPIReadAheadBuffer,KeepAlive,KeepAliveTimeout,KeptBodySize,LanguagePriority,LDAPCacheEntries,LDAPCacheTTL,LDAPConnectionPoolTTL,LDAPConnectionTimeout,LDAPLibraryDebug,LDAPOpCacheEntries,LDAPOpCacheTTL,LDAPReferralHopLimit,LDAPReferrals,LDAPRetries,LDAPRetryDelay,LDAPSharedCacheFile,LDAPSharedCacheSize,LDAPTimeout,LDAPTrustedClientCert,LDAPTrustedGlobalCert,LDAPTrustedMode,LDAPVerifyServerCert,<Limit>,<LimitExcept>,LimitInternalRecursion,LimitRequestBody,LimitRequestFields,LimitRequestFieldSize,LimitRequestLine,LimitXMLRequestBody,Listen,ListenBackLog,ListenCoresBucketsRatio,LoadFile,LoadModule,<Location>,<LocationMatch>,LogFormat,LogIOTrackTTFB,LogLevel,LogMessage,LuaAuthzProvider,LuaCodeCache,LuaHookAccessChecker,LuaHookAuthChecker,LuaHookCheckUserID,LuaHookFixups,LuaHookInsertFilter,LuaHookLog,LuaHookMapToStorage,LuaHookTranslateName,LuaHookTypeChecker,LuaInherit,LuaInputFilter,LuaMapHandler,LuaOutputFilter,LuaPackageCPath,LuaPackagePath,LuaQuickHandler,LuaRoot,LuaScope,<Macro>,MaxConnectionsPerChild,MaxKeepAliveRequests,MaxMemFree,MaxRangeOverlaps,MaxRangeReversals,MaxRanges,MaxRequestWorkers,MaxSpareServers,MaxSpareThreads,MaxThreads,MemcacheConnTTL,MergeTrailers,MetaDir,MetaFiles,MetaSuffix,MimeMagicFile,MinSpareServers,MinSpareThreads,MMapFile,ModemStandard,ModMimeUsePathInfo,MultiviewsMatch,Mutex,NameVirtualHost,NoProxy,NWSSLTrustedCerts,NWSSLUpgradeable,Options,Order,OutputSed,PassEnv,PidFile,PrivilegesMode,Protocol,ProtocolEcho,Protocols,ProtocolsHonorOrder,<Proxy>,ProxyAddHeaders,ProxyBadHeader,ProxyBlock,ProxyDomain,ProxyErrorOverride,ProxyExpressDBMFile,ProxyExpressDBMType,ProxyExpressEnable,ProxyFCGIBackendType,ProxyFCGISetEnvIf,ProxyFtpDirCharset,ProxyFtpEscapeWildcards,ProxyFtpListOnWildcard,ProxyHCExpr,ProxyHCTemplate,ProxyHCTPsize,ProxyHTMLBufSize,ProxyHTMLCharsetOut,ProxyHTMLDocType,ProxyHTMLEnable,ProxyHTMLEvents,ProxyHTMLExtended,ProxyHTMLFixups,ProxyHTMLInterp,ProxyHTMLLinks,ProxyHTMLMeta,ProxyHTMLStripComments,ProxyHTMLURLMap,ProxyIOBufferSize,<ProxyMatch>,ProxyMaxForwards,ProxyPass,ProxyPassInherit,ProxyPassInterpolateEnv,ProxyPassMatch,ProxyPassReverse,ProxyPassReverseCookieDomain,ProxyPassReverseCookiePath,ProxyPreserveHost,ProxyReceiveBufferSize,ProxyRemote,ProxyRemoteMatch,ProxyRequests,ProxySCGIInternalRedirect,ProxySCGISendfile,ProxySet,ProxySourceAddress,ProxyStatus,ProxyTimeout,ProxyVia,QualifyRedirectURL,ReadmeName,ReceiveBufferSize,Redirect,RedirectMatch,RedirectPermanent,RedirectTemp,ReflectorHeader,RegisterHttpMethod,RemoteIPHeader,RemoteIPInternalProxy,RemoteIPInternalProxyList,RemoteIPProxiesHeader,RemoteIPTrustedProxy,RemoteIPTrustedProxyList,RemoveCharset,RemoveEncoding,RemoveHandler,RemoveInputFilter,RemoveLanguage,RemoveOutputFilter,RemoveType,RequestHeader,RequestReadTimeout,Require,<RequireAll>,<RequireAny>,<RequireNone>,RewriteBase,RewriteCond,RewriteEngine,RewriteMap,RewriteOptions,RewriteRule,RLimitCPU,RLimitMEM,RLimitNPROC,Satisfy,ScoreBoardFile,Script,ScriptAlias,ScriptAliasMatch,ScriptInterpreterSource,ScriptLog,ScriptLogBuffer,ScriptLogLength,ScriptSock,SecureListen,SeeRequestTail,SendBufferSize,ServerAdmin,ServerAlias,ServerLimit,ServerName,ServerPath,ServerRoot,ServerSignature,ServerTokens,Session,SessionCookieName,SessionCookieName2,SessionCookieRemove,SessionCryptoCipher,SessionCryptoDriver,SessionCryptoPassphrase,SessionCryptoPassphraseFile,SessionDBDCookieName,SessionDBDCookieName2,SessionDBDCookieRemove,SessionDBDDeleteLabel,SessionDBDInsertLabel,SessionDBDPerUser,SessionDBDSelectLabel,SessionDBDUpdateLabel,SessionEnv,SessionExclude,SessionHeader,SessionInclude,SessionMaxAge,SetEnv,SetEnvIf,SetEnvIfExpr,SetEnvIfNoCase,SetHandler,SetInputFilter,SetOutputFilter,SSIEndTag,SSIErrorMsg,SSIETag,SSILastModified,SSILegacyExprParser,SSIStartTag,SSITimeFormat,SSIUndefinedEcho,SSLCACertificateFile,SSLCACertificatePath,SSLCADNRequestFile,SSLCADNRequestPath,SSLCARevocationCheck,SSLCARevocationFile,SSLCARevocationPath,SSLCertificateChainFile,SSLCertificateFile,SSLCertificateKeyFile,SSLCipherSuite,SSLCompression,SSLCryptoDevice,SSLEngine,SSLFIPS,SSLHonorCipherOrder,SSLInsecureRenegotiation,SSLOCSPDefaultResponder,SSLOCSPEnable,SSLOCSPNoverify,SSLOCSPOverrideResponder,SSLOCSPProxyURL,SSLOCSPResponderCertificateFile,SSLOCSPResponderTimeout,SSLOCSPResponseMaxAge,SSLOCSPResponseTimeSkew,SSLOCSPUseRequestNonce,SSLOpenSSLConfCmd,SSLOptions,SSLPassPhraseDialog,SSLProtocol,SSLProxyCACertificateFile,SSLProxyCACertificatePath,SSLProxyCARevocationCheck,SSLProxyCARevocationFile,SSLProxyCARevocationPath,SSLProxyCheckPeerCN,SSLProxyCheckPeerExpire,SSLProxyCheckPeerName,SSLProxyCipherSuite,SSLProxyEngine,SSLProxyMachineCertificateChainFile,SSLProxyMachineCertificateFile,SSLProxyMachineCertificatePath,SSLProxyProtocol,SSLProxyVerify,SSLProxyVerifyDepth,SSLRandomSeed,SSLRenegBufferSize,SSLRequire,SSLRequireSSL,SSLSessionCache,SSLSessionCacheTimeout,SSLSessionTicketKeyFile,SSLSessionTickets,SSLSRPUnknownUserSeed,SSLSRPVerifierFile,SSLStaplingCache,SSLStaplingErrorCacheTimeout,SSLStaplingFakeTryLater,SSLStaplingForceURL,SSLStaplingResponderTimeout,SSLStaplingResponseMaxAge,SSLStaplingResponseTimeSkew,SSLStaplingReturnResponderErrors,SSLStaplingStandardCacheTimeout,SSLStrictSNIVHostCheck,SSLUserName,SSLUseStapling,SSLVerifyClient,SSLVerifyDepth,StartServers,StartThreads,Substitute,SubstituteInheritBefore,SubstituteMaxLineLength,Suexec,SuexecUserGroup,ThreadLimit,ThreadsPerChild,ThreadStackSize,TimeOut,TraceEnable,TransferLog,TypesConfig,UnDefine,UndefMacro,UnsetEnv,Use,UseCanonicalName,UseCanonicalPhysicalPort,User,UserDir,VHostCGIMode,VHostCGIPrivs,VHostGroup,VHostPrivs,VHostSecure,VHostUser,VirtualDocumentRoot,VirtualDocumentRootIP,<VirtualHost>,VirtualScriptAlias,VirtualScriptAliasIP,WatchdogInterval,XBitHack,xml2EncAlias,xml2EncDefault,xml2StartParse"];
864+ var CONFIG_OPTIONS = /^[\\+\\-]?(AuthConfig|IncludesNOEXEC|ExecCGI|FollowSymLinks|MultiViews|Includes|Indexes|SymLinksIfOwnerMatch)\b/i;
865+ var ALL_KEYWORDS = [
866+ CPP_KEYWORDS, CSHARP_KEYWORDS, JSCRIPT_KEYWORDS, PERL_KEYWORDS +
867+ PYTHON_KEYWORDS, RUBY_KEYWORDS, SH_KEYWORDS, CONFIG_KEYWORDS, PHP_KEYWORDS];
868+ var C_TYPES = /^(DIR|FILE|vector|(de|priority_)?queue|list|stack|(const_)?iterator|(multi)?(set|map)|bitset|u?(int|float|char|void|const|static|struct)\d*(_t)?\b)|[a-z_]+_rec|cmd_parms\b/;
869+
870+ // token style names. correspond to css classes
871+ /**
872+ * token style for a string literal
873+ * @const
874+ */
875+ var PR_STRING = 'str';
876+ /**
877+ * token style for a keyword
878+ * @const
879+ */
880+ var PR_KEYWORD = 'kwd';
881+ /**
882+ * token style for a comment
883+ * @const
884+ */
885+ var PR_COMMENT = 'com';
886+ /**
887+ * token style for a type
888+ * @const
889+ */
890+ var PR_TYPE = 'typ';
891+ /**
892+ * token style for a literal value. e.g. 1, null, true.
893+ * @const
894+ */
895+ var PR_LITERAL = 'lit';
896+ /**
897+ * token style for a punctuation string.
898+ * @const
899+ */
900+ var PR_PUNCTUATION = 'pun';
901+ /**
902+ * token style for plain text.
903+ * @const
904+ */
905+ var PR_PLAIN = 'pln';
906+
907+ /**
908+ * token style for an sgml tag.
909+ * @const
910+ */
911+ var PR_TAG = 'tag';
912+ /**
913+ * token style for a markup declaration such as a DOCTYPE.
914+ * @const
915+ */
916+ var PR_DECLARATION = 'dec';
917+ /**
918+ * token style for embedded source.
919+ * @const
920+ */
921+ var PR_SOURCE = 'src';
922+ /**
923+ * token style for an sgml attribute name.
924+ * @const
925+ */
926+ var PR_ATTRIB_NAME = 'atn';
927+ /**
928+ * token style for an sgml attribute value.
929+ * @const
930+ */
931+ var PR_ATTRIB_VALUE = 'atv';
932+
933+ /**
934+ * A class that indicates a section of markup that is not code, e.g. to allow
935+ * embedding of line numbers within code listings.
936+ * @const
937+ */
938+ var PR_NOCODE = 'nocode';
939+
940+
941+
942+/**
943+ * A set of tokens that can precede a regular expression literal in
944+ * javascript
945+ * http://web.archive.org/web/20070717142515/http://www.mozilla.org/js/language/js20/rationale/syntax.html
946+ * has the full list, but I've removed ones that might be problematic when
947+ * seen in languages that don't support regular expression literals.
948+ *
949+ * <p>Specifically, I've removed any keywords that can't precede a regexp
950+ * literal in a syntactically legal javascript program, and I've removed the
951+ * "in" keyword since it's not a keyword in many languages, and might be used
952+ * as a count of inches.
953+ *
954+ * <p>The link above does not accurately describe EcmaScript rules since
955+ * it fails to distinguish between (a=++/b/i) and (a++/b/i) but it works
956+ * very well in practice.
957+ *
958+ * @private
959+ * @const
960+ */
961+var REGEXP_PRECEDER_PATTERN = '(?:^^\\.?|[+-]|[!=]=?=?|\\#|%=?|&&?=?|\\(|\\*=?|[+\\-]=|->|\\/=?|::?|<<?=?|>>?>?=?|,|;|\\?|@|\\[|~|{|\\^\\^?=?|\\|\\|?=?|break|case|continue|delete|do|else|finally|instanceof|return|throw|try|typeof)\\s*';
962+
963+// CAVEAT: this does not properly handle the case where a regular
964+// expression immediately follows another since a regular expression may
965+// have flags for case-sensitivity and the like. Having regexp tokens
966+// adjacent is not valid in any language I'm aware of, so I'm punting.
967+// TODO: maybe style special characters inside a regexp as punctuation.
968+
969+
970+ /**
971+ * Given a group of {@link RegExp}s, returns a {@code RegExp} that globally
972+ * matches the union of the sets of strings matched by the input RegExp.
973+ * Since it matches globally, if the input strings have a start-of-input
974+ * anchor (/^.../), it is ignored for the purposes of unioning.
975+ * @param {Array.<RegExp>} regexs non multiline, non-global regexs.
976+ * @return {RegExp} a global regex.
977+ */
978+ function combinePrefixPatterns(regexs) {
979+ var capturedGroupIndex = 0;
980+
981+ var needToFoldCase = false;
982+ var ignoreCase = false;
983+ for (var i = 0, n = regexs.length; i < n; ++i) {
984+ var regex = regexs[i];
985+ if (regex.ignoreCase) {
986+ ignoreCase = true;
987+ } else if (/[a-z]/i.test(regex.source.replace(
988+ /\\u[0-9a-f]{4}|\\x[0-9a-f]{2}|\\[^ux]/gi, ''))) {
989+ needToFoldCase = true;
990+ ignoreCase = false;
991+ break;
992+ }
993+ }
994+
995+ var escapeCharToCodeUnit = {
996+ 'b': 8,
997+ 't': 9,
998+ 'n': 0xa,
999+ 'v': 0xb,
1000+ 'f': 0xc,
1001+ 'r': 0xd
1002+ };
1003+
1004+ function decodeEscape(charsetPart) {
1005+ var cc0 = charsetPart.charCodeAt(0);
1006+ if (cc0 !== 92 /* \\ */) {
1007+ return cc0;
1008+ }
1009+ var c1 = charsetPart.charAt(1);
1010+ cc0 = escapeCharToCodeUnit[c1];
1011+ if (cc0) {
1012+ return cc0;
1013+ } else if ('0' <= c1 && c1 <= '7') {
1014+ return parseInt(charsetPart.substring(1), 8);
1015+ } else if (c1 === 'u' || c1 === 'x') {
1016+ return parseInt(charsetPart.substring(2), 16);
1017+ } else {
1018+ return charsetPart.charCodeAt(1);
1019+ }
1020+ }
1021+
1022+ function encodeEscape(charCode) {
1023+ if (charCode < 0x20) {
1024+ return (charCode < 0x10 ? '\\x0' : '\\x') + charCode.toString(16);
1025+ }
1026+ var ch = String.fromCharCode(charCode);
1027+ return (ch === '\\' || ch === '-' || ch === ']' || ch === '^')
1028+ ? "\\" + ch : ch;
1029+ }
1030+
1031+ function caseFoldCharset(charSet) {
1032+ var charsetParts = charSet.substring(1, charSet.length - 1).match(
1033+ new RegExp(
1034+ '\\\\u[0-9A-Fa-f]{4}'
1035+ + '|\\\\x[0-9A-Fa-f]{2}'
1036+ + '|\\\\[0-3][0-7]{0,2}'
1037+ + '|\\\\[0-7]{1,2}'
1038+ + '|\\\\[\\s\\S]'
1039+ + '|-'
1040+ + '|[^-\\\\]',
1041+ 'g'));
1042+ var ranges = [];
1043+ var inverse = charsetParts[0] === '^';
1044+
1045+ var out = ['['];
1046+ if (inverse) { out.push('^'); }
1047+
1048+ for (var i = inverse ? 1 : 0, n = charsetParts.length; i < n; ++i) {
1049+ var p = charsetParts[i];
1050+ if (/\\[bdsw]/i.test(p)) { // Don't muck with named groups.
1051+ out.push(p);
1052+ } else {
1053+ var start = decodeEscape(p);
1054+ var end;
1055+ if (i + 2 < n && '-' === charsetParts[i + 1]) {
1056+ end = decodeEscape(charsetParts[i + 2]);
1057+ i += 2;
1058+ } else {
1059+ end = start;
1060+ }
1061+ ranges.push([start, end]);
1062+ // If the range might intersect letters, then expand it.
1063+ // This case handling is too simplistic.
1064+ // It does not deal with non-latin case folding.
1065+ // It works for latin source code identifiers though.
1066+ if (!(end < 65 || start > 122)) {
1067+ if (!(end < 65 || start > 90)) {
1068+ ranges.push([Math.max(65, start) | 32, Math.min(end, 90) | 32]);
1069+ }
1070+ if (!(end < 97 || start > 122)) {
1071+ ranges.push([Math.max(97, start) & ~32, Math.min(end, 122) & ~32]);
1072+ }
1073+ }
1074+ }
1075+ }
1076+
1077+ // [[1, 10], [3, 4], [8, 12], [14, 14], [16, 16], [17, 17]]
1078+ // -> [[1, 12], [14, 14], [16, 17]]
1079+ ranges.sort(function (a, b) { return (a[0] - b[0]) || (b[1] - a[1]); });
1080+ var consolidatedRanges = [];
1081+ var lastRange = [];
1082+ for (var i = 0; i < ranges.length; ++i) {
1083+ var range = ranges[i];
1084+ if (range[0] <= lastRange[1] + 1) {
1085+ lastRange[1] = Math.max(lastRange[1], range[1]);
1086+ } else {
1087+ consolidatedRanges.push(lastRange = range);
1088+ }
1089+ }
1090+
1091+ for (var i = 0; i < consolidatedRanges.length; ++i) {
1092+ var range = consolidatedRanges[i];
1093+ out.push(encodeEscape(range[0]));
1094+ if (range[1] > range[0]) {
1095+ if (range[1] + 1 > range[0]) { out.push('-'); }
1096+ out.push(encodeEscape(range[1]));
1097+ }
1098+ }
1099+ out.push(']');
1100+ return out.join('');
1101+ }
1102+
1103+ function allowAnywhereFoldCaseAndRenumberGroups(regex) {
1104+ // Split into character sets, escape sequences, punctuation strings
1105+ // like ('(', '(?:', ')', '^'), and runs of characters that do not
1106+ // include any of the above.
1107+ var parts = regex.source.match(
1108+ new RegExp(
1109+ '(?:'
1110+ + '\\[(?:[^\\x5C\\x5D]|\\\\[\\s\\S])*\\]' // a character set
1111+ + '|\\\\u[A-Fa-f0-9]{4}' // a unicode escape
1112+ + '|\\\\x[A-Fa-f0-9]{2}' // a hex escape
1113+ + '|\\\\[0-9]+' // a back-reference or octal escape
1114+ + '|\\\\[^ux0-9]' // other escape sequence
1115+ + '|\\(\\?[:!=]' // start of a non-capturing group
1116+ + '|[\\(\\)\\^]' // start/end of a group, or line start
1117+ + '|[^\\x5B\\x5C\\(\\)\\^]+' // run of other characters
1118+ + ')',
1119+ 'g'));
1120+ var n = parts.length;
1121+
1122+ // Maps captured group numbers to the number they will occupy in
1123+ // the output or to -1 if that has not been determined, or to
1124+ // undefined if they need not be capturing in the output.
1125+ var capturedGroups = [];
1126+
1127+ // Walk over and identify back references to build the capturedGroups
1128+ // mapping.
1129+ for (var i = 0, groupIndex = 0; i < n; ++i) {
1130+ var p = parts[i];
1131+ if (p === '(') {
1132+ // groups are 1-indexed, so max group index is count of '('
1133+ ++groupIndex;
1134+ } else if ('\\' === p.charAt(0)) {
1135+ var decimalValue = +p.substring(1);
1136+ if (decimalValue) {
1137+ if (decimalValue <= groupIndex) {
1138+ capturedGroups[decimalValue] = -1;
1139+ } else {
1140+ // Replace with an unambiguous escape sequence so that
1141+ // an octal escape sequence does not turn into a backreference
1142+ // to a capturing group from an earlier regex.
1143+ parts[i] = encodeEscape(decimalValue);
1144+ }
1145+ }
1146+ }
1147+ }
1148+
1149+ // Renumber groups and reduce capturing groups to non-capturing groups
1150+ // where possible.
1151+ for (var i = 1; i < capturedGroups.length; ++i) {
1152+ if (-1 === capturedGroups[i]) {
1153+ capturedGroups[i] = ++capturedGroupIndex;
1154+ }
1155+ }
1156+ for (var i = 0, groupIndex = 0; i < n; ++i) {
1157+ var p = parts[i];
1158+ if (p === '(') {
1159+ ++groupIndex;
1160+ if (!capturedGroups[groupIndex]) {
1161+ parts[i] = '(?:';
1162+ }
1163+ } else if ('\\' === p.charAt(0)) {
1164+ var decimalValue = +p.substring(1);
1165+ if (decimalValue && decimalValue <= groupIndex) {
1166+ parts[i] = '\\' + capturedGroups[decimalValue];
1167+ }
1168+ }
1169+ }
1170+
1171+ // Remove any prefix anchors so that the output will match anywhere.
1172+ // ^^ really does mean an anchored match though.
1173+ for (var i = 0; i < n; ++i) {
1174+ if ('^' === parts[i] && '^' !== parts[i + 1]) { parts[i] = ''; }
1175+ }
1176+
1177+ // Expand letters to groups to handle mixing of case-sensitive and
1178+ // case-insensitive patterns if necessary.
1179+ if (regex.ignoreCase && needToFoldCase) {
1180+ for (var i = 0; i < n; ++i) {
1181+ var p = parts[i];
1182+ var ch0 = p.charAt(0);
1183+ if (p.length >= 2 && ch0 === '[') {
1184+ parts[i] = caseFoldCharset(p);
1185+ } else if (ch0 !== '\\') {
1186+ // TODO: handle letters in numeric escapes.
1187+ parts[i] = p.replace(
1188+ /[a-zA-Z]/g,
1189+ function (ch) {
1190+ var cc = ch.charCodeAt(0);
1191+ return '[' + String.fromCharCode(cc & ~32, cc | 32) + ']';
1192+ });
1193+ }
1194+ }
1195+ }
1196+
1197+ return parts.join('');
1198+ }
1199+
1200+ var rewritten = [];
1201+ for (var i = 0, n = regexs.length; i < n; ++i) {
1202+ var regex = regexs[i];
1203+ if (regex.global || regex.multiline) { throw new Error('' + regex); }
1204+ rewritten.push(
1205+ '(?:' + allowAnywhereFoldCaseAndRenumberGroups(regex) + ')');
1206+ }
1207+
1208+ return new RegExp(rewritten.join('|'), ignoreCase ? 'gi' : 'g');
1209+ }
1210+
1211+
1212+ /**
1213+ * Split markup into a string of source code and an array mapping ranges in
1214+ * that string to the text nodes in which they appear.
1215+ *
1216+ * <p>
1217+ * The HTML DOM structure:</p>
1218+ * <pre>
1219+ * (Element "p"
1220+ * (Element "b"
1221+ * (Text "print ")) ; #1
1222+ * (Text "'Hello '") ; #2
1223+ * (Element "br") ; #3
1224+ * (Text " + 'World';")) ; #4
1225+ * </pre>
1226+ * <p>
1227+ * corresponds to the HTML
1228+ * {@code <p><b>print </b>'Hello '<br> + 'World';</p>}.</p>
1229+ *
1230+ * <p>
1231+ * It will produce the output:</p>
1232+ * <pre>
1233+ * {
1234+ * sourceCode: "print 'Hello '\n + 'World';",
1235+ * // 1 2
1236+ * // 012345678901234 5678901234567
1237+ * spans: [0, #1, 6, #2, 14, #3, 15, #4]
1238+ * }
1239+ * </pre>
1240+ * <p>
1241+ * where #1 is a reference to the {@code "print "} text node above, and so
1242+ * on for the other text nodes.
1243+ * </p>
1244+ *
1245+ * <p>
1246+ * The {@code} spans array is an array of pairs. Even elements are the start
1247+ * indices of substrings, and odd elements are the text nodes (or BR elements)
1248+ * that contain the text for those substrings.
1249+ * Substrings continue until the next index or the end of the source.
1250+ * </p>
1251+ *
1252+ * @param {Node} node an HTML DOM subtree containing source-code.
1253+ * @param {boolean} isPreformatted true if white-space in text nodes should
1254+ * be considered significant.
1255+ * @return {Object} source code and the text nodes in which they occur.
1256+ */
1257+ function extractSourceSpans(node, isPreformatted) {
1258+ var nocode = /(?:^|\s)nocode(?:\s|$)/;
1259+
1260+ var chunks = [];
1261+ var length = 0;
1262+ var spans = [];
1263+ var k = 0;
1264+
1265+ function walk(node) {
1266+ switch (node.nodeType) {
1267+ case 1: // Element
1268+ if (nocode.test(node.className)) { return; }
1269+ for (var child = node.firstChild; child; child = child.nextSibling) {
1270+ walk(child);
1271+ }
1272+ var nodeName = node.nodeName.toLowerCase();
1273+ if ('br' === nodeName || 'li' === nodeName) {
1274+ chunks[k] = '\n';
1275+ spans[k << 1] = length++;
1276+ spans[(k++ << 1) | 1] = node;
1277+ }
1278+ break;
1279+ case 3: case 4: // Text
1280+ var text = node.nodeValue;
1281+ if (text.length) {
1282+ if (!isPreformatted) {
1283+ text = text.replace(/[ \t\r\n]+/g, ' ');
1284+ } else {
1285+ text = text.replace(/\r\n?/g, '\n'); // Normalize newlines.
1286+ text = text.replace(/^(\r?\n\s*)+/g, ''); // Remove leading newlines
1287+ text = text.replace(/^\s*/g, ''); // Remove leading spaces due to indented formatting
1288+ text = text.replace(/(\r?\n\s*)+$/g, ''); // Remove ending newlines
1289+
1290+ }
1291+ // TODO: handle tabs here?
1292+ chunks[k] = text;
1293+ spans[k << 1] = length;
1294+ length += text.length;
1295+ spans[(k++ << 1) | 1] = node;
1296+ }
1297+ break;
1298+ }
1299+ }
1300+
1301+ walk(node);
1302+
1303+ return {
1304+ sourceCode: chunks.join('').replace(/\n$/, ''),
1305+ spans: spans
1306+ };
1307+ }
1308+
1309+
1310+ /**
1311+ * Apply the given language handler to sourceCode and add the resulting
1312+ * decorations to out.
1313+ * @param {number} basePos the index of sourceCode within the chunk of source
1314+ * whose decorations are already present on out.
1315+ */
1316+ function appendDecorations(basePos, sourceCode, langHandler, out) {
1317+ if (!sourceCode) { return; }
1318+ var job = {
1319+ sourceCode: sourceCode,
1320+ basePos: basePos
1321+ };
1322+ langHandler(job);
1323+ out.push.apply(out, job.decorations);
1324+ }
1325+
1326+ var notWs = /\S/;
1327+
1328+ /**
1329+ * Given an element, if it contains only one child element and any text nodes
1330+ * it contains contain only space characters, return the sole child element.
1331+ * Otherwise returns undefined.
1332+ * <p>
1333+ * This is meant to return the CODE element in {@code <pre><code ...>} when
1334+ * there is a single child element that contains all the non-space textual
1335+ * content, but not to return anything where there are multiple child elements
1336+ * as in {@code <pre><code>...</code><code>...</code></pre>} or when there
1337+ * is textual content.
1338+ */
1339+ function childContentWrapper(element) {
1340+ var wrapper = undefined;
1341+ for (var c = element.firstChild; c; c = c.nextSibling) {
1342+ var type = c.nodeType;
1343+ wrapper = (type === 1) // Element Node
1344+ ? (wrapper ? element : c)
1345+ : (type === 3) // Text Node
1346+ ? (notWs.test(c.nodeValue) ? element : wrapper)
1347+ : wrapper;
1348+ }
1349+ return wrapper === element ? undefined : wrapper;
1350+ }
1351+
1352+ /** Given triples of [style, pattern, context] returns a lexing function,
1353+ * The lexing function interprets the patterns to find token boundaries and
1354+ * returns a decoration list of the form
1355+ * [index_0, style_0, index_1, style_1, ..., index_n, style_n]
1356+ * where index_n is an index into the sourceCode, and style_n is a style
1357+ * constant like PR_PLAIN. index_n-1 <= index_n, and style_n-1 applies to
1358+ * all characters in sourceCode[index_n-1:index_n].
1359+ *
1360+ * The stylePatterns is a list whose elements have the form
1361+ * [style : string, pattern : RegExp, DEPRECATED, shortcut : string].
1362+ *
1363+ * Style is a style constant like PR_PLAIN, or can be a string of the
1364+ * form 'lang-FOO', where FOO is a language extension describing the
1365+ * language of the portion of the token in $1 after pattern executes.
1366+ * E.g., if style is 'lang-lisp', and group 1 contains the text
1367+ * '(hello (world))', then that portion of the token will be passed to the
1368+ * registered lisp handler for formatting.
1369+ * The text before and after group 1 will be restyled using this decorator
1370+ * so decorators should take care that this doesn't result in infinite
1371+ * recursion. For example, the HTML lexer rule for SCRIPT elements looks
1372+ * something like ['lang-js', /<[s]cript>(.+?)<\/script>/]. This may match
1373+ * '<script>foo()<\/script>', which would cause the current decorator to
1374+ * be called with '<script>' which would not match the same rule since
1375+ * group 1 must not be empty, so it would be instead styled as PR_TAG by
1376+ * the generic tag rule. The handler registered for the 'js' extension would
1377+ * then be called with 'foo()', and finally, the current decorator would
1378+ * be called with '<\/script>' which would not match the original rule and
1379+ * so the generic tag rule would identify it as a tag.
1380+ *
1381+ * Pattern must only match prefixes, and if it matches a prefix, then that
1382+ * match is considered a token with the same style.
1383+ *
1384+ * Context is applied to the last non-whitespace, non-comment token
1385+ * recognized.
1386+ *
1387+ * Shortcut is an optional string of characters, any of which, if the first
1388+ * character, gurantee that this pattern and only this pattern matches.
1389+ *
1390+ * @param {Array} shortcutStylePatterns patterns that always start with
1391+ * a known character. Must have a shortcut string.
1392+ * @param {Array} fallthroughStylePatterns patterns that will be tried in
1393+ * order if the shortcut ones fail. May have shortcuts.
1394+ *
1395+ * @return {function (Object)} a
1396+ * function that takes source code and returns a list of decorations.
1397+ */
1398+ function createSimpleLexer(shortcutStylePatterns, fallthroughStylePatterns) {
1399+ var shortcuts = {};
1400+ var tokenizer;
1401+ (function () {
1402+ var allPatterns = shortcutStylePatterns.concat(fallthroughStylePatterns);
1403+ var allRegexs = [];
1404+ var regexKeys = {};
1405+ for (var i = 0, n = allPatterns.length; i < n; ++i) {
1406+ var patternParts = allPatterns[i];
1407+ var shortcutChars = patternParts[3];
1408+ if (shortcutChars) {
1409+ for (var c = shortcutChars.length; --c >= 0;) {
1410+ shortcuts[shortcutChars.charAt(c)] = patternParts;
1411+ }
1412+ }
1413+ var regex = patternParts[1];
1414+ var k = '' + regex;
1415+ if (!regexKeys.hasOwnProperty(k)) {
1416+ allRegexs.push(regex);
1417+ regexKeys[k] = null;
1418+ }
1419+ }
1420+ allRegexs.push(/[\0-\uffff]/);
1421+ tokenizer = combinePrefixPatterns(allRegexs);
1422+ })();
1423+
1424+ var nPatterns = fallthroughStylePatterns.length;
1425+
1426+ /**
1427+ * Lexes job.sourceCode and produces an output array job.decorations of
1428+ * style classes preceded by the position at which they start in
1429+ * job.sourceCode in order.
1430+ *
1431+ * @param {Object} job an object like <pre>{
1432+ * sourceCode: {string} sourceText plain text,
1433+ * basePos: {int} position of job.sourceCode in the larger chunk of
1434+ * sourceCode.
1435+ * }</pre>
1436+ */
1437+ var decorate = function (job) {
1438+ var sourceCode = job.sourceCode, basePos = job.basePos;
1439+ /** Even entries are positions in source in ascending order. Odd enties
1440+ * are style markers (e.g., PR_COMMENT) that run from that position until
1441+ * the end.
1442+ * @type {Array.<number|string>}
1443+ */
1444+ var decorations = [basePos, PR_PLAIN];
1445+ var pos = 0; // index into sourceCode
1446+ var tokens = sourceCode.match(tokenizer) || [];
1447+ var styleCache = {};
1448+
1449+ for (var ti = 0, nTokens = tokens.length; ti < nTokens; ++ti) {
1450+ var token = tokens[ti];
1451+ var style = styleCache[token];
1452+ var match = void 0;
1453+
1454+ var isEmbedded;
1455+ if (typeof style === 'string') {
1456+ isEmbedded = false;
1457+ } else {
1458+ var patternParts = shortcuts[token.charAt(0)];
1459+ if (patternParts) {
1460+ match = token.match(patternParts[1]);
1461+ style = patternParts[0];
1462+ } else {
1463+ for (var i = 0; i < nPatterns; ++i) {
1464+ patternParts = fallthroughStylePatterns[i];
1465+ match = token.match(patternParts[1]);
1466+ if (match) {
1467+ style = patternParts[0];
1468+ break;
1469+ }
1470+ }
1471+
1472+ if (!match) { // make sure that we make progress
1473+ style = PR_PLAIN;
1474+ }
1475+ }
1476+
1477+ isEmbedded = style.length >= 5 && 'lang-' === style.substring(0, 5);
1478+ if (isEmbedded && !(match && typeof match[1] === 'string')) {
1479+ isEmbedded = false;
1480+ style = PR_SOURCE;
1481+ }
1482+
1483+ if (!isEmbedded) { styleCache[token] = style; }
1484+ }
1485+
1486+ var tokenStart = pos;
1487+ pos += token.length;
1488+
1489+ if (!isEmbedded) {
1490+ decorations.push(basePos + tokenStart, style);
1491+ } else { // Treat group 1 as an embedded block of source code.
1492+ var embeddedSource = match[1];
1493+ var embeddedSourceStart = token.indexOf(embeddedSource);
1494+ var embeddedSourceEnd = embeddedSourceStart + embeddedSource.length;
1495+ if (match[2]) {
1496+ // If embeddedSource can be blank, then it would match at the
1497+ // beginning which would cause us to infinitely recurse on the
1498+ // entire token, so we catch the right context in match[2].
1499+ embeddedSourceEnd = token.length - match[2].length;
1500+ embeddedSourceStart = embeddedSourceEnd - embeddedSource.length;
1501+ }
1502+ var lang = style.substring(5);
1503+ // Decorate the left of the embedded source
1504+ appendDecorations(
1505+ basePos + tokenStart,
1506+ token.substring(0, embeddedSourceStart),
1507+ decorate, decorations);
1508+ // Decorate the embedded source
1509+ appendDecorations(
1510+ basePos + tokenStart + embeddedSourceStart,
1511+ embeddedSource,
1512+ langHandlerForExtension(lang, embeddedSource),
1513+ decorations);
1514+ // Decorate the right of the embedded section
1515+ appendDecorations(
1516+ basePos + tokenStart + embeddedSourceEnd,
1517+ token.substring(embeddedSourceEnd),
1518+ decorate, decorations);
1519+ }
1520+ }
1521+ job.decorations = decorations;
1522+ };
1523+ return decorate;
1524+ }
1525+
1526+ /** returns a function that produces a list of decorations from source text.
1527+ *
1528+ * This code treats ", ', and ` as string delimiters, and \ as a string
1529+ * escape. It does not recognize perl's qq() style strings.
1530+ * It has no special handling for double delimiter escapes as in basic, or
1531+ * the tripled delimiters used in python, but should work on those regardless
1532+ * although in those cases a single string literal may be broken up into
1533+ * multiple adjacent string literals.
1534+ *
1535+ * It recognizes C, C++, and shell style comments.
1536+ *
1537+ * @param {Object} options a set of optional parameters.
1538+ * @return {function (Object)} a function that examines the source code
1539+ * in the input job and builds the decoration list.
1540+ */
1541+ function sourceDecorator(options) {
1542+ var shortcutStylePatterns = [], fallthroughStylePatterns = [];
1543+ if (options['tripleQuotedStrings']) {
1544+ // '''multi-line-string''', 'single-line-string', and double-quoted
1545+ shortcutStylePatterns.push(
1546+ [PR_STRING, /^(?:\'\'\'(?:[^\'\\]|\\[\s\S]|\'{1,2}(?=[^\']))*(?:\'\'\'|$)|\"\"\"(?:[^\"\\]|\\[\s\S]|\"{1,2}(?=[^\"]))*(?:\"\"\"|$)|\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$))/,
1547+ null, '\'"']);
1548+ } else if (options['multiLineStrings']) {
1549+ // 'multi-line-string', "multi-line-string"
1550+ shortcutStylePatterns.push(
1551+ [PR_STRING, /^(?:\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$)|\`(?:[^\\\`]|\\[\s\S])*(?:\`|$))/,
1552+ null, '\'"`']);
1553+ } else {
1554+ // 'single-line-string', "single-line-string"
1555+ shortcutStylePatterns.push(
1556+ [PR_STRING,
1557+ /^(?:\'(?:[^\\\'\r\n]|\\.)*(?:\'|$)|\"(?:[^\\\"\r\n]|\\.)*(?:\"|$))/,
1558+ null, '"\'']);
1559+ }
1560+ if (options['verbatimStrings']) {
1561+ // verbatim-string-literal production from the C# grammar. See issue 93.
1562+ fallthroughStylePatterns.push(
1563+ [PR_STRING, /^@\"(?:[^\"]|\"\")*(?:\"|$)/, null]);
1564+ }
1565+ var hc = options['hashComments'];
1566+ if (hc) {
1567+ if (options['cStyleComments']) {
1568+ if (hc > 1) { // multiline hash comments
1569+ shortcutStylePatterns.push(
1570+ [PR_COMMENT, /^#(?:##(?:[^#]|#(?!##))*(?:###|$)|.*)/, null, '#']);
1571+ } else {
1572+ // Stop C preprocessor declarations at an unclosed open comment
1573+ shortcutStylePatterns.push(
1574+ [PR_COMMENT, /^#(?:(?:define|elif|else|endif|error|ifdef|include|ifndef|line|pragma|undef|warning)\b|[^\r\n]*)/,
1575+ null, '#']);
1576+ }
1577+ // #include <stdio.h>
1578+ fallthroughStylePatterns.push(
1579+ [PR_STRING,
1580+ /^<(?:(?:(?:\.\.\/)*|\/?)(?:[\w-]+(?:\/[\w-]+)+)?[\w-]+\.h(?:h|pp|\+\+)?|[a-z]\w*)>/,
1581+ null]);
1582+ } else {
1583+ shortcutStylePatterns.push([PR_COMMENT, /^#[^\r\n]*/, null, '#']);
1584+ }
1585+ }
1586+ if (options['cStyleComments']) {
1587+ fallthroughStylePatterns.push([PR_COMMENT, /^\/\/[^\r\n]*/, null]);
1588+ fallthroughStylePatterns.push(
1589+ [PR_COMMENT, /^\/\*[\s\S]*?(?:\*\/|$)/, null]);
1590+ }
1591+ if (options['regexLiterals']) {
1592+ /**
1593+ * @const
1594+ */
1595+ var REGEX_LITERAL = (
1596+ // A regular expression literal starts with a slash that is
1597+ // not followed by * or / so that it is not confused with
1598+ // comments.
1599+ '/(?=[^/*])'
1600+ // and then contains any number of raw characters,
1601+ + '(?:[^/\\x5B\\x5C]'
1602+ // escape sequences (\x5C),
1603+ + '|\\x5C[\\s\\S]'
1604+ // or non-nesting character sets (\x5B\x5D);
1605+ + '|\\x5B(?:[^\\x5C\\x5D]|\\x5C[\\s\\S])*(?:\\x5D|$))+'
1606+ // finally closed by a /.
1607+ + '/');
1608+ fallthroughStylePatterns.push(
1609+ ['lang-regex',
1610+ new RegExp('^' + REGEXP_PRECEDER_PATTERN + '(' + REGEX_LITERAL + ')')
1611+ ]);
1612+ }
1613+
1614+ var types = options['types'];
1615+ if (types) {
1616+ fallthroughStylePatterns.push([PR_TYPE, types]);
1617+ }
1618+
1619+ if (options['strings']) {
1620+ var strings = ("" + options['strings']).replace(/^ | $/g, '').replace(/-/g, '\\-');
1621+ fallthroughStylePatterns.push(
1622+ [PR_STRING,
1623+ new RegExp('(?:' + strings.replace(/[\s,]+/g, '|') + ')'),
1624+ , null]
1625+ );
1626+ }
1627+
1628+ var keywords = ("" + options['keywords']).replace(/^ | $/g, '');
1629+ if (keywords.length) {
1630+ fallthroughStylePatterns.push(
1631+ [PR_KEYWORD,
1632+ new RegExp('^(?:' + keywords.replace(/[\s,]+/g, '|') + ')\\b'),
1633+ null]);
1634+ }
1635+
1636+ shortcutStylePatterns.push([PR_PLAIN, /^\s+/, null, ' \r\n\t\xA0']);
1637+ if (options['httpdComments']) {
1638+ fallthroughStylePatterns.push(
1639+ [PR_PLAIN, /^.*\S.*#/i, null]
1640+ );
1641+ }
1642+
1643+ fallthroughStylePatterns.push(
1644+ // TODO(mikesamuel): recognize non-latin letters and numerals in idents
1645+ [PR_LITERAL, /^@[a-z_$][a-z_$@0-9]*|\bNULL\b/i, null],
1646+ [PR_LITERAL, CONFIG_OPTIONS, null],
1647+ //[PR_STRING, CONFIG_ENVS, null],
1648+ [PR_TAG, /^\b(AuthzProviderAlias|AuthnProviderAlias|RequireAny|RequireAll|RequireNone|Directory|DirectoryMatch|Location|LocationMatch|VirtualHost|If|Else|ElseIf|Proxy\b|LoadBalancer|Files|FilesMatch|Limit|LimitExcept|IfDefine|IfModule|IfVersion)\b/, null],
1649+ [PR_TYPE, /^(?:[@_]?[A-Z]+[a-z][A-Za-z_$@0-9]*|\w+_(t|req|module)\b)/, null],
1650+ [PR_TAG, /^apr_[a-z_0-9]+|ap_[a-z_0-9]+/i, null],
1651+ [PR_PLAIN, /^[a-z_$][a-z_$@0-9\-]*/i, null],
1652+ [PR_LITERAL,
1653+ new RegExp(
1654+ '^(?:'
1655+ // A hex number
1656+ + '0x[a-f0-9]+'
1657+ // An IPv6 Address
1658+ + '|[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+'
1659+ // or an octal or decimal number,
1660+ + '|(?:\\d(?:_\\d+)*\\d*(?:\\.\\d*)?|\\.\\d\\+)'
1661+ // possibly in scientific notation
1662+ + '(?:e[+\\-]?\\d+)?'
1663+ + ')'
1664+ // with an optional modifier like UL for unsigned long
1665+ + '[a-z]*', 'i'),
1666+ null, '0123456789'],
1667+ // Don't treat escaped quotes in bash as starting strings. See issue 144.
1668+ [PR_PLAIN, /^\\[\s\S]?/, null],
1669+ [PR_PUNCTUATION, /^.[^\s\w\.$@\'\"\`\/\#\\]*/, null]);
1670+
1671+ return createSimpleLexer(shortcutStylePatterns, fallthroughStylePatterns);
1672+ }
1673+
1674+ var decorateSource = sourceDecorator({
1675+ 'keywords': ALL_KEYWORDS,
1676+ 'hashComments': true,
1677+ 'cStyleComments': true,
1678+ 'multiLineStrings': true,
1679+ 'regexLiterals': true
1680+ });
1681+
1682+ /**
1683+ * Given a DOM subtree, wraps it in a list, and puts each line into its own
1684+ * list item.
1685+ *
1686+ * @param {Node} node modified in place. Its content is pulled into an
1687+ * HTMLOListElement, and each line is moved into a separate list item.
1688+ * This requires cloning elements, so the input might not have unique
1689+ * IDs after numbering.
1690+ * @param {boolean} isPreformatted true iff white-space in text nodes should
1691+ * be treated as significant.
1692+ */
1693+ function numberLines(node, opt_startLineNum, isPreformatted) {
1694+ var nocode = /(?:^|\s)nocode(?:\s|$)/;
1695+ var lineBreak = /\r\n?|\n/;
1696+
1697+ var document = node.ownerDocument;
1698+
1699+ var li = document.createElement('li');
1700+ while (node.firstChild) {
1701+ li.appendChild(node.firstChild);
1702+ }
1703+ // An array of lines. We split below, so this is initialized to one
1704+ // un-split line.
1705+ var listItems = [li];
1706+
1707+ function walk(node) {
1708+ switch (node.nodeType) {
1709+ case 1: // Element
1710+ if (nocode.test(node.className)) { break; }
1711+ if ('br' === node.nodeName) {
1712+ breakAfter(node);
1713+ // Discard the <BR> since it is now flush against a </LI>.
1714+ if (node.parentNode) {
1715+ node.parentNode.removeChild(node);
1716+ }
1717+ } else {
1718+ for (var child = node.firstChild; child; child = child.nextSibling) {
1719+ walk(child);
1720+ }
1721+ }
1722+ break;
1723+ case 3: case 4: // Text
1724+ if (isPreformatted) {
1725+ var text = node.nodeValue;
1726+ var match = text.match(lineBreak);
1727+ if (match) {
1728+ var firstLine = text.substring(0, match.index);
1729+ node.nodeValue = firstLine;
1730+ var tail = text.substring(match.index + match[0].length);
1731+ if (tail) {
1732+ var parent = node.parentNode;
1733+ parent.insertBefore(
1734+ document.createTextNode(tail), node.nextSibling);
1735+ }
1736+ breakAfter(node);
1737+ if (!firstLine) {
1738+ // Don't leave blank text nodes in the DOM.
1739+ node.parentNode.removeChild(node);
1740+ }
1741+ }
1742+ }
1743+ break;
1744+ }
1745+ }
1746+
1747+ // Split a line after the given node.
1748+ function breakAfter(lineEndNode) {
1749+ // If there's nothing to the right, then we can skip ending the line
1750+ // here, and move root-wards since splitting just before an end-tag
1751+ // would require us to create a bunch of empty copies.
1752+ while (!lineEndNode.nextSibling) {
1753+ lineEndNode = lineEndNode.parentNode;
1754+ if (!lineEndNode) { return; }
1755+ }
1756+
1757+ function breakLeftOf(limit, copy) {
1758+ // Clone shallowly if this node needs to be on both sides of the break.
1759+ var rightSide = copy ? limit.cloneNode(false) : limit;
1760+ var parent = limit.parentNode;
1761+ if (parent) {
1762+ // We clone the parent chain.
1763+ // This helps us resurrect important styling elements that cross lines.
1764+ // E.g. in <i>Foo<br>Bar</i>
1765+ // should be rewritten to <li><i>Foo</i></li><li><i>Bar</i></li>.
1766+ var parentClone = breakLeftOf(parent, 1);
1767+ // Move the clone and everything to the right of the original
1768+ // onto the cloned parent.
1769+ var next = limit.nextSibling;
1770+ parentClone.appendChild(rightSide);
1771+ for (var sibling = next; sibling; sibling = next) {
1772+ next = sibling.nextSibling;
1773+ parentClone.appendChild(sibling);
1774+ }
1775+ }
1776+ return rightSide;
1777+ }
1778+
1779+ var copiedListItem = breakLeftOf(lineEndNode.nextSibling, 0);
1780+
1781+ // Walk the parent chain until we reach an unattached LI.
1782+ for (var parent;
1783+ // Check nodeType since IE invents document fragments.
1784+ (parent = copiedListItem.parentNode) && parent.nodeType === 1;) {
1785+ copiedListItem = parent;
1786+ }
1787+ // Put it on the list of lines for later processing.
1788+ listItems.push(copiedListItem);
1789+ }
1790+
1791+ // Split lines while there are lines left to split.
1792+ for (var i = 0; // Number of lines that have been split so far.
1793+ i < listItems.length; // length updated by breakAfter calls.
1794+ ++i) {
1795+ walk(listItems[i]);
1796+ }
1797+
1798+ // Make sure numeric indices show correctly.
1799+ if (opt_startLineNum === (opt_startLineNum|0)) {
1800+ listItems[0].setAttribute('value', opt_startLineNum);
1801+ }
1802+
1803+ var ol = document.createElement('ol');
1804+ ol.className = 'linenums';
1805+ var offset = Math.max(0, ((opt_startLineNum - 1 /* zero index */)) | 0) || 0;
1806+ for (var i = 0, n = listItems.length; i < n; ++i) {
1807+ li = listItems[i];
1808+ // Stick a class on the LIs so that stylesheets can
1809+ // color odd/even rows, or any other row pattern that
1810+ // is co-prime with 10.
1811+ li.className = 'L' + ((i + offset) % 1);
1812+ if (!li.firstChild) {
1813+ li.appendChild(document.createTextNode('\xA0'));
1814+ }
1815+ ol.appendChild(li);
1816+ }
1817+
1818+ node.appendChild(ol);
1819+ }
1820+
1821+ /**
1822+ * Breaks {@code job.sourceCode} around style boundaries in
1823+ * {@code job.decorations} and modifies {@code job.sourceNode} in place.
1824+ * @param {Object} job like <pre>{
1825+ * sourceCode: {string} source as plain text,
1826+ * spans: {Array.<number|Node>} alternating span start indices into source
1827+ * and the text node or element (e.g. {@code <BR>}) corresponding to that
1828+ * span.
1829+ * decorations: {Array.<number|string} an array of style classes preceded
1830+ * by the position at which they start in job.sourceCode in order
1831+ * }</pre>
1832+ * @private
1833+ */
1834+ function recombineTagsAndDecorations(job) {
1835+ var isIE8OrEarlier = /\bMSIE\s(\d+)/.exec(navigator.userAgent);
1836+ isIE8OrEarlier = isIE8OrEarlier && +isIE8OrEarlier[1] <= 8;
1837+ var newlineRe = /\n/g;
1838+
1839+ var source = job.sourceCode;
1840+ var sourceLength = source.length;
1841+ // Index into source after the last code-unit recombined.
1842+ var sourceIndex = 0;
1843+
1844+ var spans = job.spans;
1845+ var nSpans = spans.length;
1846+ // Index into spans after the last span which ends at or before sourceIndex.
1847+ var spanIndex = 0;
1848+
1849+ var decorations = job.decorations;
1850+ var nDecorations = decorations.length;
1851+ // Index into decorations after the last decoration which ends at or before
1852+ // sourceIndex.
1853+ var decorationIndex = 0;
1854+
1855+ // Remove all zero-length decorations.
1856+ decorations[nDecorations] = sourceLength;
1857+ var decPos, i;
1858+ for (i = decPos = 0; i < nDecorations;) {
1859+ if (decorations[i] !== decorations[i + 2]) {
1860+ decorations[decPos++] = decorations[i++];
1861+ decorations[decPos++] = decorations[i++];
1862+ } else {
1863+ i += 2;
1864+ }
1865+ }
1866+ nDecorations = decPos;
1867+
1868+ // Simplify decorations.
1869+ for (i = decPos = 0; i < nDecorations;) {
1870+ var startPos = decorations[i];
1871+ // Conflate all adjacent decorations that use the same style.
1872+ var startDec = decorations[i + 1];
1873+ var end = i + 2;
1874+ while (end + 2 <= nDecorations && decorations[end + 1] === startDec) {
1875+ end += 2;
1876+ }
1877+ decorations[decPos++] = startPos;
1878+ decorations[decPos++] = startDec;
1879+ i = end;
1880+ }
1881+
1882+ nDecorations = decorations.length = decPos;
1883+
1884+ var sourceNode = job.sourceNode;
1885+ var oldDisplay;
1886+ if (sourceNode) {
1887+ oldDisplay = sourceNode.style.display;
1888+ sourceNode.style.display = 'none';
1889+ }
1890+ try {
1891+ var decoration = null;
1892+ var X = 0;
1893+ while (spanIndex < nSpans) {
1894+ X = X + 1;
1895+ if (X > 5000) { break; }
1896+ var spanStart = spans[spanIndex];
1897+ var spanEnd = spans[spanIndex + 2] || sourceLength;
1898+
1899+ var decEnd = decorations[decorationIndex + 2] || sourceLength;
1900+
1901+ var end = Math.min(spanEnd, decEnd);
1902+
1903+ var textNode = spans[spanIndex + 1];
1904+ var styledText;
1905+ if (textNode.nodeType !== 1 // Don't muck with <BR>s or <LI>s
1906+ // Don't introduce spans around empty text nodes.
1907+ && (styledText = source.substring(sourceIndex, end))) {
1908+ // This may seem bizarre, and it is. Emitting LF on IE causes the
1909+ // code to display with spaces instead of line breaks.
1910+ // Emitting Windows standard issue linebreaks (CRLF) causes a blank
1911+ // space to appear at the beginning of every line but the first.
1912+ // Emitting an old Mac OS 9 line separator makes everything spiffy.
1913+ if (isIE8OrEarlier) {
1914+ styledText = styledText.replace(newlineRe, '\r');
1915+ }
1916+ textNode.nodeValue = styledText;
1917+ var document = textNode.ownerDocument;
1918+ var span = document.createElement('span');
1919+ span.className = decorations[decorationIndex + 1];
1920+ var parentNode = textNode.parentNode;
1921+ parentNode.replaceChild(span, textNode);
1922+ span.appendChild(textNode);
1923+ if (sourceIndex < spanEnd) { // Split off a text node.
1924+ spans[spanIndex + 1] = textNode
1925+ // TODO: Possibly optimize by using '' if there's no flicker.
1926+ = document.createTextNode(source.substring(end, spanEnd));
1927+ parentNode.insertBefore(textNode, span.nextSibling);
1928+ }
1929+ }
1930+
1931+ sourceIndex = end;
1932+
1933+ if (sourceIndex >= spanEnd) {
1934+ spanIndex += 2;
1935+ }
1936+ if (sourceIndex >= decEnd) {
1937+ decorationIndex += 2;
1938+ }
1939+ }
1940+ } finally {
1941+ if (sourceNode) {
1942+ sourceNode.style.display = oldDisplay;
1943+ }
1944+ }
1945+ }
1946+
1947+
1948+ /** Maps language-specific file extensions to handlers. */
1949+ var langHandlerRegistry = {};
1950+ /** Register a language handler for the given file extensions.
1951+ * @param {function (Object)} handler a function from source code to a list
1952+ * of decorations. Takes a single argument job which describes the
1953+ * state of the computation. The single parameter has the form
1954+ * {@code {
1955+ * sourceCode: {string} as plain text.
1956+ * decorations: {Array.<number|string>} an array of style classes
1957+ * preceded by the position at which they start in
1958+ * job.sourceCode in order.
1959+ * The language handler should assigned this field.
1960+ * basePos: {int} the position of source in the larger source chunk.
1961+ * All positions in the output decorations array are relative
1962+ * to the larger source chunk.
1963+ * } }
1964+ * @param {Array.<string>} fileExtensions
1965+ */
1966+ function registerLangHandler(handler, fileExtensions) {
1967+ for (var i = fileExtensions.length; --i >= 0;) {
1968+ var ext = fileExtensions[i];
1969+ if (!langHandlerRegistry.hasOwnProperty(ext)) {
1970+ langHandlerRegistry[ext] = handler;
1971+ } else if (win['console']) {
1972+ console['warn']('cannot override language handler %s', ext);
1973+ }
1974+ }
1975+ }
1976+ function langHandlerForExtension(extension, source) {
1977+ if (!(extension && langHandlerRegistry.hasOwnProperty(extension))) {
1978+ // Treat it as markup if the first non whitespace character is a < and
1979+ // the last non-whitespace character is a >.
1980+ extension = /^\s*</.test(source)
1981+ ? 'default-markup'
1982+ : 'default-code';
1983+ }
1984+ return langHandlerRegistry[extension];
1985+ }
1986+ registerLangHandler(decorateSource, ['default-code']);
1987+ registerLangHandler(
1988+ createSimpleLexer(
1989+ [],
1990+ [
1991+ [PR_PLAIN, /^[^<?]+/],
1992+ [PR_DECLARATION, /^<!\w[^>]*(?:>|$)/],
1993+ [PR_COMMENT, /^<\!--[\s\S]*?(?:-\->|$)/],
1994+ // Unescaped content in an unknown language
1995+ ['lang-', /^<\?([\s\S]+?)(?:\?>|$)/],
1996+ ['lang-', /^<%([\s\S]+?)(?:%>|$)/],
1997+ [PR_PUNCTUATION, /^(?:<[%?]|[%?]>)/],
1998+ ['lang-', /^<xmp\b[^>]*>([\s\S]+?)<\/xmp\b[^>]*>/i],
1999+ // Unescaped content in javascript. (Or possibly vbscript).
2000+ ['lang-js', /^<script\b[^>]*>([\s\S]*?)(<\/script\b[^>]*>)/i],
2001+ // Contains unescaped stylesheet content
2002+ ['lang-css', /^<style\b[^>]*>([\s\S]*?)(<\/style\b[^>]*>)/i],
2003+ ['lang-in.tag', /^(<\/?[a-z][^<>]*>)/i]
2004+ ]),
2005+ ['default-markup', 'htm', 'html', 'mxml', 'xhtml', 'xml', 'xsl']);
2006+ registerLangHandler(
2007+ createSimpleLexer(
2008+ [
2009+ [PR_PLAIN, /^[\s]+/, null, ' \t\r\n'],
2010+ [PR_ATTRIB_VALUE, /^(?:\"[^\"]*\"?|\'[^\']*\'?)/, null, '\"\'']
2011+ ],
2012+ [
2013+ [PR_TAG, /^^<\/?[a-z](?:[\w.:-]*\w)?|\/?>$/i],
2014+ [PR_ATTRIB_NAME, /^(?!style[\s=]|on)[a-z](?:[\w:-]*\w)?/i],
2015+ ['lang-uq.val', /^=\s*([^>\'\"\s]*(?:[^>\'\"\s\/]|\/(?=\s)))/],
2016+ [PR_PUNCTUATION, /^[=<>\/]+/],
2017+ ['lang-js', /^on\w+\s*=\s*\"([^\"]+)\"/i],
2018+ ['lang-js', /^on\w+\s*=\s*\'([^\']+)\'/i],
2019+ ['lang-js', /^on\w+\s*=\s*([^\"\'>\s]+)/i],
2020+ ['lang-css', /^style\s*=\s*\"([^\"]+)\"/i],
2021+ ['lang-css', /^style\s*=\s*\'([^\']+)\'/i],
2022+ ['lang-css', /^style\s*=\s*([^\"\'>\s]+)/i]
2023+ ]),
2024+ ['in.tag']);
2025+ registerLangHandler(
2026+ createSimpleLexer([], [[PR_ATTRIB_VALUE, /^[\s\S]+/]]), ['uq.val']);
2027+ registerLangHandler(sourceDecorator({
2028+ 'keywords': CPP_KEYWORDS,
2029+ 'hashComments': true,
2030+ 'cStyleComments': true,
2031+ 'types': C_TYPES
2032+ }), ['c', 'cc', 'cpp', 'cxx', 'cyc', 'm']);
2033+ registerLangHandler(sourceDecorator({
2034+ 'keywords': PHP_KEYWORDS,
2035+ 'hashComments': false,
2036+ 'cStyleComments': true,
2037+ 'multiLineStrings': true,
2038+ 'regexLiterals': true
2039+// 'types': C_TYPES,
2040+ }), ['php', 'phtml', 'inc']);
2041+ registerLangHandler(sourceDecorator({
2042+ 'keywords': 'null,true,false'
2043+ }), ['json']);
2044+ registerLangHandler(sourceDecorator({
2045+ 'keywords': CSHARP_KEYWORDS,
2046+ 'hashComments': true,
2047+ 'cStyleComments': true,
2048+ 'verbatimStrings': true,
2049+ 'types': C_TYPES
2050+ }), ['cs']);
2051+ registerLangHandler(sourceDecorator({
2052+ 'keywords': JAVA_KEYWORDS,
2053+ 'cStyleComments': true
2054+ }), ['java']);
2055+ registerLangHandler(sourceDecorator({
2056+ 'keywords': SH_KEYWORDS,
2057+ 'hashComments': true,
2058+ 'multiLineStrings': true
2059+ }), ['bsh', 'csh', 'sh']);
2060+ registerLangHandler(sourceDecorator({
2061+ 'keywords': PYTHON_KEYWORDS,
2062+ 'hashComments': true,
2063+ 'multiLineStrings': true,
2064+ 'tripleQuotedStrings': true
2065+ }), ['cv', 'py']);
2066+ registerLangHandler(sourceDecorator({
2067+ 'keywords': PERL_KEYWORDS,
2068+ 'hashComments': true,
2069+ 'multiLineStrings': true,
2070+ 'regexLiterals': true
2071+ }), ['perl', 'pl', 'pm']);
2072+ registerLangHandler(sourceDecorator({
2073+ 'keywords': RUBY_KEYWORDS,
2074+ 'hashComments': true,
2075+ 'multiLineStrings': true,
2076+ 'regexLiterals': true
2077+ }), ['rb']);
2078+ registerLangHandler(sourceDecorator({
2079+ 'keywords': JSCRIPT_KEYWORDS,
2080+ 'cStyleComments': true,
2081+ 'regexLiterals': true
2082+ }), ['js']);
2083+ registerLangHandler(sourceDecorator({
2084+ 'keywords': COFFEE_KEYWORDS,
2085+ 'hashComments': 3, // ### style block comments
2086+ 'cStyleComments': true,
2087+ 'multilineStrings': true,
2088+ 'tripleQuotedStrings': true,
2089+ 'regexLiterals': true
2090+ }), ['coffee']);
2091+ registerLangHandler(
2092+ createSimpleLexer([], [[PR_STRING, /^[\s\S]+/]]), ['regex']);
2093+ registerLangHandler(sourceDecorator({
2094+ 'keywords': CONFIG_KEYWORDS,
2095+ 'literals': CONFIG_OPTIONS,
2096+ 'strings': CONFIG_ENVS,
2097+ 'hashComments': true,
2098+ 'cStyleComments': false,
2099+ 'multiLineStrings': false,
2100+ 'regexLiterals': false,
2101+ 'httpdComments': true
2102+ }), ['config']);
2103+
2104+ function applyDecorator(job) {
2105+ var opt_langExtension = job.langExtension;
2106+
2107+ try {
2108+ // Extract tags, and convert the source code to plain text.
2109+ var sourceAndSpans = extractSourceSpans(job.sourceNode, job.pre);
2110+ /** Plain text. @type {string} */
2111+ var source = sourceAndSpans.sourceCode;
2112+ job.sourceCode = source;
2113+ job.spans = sourceAndSpans.spans;
2114+ job.basePos = 0;
2115+
2116+ // Apply the appropriate language handler
2117+ langHandlerForExtension(opt_langExtension, source)(job);
2118+
2119+ // Integrate the decorations and tags back into the source code,
2120+ // modifying the sourceNode in place.
2121+ recombineTagsAndDecorations(job);
2122+ } catch (e) {
2123+ if (win['console']) {
2124+ console['log'](e && e['stack'] ? e['stack'] : e);
2125+ }
2126+ }
2127+ }
2128+
2129+ /**
2130+ * @param sourceCodeHtml {string} The HTML to pretty print.
2131+ * @param opt_langExtension {string} The language name to use.
2132+ * Typically, a filename extension like 'cpp' or 'java'.
2133+ * @param opt_numberLines {number|boolean} True to number lines,
2134+ * or the 1-indexed number of the first line in sourceCodeHtml.
2135+ */
2136+ function prettyPrintOne(sourceCodeHtml, opt_langExtension, opt_numberLines) {
2137+ var container = document.createElement('pre');
2138+ // This could cause images to load and onload listeners to fire.
2139+ // E.g. <img onerror="alert(1337)" src="nosuchimage.png">.
2140+ // We assume that the inner HTML is from a trusted source.
2141+ container.innerHTML = sourceCodeHtml;
2142+ if (opt_numberLines) {
2143+ numberLines(container, opt_numberLines, true);
2144+ }
2145+
2146+ var job = {
2147+ langExtension: opt_langExtension,
2148+ numberLines: opt_numberLines,
2149+ sourceNode: container,
2150+ pre: 1
2151+ };
2152+ applyDecorator(job);
2153+ return container.innerHTML;
2154+ }
2155+
2156+ function prettyPrint(opt_whenDone) {
2157+ function byTagName(tn) { return document.getElementsByTagName(tn); }
2158+ // fetch a list of nodes to rewrite
2159+ var codeSegments = [byTagName('pre'), byTagName('code'), byTagName('xmp')];
2160+ var elements = [];
2161+ for (var i = 0; i < codeSegments.length; ++i) {
2162+ for (var j = 0, n = codeSegments[i].length; j < n; ++j) {
2163+ elements.push(codeSegments[i][j]);
2164+ }
2165+ }
2166+ codeSegments = null;
2167+
2168+ var clock = Date;
2169+ if (!clock['now']) {
2170+ clock = { 'now': function () { return +(new Date); } };
2171+ }
2172+
2173+ // The loop is broken into a series of continuations to make sure that we
2174+ // don't make the browser unresponsive when rewriting a large page.
2175+ var k = 0;
2176+ var prettyPrintingJob;
2177+
2178+ var langExtensionRe = /\blang(?:uage)?-([\w.]+)(?!\S)/;
2179+ var prettyPrintRe = /\bprettyprint\b/;
2180+ var prettyPrintedRe = /\bprettyprinted\b/;
2181+ var preformattedTagNameRe = /pre|xmp/i;
2182+ var codeRe = /^code$/i;
2183+ var preCodeXmpRe = /^(?:pre|code|xmp)$/i;
2184+
2185+ function doWork() {
2186+ var endTime = (win['PR_SHOULD_USE_CONTINUATION'] ?
2187+ clock['now']() + 250 /* ms */ :
2188+ Infinity);
2189+ for (; k < elements.length && clock['now']() < endTime; k++) {
2190+ var cs = elements[k];
2191+ var className = cs.className;
2192+ if (prettyPrintRe.test(className)
2193+ // Don't redo this if we've already done it.
2194+ // This allows recalling pretty print to just prettyprint elements
2195+ // that have been added to the page since last call.
2196+ && !prettyPrintedRe.test(className)) {
2197+
2198+ // make sure this is not nested in an already prettified element
2199+ var nested = false;
2200+ for (var p = cs.parentNode; p; p = p.parentNode) {
2201+ var tn = p.tagName;
2202+ if (preCodeXmpRe.test(tn)
2203+ && p.className && prettyPrintRe.test(p.className)) {
2204+ nested = true;
2205+ break;
2206+ }
2207+ }
2208+ if (!nested) {
2209+ // Mark done. If we fail to prettyprint for whatever reason,
2210+ // we shouldn't try again.
2211+ cs.className += ' prettyprinted';
2212+
2213+ // If the classes includes a language extensions, use it.
2214+ // Language extensions can be specified like
2215+ // <pre class="prettyprint lang-cpp">
2216+ // the language extension "cpp" is used to find a language handler
2217+ // as passed to PR.registerLangHandler.
2218+ // HTML5 recommends that a language be specified using "language-"
2219+ // as the prefix instead. Google Code Prettify supports both.
2220+ // http://dev.w3.org/html5/spec-author-view/the-code-element.html
2221+ var langExtension = className.match(langExtensionRe);
2222+ // Support <pre class="prettyprint"><code class="language-c">
2223+ var wrapper;
2224+ if (!langExtension && (wrapper = childContentWrapper(cs))
2225+ && codeRe.test(wrapper.tagName)) {
2226+ langExtension = wrapper.className.match(langExtensionRe);
2227+ }
2228+
2229+ if (langExtension) { langExtension = langExtension[1]; }
2230+
2231+ var preformatted;
2232+ if (preformattedTagNameRe.test(cs.tagName)) {
2233+ preformatted = 1;
2234+ } else {
2235+ var currentStyle = cs['currentStyle'];
2236+ var whitespace = (
2237+ currentStyle
2238+ ? currentStyle['whiteSpace']
2239+ : (document.defaultView
2240+ && document.defaultView.getComputedStyle)
2241+ ? document.defaultView.getComputedStyle(cs, null)
2242+ .getPropertyValue('white-space')
2243+ : 0);
2244+ preformatted = whitespace
2245+ && 'pre' === whitespace.substring(0, 3);
2246+ }
2247+
2248+ // Look for a class like linenums or linenums:<n> where <n> is the
2249+ // 1-indexed number of the first line.
2250+ var lineNums = cs.className.match(/\blinenums\b(?::(\d+))?/);
2251+ lineNums = lineNums
2252+ ? lineNums[1] && lineNums[1].length ? +lineNums[1] : true
2253+ : false;
2254+ if (lineNums) { numberLines(cs, lineNums, preformatted); }
2255+
2256+ // do the pretty printing
2257+ prettyPrintingJob = {
2258+ langExtension: langExtension,
2259+ sourceNode: cs,
2260+ numberLines: lineNums,
2261+ pre: preformatted
2262+ };
2263+ applyDecorator(prettyPrintingJob);
2264+ }
2265+ }
2266+ }
2267+ if (k < elements.length) {
2268+ // finish up in a continuation
2269+ setTimeout(doWork, 250);
2270+ } else if (opt_whenDone) {
2271+ opt_whenDone();
2272+ }
2273+ }
2274+
2275+ doWork();
2276+ }
2277+
2278+ /**
2279+ * Contains functions for creating and registering new language handlers.
2280+ * @type {Object}
2281+ */
2282+ var PR = win['PR'] = {
2283+ 'createSimpleLexer': createSimpleLexer,
2284+ 'registerLangHandler': registerLangHandler,
2285+ 'sourceDecorator': sourceDecorator,
2286+ 'PR_ATTRIB_NAME': PR_ATTRIB_NAME,
2287+ 'PR_ATTRIB_VALUE': PR_ATTRIB_VALUE,
2288+ 'PR_COMMENT': PR_COMMENT,
2289+ 'PR_DECLARATION': PR_DECLARATION,
2290+ 'PR_KEYWORD': PR_KEYWORD,
2291+ 'PR_LITERAL': PR_LITERAL,
2292+ 'PR_NOCODE': PR_NOCODE,
2293+ 'PR_PLAIN': PR_PLAIN,
2294+ 'PR_PUNCTUATION': PR_PUNCTUATION,
2295+ 'PR_SOURCE': PR_SOURCE,
2296+ 'PR_STRING': PR_STRING,
2297+ 'PR_TAG': PR_TAG,
2298+ 'PR_TYPE': PR_TYPE,
2299+ 'prettyPrintOne': win['prettyPrintOne'] = prettyPrintOne,
2300+ 'prettyPrint': win['prettyPrint'] = prettyPrint
2301+ };
2302+
2303+
2304+/* Register Lua syntaxes */
2305+ PR['registerLangHandler'](
2306+ PR['createSimpleLexer'](
2307+ [
2308+ // Whitespace
2309+ [PR['PR_PLAIN'], /^[\t\n\r \xA0]+/, null, '\t\n\r \xA0'],
2310+ // A double or single quoted, possibly multi-line, string.
2311+ [PR['PR_STRING'], /^(?:\"(?:[^\"\\]|\\[\s\S])*(?:\"|$)|\'(?:[^\'\\]|\\[\s\S])*(?:\'|$))/, null, '"\'']
2312+ ],
2313+ [
2314+ // A comment is either a line comment that starts with two dashes, or
2315+ // two dashes preceding a long bracketed block.
2316+ [PR['PR_COMMENT'], /^--(?:\[(=*)\[[\s\S]*?(?:\]\1\]|$)|[^\r\n]*)/],
2317+ [PR['PR_TYPE'], /^nil|false|true/],
2318+ // A long bracketed block not preceded by -- is a string.
2319+ [PR['PR_STRING'], /^\[(=*)\[[\s\S]*?(?:\]\1\]|$)/],
2320+ [PR['PR_KEYWORD'], /^(?:and|break|do|else|elseif|end|for|function|if|in|local|not|or|repeat|require|return|then|until|while)\b/, null],
2321+ // A number is a hex integer literal, a decimal real literal, or in
2322+ // scientific notation.
2323+ [PR['PR_LITERAL'],
2324+ /^[+-]?(?:0x[\da-f]+|(?:(?:\.\d+|\d+(?:\.\d*)?)(?:e[+\-]?\d+)?))/i],
2325+ // An identifier
2326+ [PR['PR_PLAIN'], /^[a-z_]\w*/i],
2327+ // A run of punctuation
2328+ [PR['PR_PUNCTUATION'], /^[^\w\t\n\r \xA0][^\w\t\n\r \xA0\"\'\-\+=]*/]
2329+ ]),
2330+ ['lua']);
2331+
2332+
2333+ // Make PR available via the Asynchronous Module Definition (AMD) API.
2334+ // Per https://github.com/amdjs/amdjs-api/wiki/AMD:
2335+ // The Asynchronous Module Definition (AMD) API specifies a
2336+ // mechanism for defining modules such that the module and its
2337+ // dependencies can be asynchronously loaded.
2338+ // ...
2339+ // To allow a clear indicator that a global define function (as
2340+ // needed for script src browser loading) conforms to the AMD API,
2341+ // any global define function SHOULD have a property called "amd"
2342+ // whose value is an object. This helps avoid conflict with any
2343+ // other existing JavaScript code that could have defined a define()
2344+ // function that does not conform to the AMD API.
2345+ if (typeof define === "function" && define['amd']) {
2346+ define("google-code-prettify", [], function () {
2347+ return PR;
2348+ });
2349+ }
2350+})();
2351diff --git a/docs/manual/style/scripts/prettify.min.js b/docs/manual/style/scripts/prettify.min.js
2352new file mode 100644
2353index 0000000..adb92be
2354--- /dev/null
2355+++ b/docs/manual/style/scripts/prettify.min.js
2356@@ -0,0 +1,123 @@
2357+// see prettify.js for copyright, license and expanded version
2358+window['PR_SHOULD_USE_CONTINUATION']=true;var prettyPrintOne;var prettyPrint;(function(){var win=window;var FLOW_CONTROL_KEYWORDS=["break,continue,do,else,for,if,return,while"];var C_KEYWORDS=[FLOW_CONTROL_KEYWORDS,"auto,case,char,const,default,"+"double,enum,extern,float,goto,int,long,register,short,signed,sizeof,module,"+"static,struct,switch,typedef,union,unsigned,void,volatile"];var COMMON_KEYWORDS=[C_KEYWORDS,"catch,class,delete,false,import,"+"new,operator,private,protected,public,this,throw,true,try,typeof"];var CPP_KEYWORDS=[COMMON_KEYWORDS,"alignof,align_union,asm,axiom,bool,"+"concept,concept_map,const_cast,constexpr,decltype,"+"dynamic_cast,explicit,export,friend,inline,late_check,"+"mutable,namespace,nullptr,reinterpret_cast,static_assert,static_cast,"+"template,typeid,typename,using,virtual,where,request_req"];var JAVA_KEYWORDS=[COMMON_KEYWORDS,"abstract,boolean,byte,extends,final,finally,implements,import,"+"instanceof,null,native,package,strictfp,super,synchronized,throws,"+"transient"];var CSHARP_KEYWORDS=[JAVA_KEYWORDS,"as,base,by,checked,decimal,delegate,descending,dynamic,event,"+"fixed,foreach,from,group,implicit,in,interface,internal,into,is,let,"+"lock,object,out,override,orderby,params,partial,readonly,ref,sbyte,"+"sealed,stackalloc,string,select,uint,ulong,unchecked,unsafe,ushort,"+"var,virtual,where"];var COFFEE_KEYWORDS="all,and,by,catch,class,else,extends,false,finally,"+"for,if,in,is,isnt,loop,new,no,not,null,of,off,on,or,return,super,then,"+"throw,true,try,unless,until,when,while,yes";var JSCRIPT_KEYWORDS=[COMMON_KEYWORDS,"debugger,eval,export,function,get,null,set,undefined,var,with,"+"Infinity,NaN"];var PERL_KEYWORDS="caller,delete,die,do,dump,else,elsif,eval,exit,foreach,for,"+"goto,if,import,last,local,my,next,no,our,print,printf,package,redo,require,"+"sub,undef,unless,until,use,wantarray,while,BEGIN,END";var PHP_KEYWORDS="abstract,and,array,as,break,case,catch,cfunction,class,"+"clone,const,continue,declare,default,do,else,elseif,enddeclare,endfor,"+"endforeach,endif,endswitch,endwhile,extends,final,for,foreach,function,"+"global,goto,if,implements,interface,instanceof,namespace,new,old_function,"+"or,private,protected,public,static,switch,throw,try,use,var,while,xor,"+"die,echo,empty,exit,eval,include,include_once,isset,list,require,"+"require_once,return,print,unset";var PYTHON_KEYWORDS=[FLOW_CONTROL_KEYWORDS,"and,as,assert,class,def,del,"+"elif,except,exec,finally,from,global,import,in,is,lambda,"+"nonlocal,not,or,pass,print,raise,try,with,yield,"+"False,True,None"];var RUBY_KEYWORDS=[FLOW_CONTROL_KEYWORDS,"alias,and,begin,case,class,"+"def,defined,elsif,end,ensure,false,in,module,next,nil,not,or,redo,"+"rescue,retry,self,super,then,true,undef,unless,until,when,yield,"+"BEGIN,END"];var SH_KEYWORDS=[FLOW_CONTROL_KEYWORDS,"case,done,elif,esac,eval,fi,"+"function,in,local,set,then,until,echo"];var CONFIG_ENVS=["User-Agent,HTTP_USER_AGENT,HTTP_REFERER,HTTP_COOKIE,HTTP_FORWARDED,HTTP_HOST,HTTP_PROXY_CONNECTION,HTTP_ACCEPT,REMOTE_ADDR,REMOTE_HOST,REMOTE_PORT,REMOTE_USER,REMOTE_IDENT,REQUEST_METHOD,SCRIPT_FILENAME,PATH_INFO,QUERY_STRING,AUTH_TYPE,DOCUMENT_ROOT,SERVER_ADMIN,SERVER_NAME,SERVER_ADDR,SERVER_PORT,SERVER_PROTOCOL,SERVER_SOFTWARE,TIME_YEAR,TIME_MON,TIME_DAY,TIME_HOUR,TIME_MIN,TIME_SEC,TIME_WDAY,TIME,API_VERSION,THE_REQUEST,REQUEST_URI,REQUEST_FILENAME,IS_SUBREQ,HTTPS,REQUEST_SCHEME"];var CONFIG_KEYWORDS=["AcceptFilter,AcceptPathInfo,AccessFileName,Action,AddAlt,AddAltByEncoding,AddAltByType,AddCharset,AddDefaultCharset,AddDescription,AddEncoding,AddHandler,AddIcon,AddIconByEncoding,AddIconByType,AddInputFilter,AddLanguage,AddModuleInfo,AddOutputFilter,AddOutputFilterByType,AddType,Alias,AliasMatch,Allow,AllowCONNECT,AllowEncodedSlashes,AllowMethods,AllowOverride,AllowOverrideList,Anonymous,Anonymous_LogEmail,Anonymous_MustGiveEmail,Anonymous_NoUserID,Anonymous_VerifyEmail,AsyncRequestWorkerFactor,AuthBasicAuthoritative,AuthBasicFake,AuthBasicProvider,AuthBasicUseDigestAlgorithm,AuthDBDUserPWQuery,AuthDBDUserRealmQuery,AuthDBMGroupFile,AuthDBMType,AuthDBMUserFile,AuthDigestAlgorithm,AuthDigestDomain,AuthDigestNonceLifetime,AuthDigestProvider,AuthDigestQop,AuthDigestShmemSize,AuthFormAuthoritative,AuthFormBody,AuthFormDisableNoStore,AuthFormFakeBasicAuth,AuthFormLocation,AuthFormLoginRequiredLocation,AuthFormLoginSuccessLocation,AuthFormLogoutLocation,AuthFormMethod,AuthFormMimetype,AuthFormPassword,AuthFormProvider,AuthFormSitePassphrase,AuthFormSize,AuthFormUsername,AuthGroupFile,AuthLDAPAuthorizePrefix,AuthLDAPBindAuthoritative,AuthLDAPBindDN,AuthLDAPBindPassword,AuthLDAPCharsetConfig,AuthLDAPCompareAsUser,AuthLDAPCompareDNOnServer,AuthLDAPDereferenceAliases,AuthLDAPGroupAttribute,AuthLDAPGroupAttributeIsDN,AuthLDAPInitialBindAsUser,AuthLDAPInitialBindPattern,AuthLDAPMaxSubGroupDepth,AuthLDAPRemoteUserAttribute,AuthLDAPRemoteUserIsDN,AuthLDAPSearchAsUser,AuthLDAPSubGroupAttribute,AuthLDAPSubGroupClass,AuthLDAPUrl,AuthMerging,AuthName,AuthnCacheContext,AuthnCacheEnable,AuthnCacheProvideFor,AuthnCacheSOCache,AuthnCacheTimeout,<AuthnProviderAlias>,AuthnzFcgiCheckAuthnProvider,AuthnzFcgiDefineProvider,AuthType,AuthUserFile,AuthzDBDLoginToReferer,AuthzDBDQuery,AuthzDBDRedirectQuery,AuthzDBMType,<AuthzProviderAlias>,AuthzSendForbiddenOnFailure,BalancerGrowth,BalancerInherit,BalancerMember,BalancerPersist,BrotliAlterETag,BrotliCompressionMaxInputBlock,BrotliCompressionQuality,BrotliCompressionWindow,BrotliFilterNote,BrowserMatch,BrowserMatchNoCase,BufferedLogs,BufferSize,CacheDefaultExpire,CacheDetailHeader,CacheDirLength,CacheDirLevels,CacheDisable,CacheEnable,CacheFile,CacheHeader,CacheIgnoreCacheControl,CacheIgnoreHeaders,CacheIgnoreNoLastMod,CacheIgnoreQueryString,CacheIgnoreURLSessionIdentifiers,CacheKeyBaseURL,CacheLastModifiedFactor,CacheLock,CacheLockMaxAge,CacheLockPath,CacheMaxExpire,CacheMaxFileSize,CacheMinExpire,CacheMinFileSize,CacheNegotiatedDocs,CacheQuickHandler,CacheReadSize,CacheReadTime,CacheRoot,CacheSocache,CacheSocacheMaxSize,CacheSocacheMaxTime,CacheSocacheMinTime,CacheSocacheReadSize,CacheSocacheReadTime,CacheStaleOnError,CacheStoreExpired,CacheStoreNoStore,CacheStorePrivate,CGIDScriptTimeout,CGIMapExtension,CGIPassAuth,CGIVar,CharsetDefault,CharsetOptions,CharsetSourceEnc,CheckCaseOnly,CheckSpelling,ChrootDir,ContentDigest,CookieDomain,CookieExpires,CookieName,CookieStyle,CookieTracking,CoreDumpDirectory,CustomLog,Dav,DavDepthInfinity,DavGenericLockDB,DavLockDB,DavMinTimeout,DBDExptime,DBDInitSQL,DBDKeep,DBDMax,DBDMin,DBDParams,DBDPersist,DBDPrepareSQL,DBDriver,DefaultIcon,DefaultLanguage,DefaultRuntimeDir,DefaultType,Define,DeflateBufferSize,DeflateCompressionLevel,DeflateFilterNote,DeflateInflateLimitRequestBody,DeflateInflateRatioBurst,DeflateInflateRatioLimit,DeflateMemLevel,DeflateWindowSize,Deny,<Directory>,DirectoryCheckHandler,DirectoryIndex,DirectoryIndexRedirect,<DirectoryMatch>,DirectorySlash,DocumentRoot,DTracePrivileges,DumpIOInput,DumpIOOutput,<Else>,<ElseIf>,EnableExceptionHook,EnableMMAP,EnableSendfile,Error,ErrorDocument,ErrorLog,ErrorLogFormat,Example,ExpiresActive,ExpiresByType,ExpiresDefault,ExtendedStatus,ExtFilterDefine,ExtFilterOptions,FallbackResource,FileETag,<Files>,<FilesMatch>,FilterChain,FilterDeclare,FilterProtocol,FilterProvider,FilterTrace,ForceLanguagePriority,ForceType,ForensicLog,GlobalLog,GprofDir,GracefulShutdownTimeout,Group,H2CopyFiles,H2Direct,H2EarlyHints,H2MaxSessionStreams,H2MaxWorkerIdleSeconds,H2MaxWorkers,H2MinWorkers,H2ModernTLSOnly,H2Push,H2PushDiarySize,H2PushPriority,H2PushResource,H2SerializeHeaders,H2StreamMaxMemSize,H2TLSCoolDownSecs,H2TLSWarmUpSize,H2Upgrade,H2WindowSize,Header,HeaderName,HeartbeatAddress,HeartbeatListen,HeartbeatMaxServers,HeartbeatStorage,HeartbeatStorage,HostnameLookups,HttpProtocolOptions,IdentityCheck,IdentityCheckTimeout,<If>,<IfDefine>,<IfModule>,<IfVersion>,ImapBase,ImapDefault,ImapMenu,Include,IncludeOptional,IndexHeadInsert,IndexIgnore,IndexIgnoreReset,IndexOptions,IndexOrderDefault,IndexStyleSheet,InputSed,ISAPIAppendLogToErrors,ISAPIAppendLogToQuery,ISAPICacheFile,ISAPIFakeAsync,ISAPILogNotSupported,ISAPIReadAheadBuffer,KeepAlive,KeepAliveTimeout,KeptBodySize,LanguagePriority,LDAPCacheEntries,LDAPCacheTTL,LDAPConnectionPoolTTL,LDAPConnectionTimeout,LDAPLibraryDebug,LDAPOpCacheEntries,LDAPOpCacheTTL,LDAPReferralHopLimit,LDAPReferrals,LDAPRetries,LDAPRetryDelay,LDAPSharedCacheFile,LDAPSharedCacheSize,LDAPTimeout,LDAPTrustedClientCert,LDAPTrustedGlobalCert,LDAPTrustedMode,LDAPVerifyServerCert,<Limit>,<LimitExcept>,LimitInternalRecursion,LimitRequestBody,LimitRequestFields,LimitRequestFieldSize,LimitRequestLine,LimitXMLRequestBody,Listen,ListenBackLog,ListenCoresBucketsRatio,LoadFile,LoadModule,<Location>,<LocationMatch>,LogFormat,LogIOTrackTTFB,LogLevel,LogMessage,LuaAuthzProvider,LuaCodeCache,LuaHookAccessChecker,LuaHookAuthChecker,LuaHookCheckUserID,LuaHookFixups,LuaHookInsertFilter,LuaHookLog,LuaHookMapToStorage,LuaHookTranslateName,LuaHookTypeChecker,LuaInherit,LuaInputFilter,LuaMapHandler,LuaOutputFilter,LuaPackageCPath,LuaPackagePath,LuaQuickHandler,LuaRoot,LuaScope,<Macro>,MaxConnectionsPerChild,MaxKeepAliveRequests,MaxMemFree,MaxRangeOverlaps,MaxRangeReversals,MaxRanges,MaxRequestWorkers,MaxSpareServers,MaxSpareThreads,MaxThreads,MemcacheConnTTL,MergeTrailers,MetaDir,MetaFiles,MetaSuffix,MimeMagicFile,MinSpareServers,MinSpareThreads,MMapFile,ModemStandard,ModMimeUsePathInfo,MultiviewsMatch,Mutex,NameVirtualHost,NoProxy,NWSSLTrustedCerts,NWSSLUpgradeable,Options,Order,OutputSed,PassEnv,PidFile,PrivilegesMode,Protocol,ProtocolEcho,Protocols,ProtocolsHonorOrder,<Proxy>,ProxyAddHeaders,ProxyBadHeader,ProxyBlock,ProxyDomain,ProxyErrorOverride,ProxyExpressDBMFile,ProxyExpressDBMType,ProxyExpressEnable,ProxyFCGIBackendType,ProxyFCGISetEnvIf,ProxyFtpDirCharset,ProxyFtpEscapeWildcards,ProxyFtpListOnWildcard,ProxyHCExpr,ProxyHCTemplate,ProxyHCTPsize,ProxyHTMLBufSize,ProxyHTMLCharsetOut,ProxyHTMLDocType,ProxyHTMLEnable,ProxyHTMLEvents,ProxyHTMLExtended,ProxyHTMLFixups,ProxyHTMLInterp,ProxyHTMLLinks,ProxyHTMLMeta,ProxyHTMLStripComments,ProxyHTMLURLMap,ProxyIOBufferSize,<ProxyMatch>,ProxyMaxForwards,ProxyPass,ProxyPassInherit,ProxyPassInterpolateEnv,ProxyPassMatch,ProxyPassReverse,ProxyPassReverseCookieDomain,ProxyPassReverseCookiePath,ProxyPreserveHost,ProxyReceiveBufferSize,ProxyRemote,ProxyRemoteMatch,ProxyRequests,ProxySCGIInternalRedirect,ProxySCGISendfile,ProxySet,ProxySourceAddress,ProxyStatus,ProxyTimeout,ProxyVia,QualifyRedirectURL,ReadmeName,ReceiveBufferSize,Redirect,RedirectMatch,RedirectPermanent,RedirectTemp,ReflectorHeader,RegisterHttpMethod,RemoteIPHeader,RemoteIPInternalProxy,RemoteIPInternalProxyList,RemoteIPProxiesHeader,RemoteIPTrustedProxy,RemoteIPTrustedProxyList,RemoveCharset,RemoveEncoding,RemoveHandler,RemoveInputFilter,RemoveLanguage,RemoveOutputFilter,RemoveType,RequestHeader,RequestReadTimeout,Require,<RequireAll>,<RequireAny>,<RequireNone>,RewriteBase,RewriteCond,RewriteEngine,RewriteMap,RewriteOptions,RewriteRule,RLimitCPU,RLimitMEM,RLimitNPROC,Satisfy,ScoreBoardFile,Script,ScriptAlias,ScriptAliasMatch,ScriptInterpreterSource,ScriptLog,ScriptLogBuffer,ScriptLogLength,ScriptSock,SecureListen,SeeRequestTail,SendBufferSize,ServerAdmin,ServerAlias,ServerLimit,ServerName,ServerPath,ServerRoot,ServerSignature,ServerTokens,Session,SessionCookieName,SessionCookieName2,SessionCookieRemove,SessionCryptoCipher,SessionCryptoDriver,SessionCryptoPassphrase,SessionCryptoPassphraseFile,SessionDBDCookieName,SessionDBDCookieName2,SessionDBDCookieRemove,SessionDBDDeleteLabel,SessionDBDInsertLabel,SessionDBDPerUser,SessionDBDSelectLabel,SessionDBDUpdateLabel,SessionEnv,SessionExclude,SessionHeader,SessionInclude,SessionMaxAge,SetEnv,SetEnvIf,SetEnvIfExpr,SetEnvIfNoCase,SetHandler,SetInputFilter,SetOutputFilter,SSIEndTag,SSIErrorMsg,SSIETag,SSILastModified,SSILegacyExprParser,SSIStartTag,SSITimeFormat,SSIUndefinedEcho,SSLCACertificateFile,SSLCACertificatePath,SSLCADNRequestFile,SSLCADNRequestPath,SSLCARevocationCheck,SSLCARevocationFile,SSLCARevocationPath,SSLCertificateChainFile,SSLCertificateFile,SSLCertificateKeyFile,SSLCipherSuite,SSLCompression,SSLCryptoDevice,SSLEngine,SSLFIPS,SSLHonorCipherOrder,SSLInsecureRenegotiation,SSLOCSPDefaultResponder,SSLOCSPEnable,SSLOCSPNoverify,SSLOCSPOverrideResponder,SSLOCSPProxyURL,SSLOCSPResponderCertificateFile,SSLOCSPResponderTimeout,SSLOCSPResponseMaxAge,SSLOCSPResponseTimeSkew,SSLOCSPUseRequestNonce,SSLOpenSSLConfCmd,SSLOptions,SSLPassPhraseDialog,SSLProtocol,SSLProxyCACertificateFile,SSLProxyCACertificatePath,SSLProxyCARevocationCheck,SSLProxyCARevocationFile,SSLProxyCARevocationPath,SSLProxyCheckPeerCN,SSLProxyCheckPeerExpire,SSLProxyCheckPeerName,SSLProxyCipherSuite,SSLProxyEngine,SSLProxyMachineCertificateChainFile,SSLProxyMachineCertificateFile,SSLProxyMachineCertificatePath,SSLProxyProtocol,SSLProxyVerify,SSLProxyVerifyDepth,SSLRandomSeed,SSLRenegBufferSize,SSLRequire,SSLRequireSSL,SSLSessionCache,SSLSessionCacheTimeout,SSLSessionTicketKeyFile,SSLSessionTickets,SSLSRPUnknownUserSeed,SSLSRPVerifierFile,SSLStaplingCache,SSLStaplingErrorCacheTimeout,SSLStaplingFakeTryLater,SSLStaplingForceURL,SSLStaplingResponderTimeout,SSLStaplingResponseMaxAge,SSLStaplingResponseTimeSkew,SSLStaplingReturnResponderErrors,SSLStaplingStandardCacheTimeout,SSLStrictSNIVHostCheck,SSLUserName,SSLUseStapling,SSLVerifyClient,SSLVerifyDepth,StartServers,StartThreads,Substitute,SubstituteInheritBefore,SubstituteMaxLineLength,Suexec,SuexecUserGroup,ThreadLimit,ThreadsPerChild,ThreadStackSize,TimeOut,TraceEnable,TransferLog,TypesConfig,UnDefine,UndefMacro,UnsetEnv,Use,UseCanonicalName,UseCanonicalPhysicalPort,User,UserDir,VHostCGIMode,VHostCGIPrivs,VHostGroup,VHostPrivs,VHostSecure,VHostUser,VirtualDocumentRoot,VirtualDocumentRootIP,<VirtualHost>,VirtualScriptAlias,VirtualScriptAliasIP,WatchdogInterval,XBitHack,xml2EncAlias,xml2EncDefault,xml2StartParse"];var CONFIG_OPTIONS=/^[\\+\\-]?(AuthConfig|IncludesNOEXEC|ExecCGI|FollowSymLinks|MultiViews|Includes|Indexes|SymLinksIfOwnerMatch)\b/i;var ALL_KEYWORDS=[CPP_KEYWORDS,CSHARP_KEYWORDS,JSCRIPT_KEYWORDS,PERL_KEYWORDS+
2359+PYTHON_KEYWORDS,RUBY_KEYWORDS,SH_KEYWORDS,CONFIG_KEYWORDS,PHP_KEYWORDS];var C_TYPES=/^(DIR|FILE|vector|(de|priority_)?queue|list|stack|(const_)?iterator|(multi)?(set|map)|bitset|u?(int|float|char|void|const|static|struct)\d*(_t)?\b)|[a-z_]+_rec|cmd_parms\b/;var PR_STRING='str';var PR_KEYWORD='kwd';var PR_COMMENT='com';var PR_TYPE='typ';var PR_LITERAL='lit';var PR_PUNCTUATION='pun';var PR_PLAIN='pln';var PR_TAG='tag';var PR_DECLARATION='dec';var PR_SOURCE='src';var PR_ATTRIB_NAME='atn';var PR_ATTRIB_VALUE='atv';var PR_NOCODE='nocode';var REGEXP_PRECEDER_PATTERN='(?:^^\\.?|[+-]|[!=]=?=?|\\#|%=?|&&?=?|\\(|\\*=?|[+\\-]=|->|\\/=?|::?|<<?=?|>>?>?=?|,|;|\\?|@|\\[|~|{|\\^\\^?=?|\\|\\|?=?|break|case|continue|delete|do|else|finally|instanceof|return|throw|try|typeof)\\s*';function combinePrefixPatterns(regexs){var capturedGroupIndex=0;var needToFoldCase=false;var ignoreCase=false;for(var i=0,n=regexs.length;i<n;++i){var regex=regexs[i];if(regex.ignoreCase){ignoreCase=true;}else if(/[a-z]/i.test(regex.source.replace(/\\u[0-9a-f]{4}|\\x[0-9a-f]{2}|\\[^ux]/gi,''))){needToFoldCase=true;ignoreCase=false;break;}}
2360+var escapeCharToCodeUnit={'b':8,'t':9,'n':0xa,'v':0xb,'f':0xc,'r':0xd};function decodeEscape(charsetPart){var cc0=charsetPart.charCodeAt(0);if(cc0!==92){return cc0;}
2361+var c1=charsetPart.charAt(1);cc0=escapeCharToCodeUnit[c1];if(cc0){return cc0;}else if('0'<=c1&&c1<='7'){return parseInt(charsetPart.substring(1),8);}else if(c1==='u'||c1==='x'){return parseInt(charsetPart.substring(2),16);}else{return charsetPart.charCodeAt(1);}}
2362+function encodeEscape(charCode){if(charCode<0x20){return(charCode<0x10?'\\x0':'\\x')+charCode.toString(16);}
2363+var ch=String.fromCharCode(charCode);return(ch==='\\'||ch==='-'||ch===']'||ch==='^')?"\\"+ch:ch;}
2364+function caseFoldCharset(charSet){var charsetParts=charSet.substring(1,charSet.length-1).match(new RegExp('\\\\u[0-9A-Fa-f]{4}'
2365++'|\\\\x[0-9A-Fa-f]{2}'
2366++'|\\\\[0-3][0-7]{0,2}'
2367++'|\\\\[0-7]{1,2}'
2368++'|\\\\[\\s\\S]'
2369++'|-'
2370++'|[^-\\\\]','g'));var ranges=[];var inverse=charsetParts[0]==='^';var out=['['];if(inverse){out.push('^');}
2371+for(var i=inverse?1:0,n=charsetParts.length;i<n;++i){var p=charsetParts[i];if(/\\[bdsw]/i.test(p)){out.push(p);}else{var start=decodeEscape(p);var end;if(i+2<n&&'-'===charsetParts[i+1]){end=decodeEscape(charsetParts[i+2]);i+=2;}else{end=start;}
2372+ranges.push([start,end]);if(!(end<65||start>122)){if(!(end<65||start>90)){ranges.push([Math.max(65,start)|32,Math.min(end,90)|32]);}
2373+if(!(end<97||start>122)){ranges.push([Math.max(97,start)&~32,Math.min(end,122)&~32]);}}}}
2374+ranges.sort(function(a,b){return(a[0]-b[0])||(b[1]-a[1]);});var consolidatedRanges=[];var lastRange=[];for(var i=0;i<ranges.length;++i){var range=ranges[i];if(range[0]<=lastRange[1]+1){lastRange[1]=Math.max(lastRange[1],range[1]);}else{consolidatedRanges.push(lastRange=range);}}
2375+for(var i=0;i<consolidatedRanges.length;++i){var range=consolidatedRanges[i];out.push(encodeEscape(range[0]));if(range[1]>range[0]){if(range[1]+1>range[0]){out.push('-');}
2376+out.push(encodeEscape(range[1]));}}
2377+out.push(']');return out.join('');}
2378+function allowAnywhereFoldCaseAndRenumberGroups(regex){var parts=regex.source.match(new RegExp('(?:'
2379++'\\[(?:[^\\x5C\\x5D]|\\\\[\\s\\S])*\\]'
2380++'|\\\\u[A-Fa-f0-9]{4}'
2381++'|\\\\x[A-Fa-f0-9]{2}'
2382++'|\\\\[0-9]+'
2383++'|\\\\[^ux0-9]'
2384++'|\\(\\?[:!=]'
2385++'|[\\(\\)\\^]'
2386++'|[^\\x5B\\x5C\\(\\)\\^]+'
2387++')','g'));var n=parts.length;var capturedGroups=[];for(var i=0,groupIndex=0;i<n;++i){var p=parts[i];if(p==='('){++groupIndex;}else if('\\'===p.charAt(0)){var decimalValue=+p.substring(1);if(decimalValue){if(decimalValue<=groupIndex){capturedGroups[decimalValue]=-1;}else{parts[i]=encodeEscape(decimalValue);}}}}
2388+for(var i=1;i<capturedGroups.length;++i){if(-1===capturedGroups[i]){capturedGroups[i]=++capturedGroupIndex;}}
2389+for(var i=0,groupIndex=0;i<n;++i){var p=parts[i];if(p==='('){++groupIndex;if(!capturedGroups[groupIndex]){parts[i]='(?:';}}else if('\\'===p.charAt(0)){var decimalValue=+p.substring(1);if(decimalValue&&decimalValue<=groupIndex){parts[i]='\\'+capturedGroups[decimalValue];}}}
2390+for(var i=0;i<n;++i){if('^'===parts[i]&&'^'!==parts[i+1]){parts[i]='';}}
2391+if(regex.ignoreCase&&needToFoldCase){for(var i=0;i<n;++i){var p=parts[i];var ch0=p.charAt(0);if(p.length>=2&&ch0==='['){parts[i]=caseFoldCharset(p);}else if(ch0!=='\\'){parts[i]=p.replace(/[a-zA-Z]/g,function(ch){var cc=ch.charCodeAt(0);return'['+String.fromCharCode(cc&~32,cc|32)+']';});}}}
2392+return parts.join('');}
2393+var rewritten=[];for(var i=0,n=regexs.length;i<n;++i){var regex=regexs[i];if(regex.global||regex.multiline){throw new Error(''+regex);}
2394+rewritten.push('(?:'+allowAnywhereFoldCaseAndRenumberGroups(regex)+')');}
2395+return new RegExp(rewritten.join('|'),ignoreCase?'gi':'g');}
2396+function extractSourceSpans(node,isPreformatted){var nocode=/(?:^|\s)nocode(?:\s|$)/;var chunks=[];var length=0;var spans=[];var k=0;function walk(node){switch(node.nodeType){case 1:if(nocode.test(node.className)){return;}
2397+for(var child=node.firstChild;child;child=child.nextSibling){walk(child);}
2398+var nodeName=node.nodeName.toLowerCase();if('br'===nodeName||'li'===nodeName){chunks[k]='\n';spans[k<<1]=length++;spans[(k++<<1)|1]=node;}
2399+break;case 3:case 4:var text=node.nodeValue;if(text.length){if(!isPreformatted){text=text.replace(/[ \t\r\n]+/g,' ');}else{text=text.replace(/\r\n?/g,'\n');text=text.replace(/^(\r?\n\s*)+/g,'');text=text.replace(/^\s*/g,'');text=text.replace(/(\r?\n\s*)+$/g,'');}
2400+chunks[k]=text;spans[k<<1]=length;length+=text.length;spans[(k++<<1)|1]=node;}
2401+break;}}
2402+walk(node);return{sourceCode:chunks.join('').replace(/\n$/,''),spans:spans};}
2403+function appendDecorations(basePos,sourceCode,langHandler,out){if(!sourceCode){return;}
2404+var job={sourceCode:sourceCode,basePos:basePos};langHandler(job);out.push.apply(out,job.decorations);}
2405+var notWs=/\S/;function childContentWrapper(element){var wrapper=undefined;for(var c=element.firstChild;c;c=c.nextSibling){var type=c.nodeType;wrapper=(type===1)?(wrapper?element:c):(type===3)?(notWs.test(c.nodeValue)?element:wrapper):wrapper;}
2406+return wrapper===element?undefined:wrapper;}
2407+function createSimpleLexer(shortcutStylePatterns,fallthroughStylePatterns){var shortcuts={};var tokenizer;(function(){var allPatterns=shortcutStylePatterns.concat(fallthroughStylePatterns);var allRegexs=[];var regexKeys={};for(var i=0,n=allPatterns.length;i<n;++i){var patternParts=allPatterns[i];var shortcutChars=patternParts[3];if(shortcutChars){for(var c=shortcutChars.length;--c>=0;){shortcuts[shortcutChars.charAt(c)]=patternParts;}}
2408+var regex=patternParts[1];var k=''+regex;if(!regexKeys.hasOwnProperty(k)){allRegexs.push(regex);regexKeys[k]=null;}}
2409+allRegexs.push(/[\0-\uffff]/);tokenizer=combinePrefixPatterns(allRegexs);})();var nPatterns=fallthroughStylePatterns.length;var decorate=function(job){var sourceCode=job.sourceCode,basePos=job.basePos;var decorations=[basePos,PR_PLAIN];var pos=0;var tokens=sourceCode.match(tokenizer)||[];var styleCache={};for(var ti=0,nTokens=tokens.length;ti<nTokens;++ti){var token=tokens[ti];var style=styleCache[token];var match=void 0;var isEmbedded;if(typeof style==='string'){isEmbedded=false;}else{var patternParts=shortcuts[token.charAt(0)];if(patternParts){match=token.match(patternParts[1]);style=patternParts[0];}else{for(var i=0;i<nPatterns;++i){patternParts=fallthroughStylePatterns[i];match=token.match(patternParts[1]);if(match){style=patternParts[0];break;}}
2410+if(!match){style=PR_PLAIN;}}
2411+isEmbedded=style.length>=5&&'lang-'===style.substring(0,5);if(isEmbedded&&!(match&&typeof match[1]==='string')){isEmbedded=false;style=PR_SOURCE;}
2412+if(!isEmbedded){styleCache[token]=style;}}
2413+var tokenStart=pos;pos+=token.length;if(!isEmbedded){decorations.push(basePos+tokenStart,style);}else{var embeddedSource=match[1];var embeddedSourceStart=token.indexOf(embeddedSource);var embeddedSourceEnd=embeddedSourceStart+embeddedSource.length;if(match[2]){embeddedSourceEnd=token.length-match[2].length;embeddedSourceStart=embeddedSourceEnd-embeddedSource.length;}
2414+var lang=style.substring(5);appendDecorations(basePos+tokenStart,token.substring(0,embeddedSourceStart),decorate,decorations);appendDecorations(basePos+tokenStart+embeddedSourceStart,embeddedSource,langHandlerForExtension(lang,embeddedSource),decorations);appendDecorations(basePos+tokenStart+embeddedSourceEnd,token.substring(embeddedSourceEnd),decorate,decorations);}}
2415+job.decorations=decorations;};return decorate;}
2416+function sourceDecorator(options){var shortcutStylePatterns=[],fallthroughStylePatterns=[];if(options['tripleQuotedStrings']){shortcutStylePatterns.push([PR_STRING,/^(?:\'\'\'(?:[^\'\\]|\\[\s\S]|\'{1,2}(?=[^\']))*(?:\'\'\'|$)|\"\"\"(?:[^\"\\]|\\[\s\S]|\"{1,2}(?=[^\"]))*(?:\"\"\"|$)|\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$))/,null,'\'"']);}else if(options['multiLineStrings']){shortcutStylePatterns.push([PR_STRING,/^(?:\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$)|\`(?:[^\\\`]|\\[\s\S])*(?:\`|$))/,null,'\'"`']);}else{shortcutStylePatterns.push([PR_STRING,/^(?:\'(?:[^\\\'\r\n]|\\.)*(?:\'|$)|\"(?:[^\\\"\r\n]|\\.)*(?:\"|$))/,null,'"\'']);}
2417+if(options['verbatimStrings']){fallthroughStylePatterns.push([PR_STRING,/^@\"(?:[^\"]|\"\")*(?:\"|$)/,null]);}
2418+var hc=options['hashComments'];if(hc){if(options['cStyleComments']){if(hc>1){shortcutStylePatterns.push([PR_COMMENT,/^#(?:##(?:[^#]|#(?!##))*(?:###|$)|.*)/,null,'#']);}else{shortcutStylePatterns.push([PR_COMMENT,/^#(?:(?:define|elif|else|endif|error|ifdef|include|ifndef|line|pragma|undef|warning)\b|[^\r\n]*)/,null,'#']);}
2419+fallthroughStylePatterns.push([PR_STRING,/^<(?:(?:(?:\.\.\/)*|\/?)(?:[\w-]+(?:\/[\w-]+)+)?[\w-]+\.h(?:h|pp|\+\+)?|[a-z]\w*)>/,null]);}else{shortcutStylePatterns.push([PR_COMMENT,/^#[^\r\n]*/,null,'#']);}}
2420+if(options['cStyleComments']){fallthroughStylePatterns.push([PR_COMMENT,/^\/\/[^\r\n]*/,null]);fallthroughStylePatterns.push([PR_COMMENT,/^\/\*[\s\S]*?(?:\*\/|$)/,null]);}
2421+if(options['regexLiterals']){var REGEX_LITERAL=('/(?=[^/*])'
2422++'(?:[^/\\x5B\\x5C]'
2423++'|\\x5C[\\s\\S]'
2424++'|\\x5B(?:[^\\x5C\\x5D]|\\x5C[\\s\\S])*(?:\\x5D|$))+'
2425++'/');fallthroughStylePatterns.push(['lang-regex',new RegExp('^'+REGEXP_PRECEDER_PATTERN+'('+REGEX_LITERAL+')')]);}
2426+var types=options['types'];if(types){fallthroughStylePatterns.push([PR_TYPE,types]);}
2427+if(options['strings']){var strings=(""+options['strings']).replace(/^ | $/g,'').replace(/-/g,'\\-');fallthroughStylePatterns.push([PR_STRING,new RegExp('(?:'+strings.replace(/[\s,]+/g,'|')+')'),,null]);}
2428+var keywords=(""+options['keywords']).replace(/^ | $/g,'');if(keywords.length){fallthroughStylePatterns.push([PR_KEYWORD,new RegExp('^(?:'+keywords.replace(/[\s,]+/g,'|')+')\\b'),null]);}
2429+shortcutStylePatterns.push([PR_PLAIN,/^\s+/,null,' \r\n\t\xA0']);if(options['httpdComments']){fallthroughStylePatterns.push([PR_PLAIN,/^.*\S.*#/i,null]);}
2430+fallthroughStylePatterns.push([PR_LITERAL,/^@[a-z_$][a-z_$@0-9]*|\bNULL\b/i,null],[PR_LITERAL,CONFIG_OPTIONS,null],[PR_TAG,/^\b(AuthzProviderAlias|AuthnProviderAlias|RequireAny|RequireAll|RequireNone|Directory|DirectoryMatch|Location|LocationMatch|VirtualHost|If|Else|ElseIf|Proxy\b|LoadBalancer|Files|FilesMatch|Limit|LimitExcept|IfDefine|IfModule|IfVersion)\b/,null],[PR_TYPE,/^(?:[@_]?[A-Z]+[a-z][A-Za-z_$@0-9]*|\w+_(t|req|module)\b)/,null],[PR_TAG,/^apr_[a-z_0-9]+|ap_[a-z_0-9]+/i,null],[PR_PLAIN,/^[a-z_$][a-z_$@0-9\-]*/i,null],[PR_LITERAL,new RegExp('^(?:'
2431++'0x[a-f0-9]+'
2432++'|[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+'
2433++'|(?:\\d(?:_\\d+)*\\d*(?:\\.\\d*)?|\\.\\d\\+)'
2434++'(?:e[+\\-]?\\d+)?'
2435++')'
2436++'[a-z]*','i'),null,'0123456789'],[PR_PLAIN,/^\\[\s\S]?/,null],[PR_PUNCTUATION,/^.[^\s\w\.$@\'\"\`\/\#\\]*/,null]);return createSimpleLexer(shortcutStylePatterns,fallthroughStylePatterns);}
2437+var decorateSource=sourceDecorator({'keywords':ALL_KEYWORDS,'hashComments':true,'cStyleComments':true,'multiLineStrings':true,'regexLiterals':true});function numberLines(node,opt_startLineNum,isPreformatted){var nocode=/(?:^|\s)nocode(?:\s|$)/;var lineBreak=/\r\n?|\n/;var document=node.ownerDocument;var li=document.createElement('li');while(node.firstChild){li.appendChild(node.firstChild);}
2438+var listItems=[li];function walk(node){switch(node.nodeType){case 1:if(nocode.test(node.className)){break;}
2439+if('br'===node.nodeName){breakAfter(node);if(node.parentNode){node.parentNode.removeChild(node);}}else{for(var child=node.firstChild;child;child=child.nextSibling){walk(child);}}
2440+break;case 3:case 4:if(isPreformatted){var text=node.nodeValue;var match=text.match(lineBreak);if(match){var firstLine=text.substring(0,match.index);node.nodeValue=firstLine;var tail=text.substring(match.index+match[0].length);if(tail){var parent=node.parentNode;parent.insertBefore(document.createTextNode(tail),node.nextSibling);}
2441+breakAfter(node);if(!firstLine){node.parentNode.removeChild(node);}}}
2442+break;}}
2443+function breakAfter(lineEndNode){while(!lineEndNode.nextSibling){lineEndNode=lineEndNode.parentNode;if(!lineEndNode){return;}}
2444+function breakLeftOf(limit,copy){var rightSide=copy?limit.cloneNode(false):limit;var parent=limit.parentNode;if(parent){var parentClone=breakLeftOf(parent,1);var next=limit.nextSibling;parentClone.appendChild(rightSide);for(var sibling=next;sibling;sibling=next){next=sibling.nextSibling;parentClone.appendChild(sibling);}}
2445+return rightSide;}
2446+var copiedListItem=breakLeftOf(lineEndNode.nextSibling,0);for(var parent;(parent=copiedListItem.parentNode)&&parent.nodeType===1;){copiedListItem=parent;}
2447+listItems.push(copiedListItem);}
2448+for(var i=0;i<listItems.length;++i){walk(listItems[i]);}
2449+if(opt_startLineNum===(opt_startLineNum|0)){listItems[0].setAttribute('value',opt_startLineNum);}
2450+var ol=document.createElement('ol');ol.className='linenums';var offset=Math.max(0,((opt_startLineNum-1))|0)||0;for(var i=0,n=listItems.length;i<n;++i){li=listItems[i];li.className='L'+((i+offset)%1);if(!li.firstChild){li.appendChild(document.createTextNode('\xA0'));}
2451+ol.appendChild(li);}
2452+node.appendChild(ol);}
2453+function recombineTagsAndDecorations(job){var isIE8OrEarlier=/\bMSIE\s(\d+)/.exec(navigator.userAgent);isIE8OrEarlier=isIE8OrEarlier&&+isIE8OrEarlier[1]<=8;var newlineRe=/\n/g;var source=job.sourceCode;var sourceLength=source.length;var sourceIndex=0;var spans=job.spans;var nSpans=spans.length;var spanIndex=0;var decorations=job.decorations;var nDecorations=decorations.length;var decorationIndex=0;decorations[nDecorations]=sourceLength;var decPos,i;for(i=decPos=0;i<nDecorations;){if(decorations[i]!==decorations[i+2]){decorations[decPos++]=decorations[i++];decorations[decPos++]=decorations[i++];}else{i+=2;}}
2454+nDecorations=decPos;for(i=decPos=0;i<nDecorations;){var startPos=decorations[i];var startDec=decorations[i+1];var end=i+2;while(end+2<=nDecorations&&decorations[end+1]===startDec){end+=2;}
2455+decorations[decPos++]=startPos;decorations[decPos++]=startDec;i=end;}
2456+nDecorations=decorations.length=decPos;var sourceNode=job.sourceNode;var oldDisplay;if(sourceNode){oldDisplay=sourceNode.style.display;sourceNode.style.display='none';}
2457+try{var decoration=null;var X=0;while(spanIndex<nSpans){X=X+1;if(X>5000){break;}
2458+var spanStart=spans[spanIndex];var spanEnd=spans[spanIndex+2]||sourceLength;var decEnd=decorations[decorationIndex+2]||sourceLength;var end=Math.min(spanEnd,decEnd);var textNode=spans[spanIndex+1];var styledText;if(textNode.nodeType!==1&&(styledText=source.substring(sourceIndex,end))){if(isIE8OrEarlier){styledText=styledText.replace(newlineRe,'\r');}
2459+textNode.nodeValue=styledText;var document=textNode.ownerDocument;var span=document.createElement('span');span.className=decorations[decorationIndex+1];var parentNode=textNode.parentNode;parentNode.replaceChild(span,textNode);span.appendChild(textNode);if(sourceIndex<spanEnd){spans[spanIndex+1]=textNode=document.createTextNode(source.substring(end,spanEnd));parentNode.insertBefore(textNode,span.nextSibling);}}
2460+sourceIndex=end;if(sourceIndex>=spanEnd){spanIndex+=2;}
2461+if(sourceIndex>=decEnd){decorationIndex+=2;}}}finally{if(sourceNode){sourceNode.style.display=oldDisplay;}}}
2462+var langHandlerRegistry={};function registerLangHandler(handler,fileExtensions){for(var i=fileExtensions.length;--i>=0;){var ext=fileExtensions[i];if(!langHandlerRegistry.hasOwnProperty(ext)){langHandlerRegistry[ext]=handler;}else if(win['console']){console['warn']('cannot override language handler %s',ext);}}}
2463+function langHandlerForExtension(extension,source){if(!(extension&&langHandlerRegistry.hasOwnProperty(extension))){extension=/^\s*</.test(source)?'default-markup':'default-code';}
2464+return langHandlerRegistry[extension];}
2465+registerLangHandler(decorateSource,['default-code']);registerLangHandler(createSimpleLexer([],[[PR_PLAIN,/^[^<?]+/],[PR_DECLARATION,/^<!\w[^>]*(?:>|$)/],[PR_COMMENT,/^<\!--[\s\S]*?(?:-\->|$)/],['lang-',/^<\?([\s\S]+?)(?:\?>|$)/],['lang-',/^<%([\s\S]+?)(?:%>|$)/],[PR_PUNCTUATION,/^(?:<[%?]|[%?]>)/],['lang-',/^<xmp\b[^>]*>([\s\S]+?)<\/xmp\b[^>]*>/i],['lang-js',/^<script\b[^>]*>([\s\S]*?)(<\/script\b[^>]*>)/i],['lang-css',/^<style\b[^>]*>([\s\S]*?)(<\/style\b[^>]*>)/i],['lang-in.tag',/^(<\/?[a-z][^<>]*>)/i]]),['default-markup','htm','html','mxml','xhtml','xml','xsl']);registerLangHandler(createSimpleLexer([[PR_PLAIN,/^[\s]+/,null,' \t\r\n'],[PR_ATTRIB_VALUE,/^(?:\"[^\"]*\"?|\'[^\']*\'?)/,null,'\"\'']],[[PR_TAG,/^^<\/?[a-z](?:[\w.:-]*\w)?|\/?>$/i],[PR_ATTRIB_NAME,/^(?!style[\s=]|on)[a-z](?:[\w:-]*\w)?/i],['lang-uq.val',/^=\s*([^>\'\"\s]*(?:[^>\'\"\s\/]|\/(?=\s)))/],[PR_PUNCTUATION,/^[=<>\/]+/],['lang-js',/^on\w+\s*=\s*\"([^\"]+)\"/i],['lang-js',/^on\w+\s*=\s*\'([^\']+)\'/i],['lang-js',/^on\w+\s*=\s*([^\"\'>\s]+)/i],['lang-css',/^style\s*=\s*\"([^\"]+)\"/i],['lang-css',/^style\s*=\s*\'([^\']+)\'/i],['lang-css',/^style\s*=\s*([^\"\'>\s]+)/i]]),['in.tag']);registerLangHandler(createSimpleLexer([],[[PR_ATTRIB_VALUE,/^[\s\S]+/]]),['uq.val']);registerLangHandler(sourceDecorator({'keywords':CPP_KEYWORDS,'hashComments':true,'cStyleComments':true,'types':C_TYPES}),['c','cc','cpp','cxx','cyc','m']);registerLangHandler(sourceDecorator({'keywords':PHP_KEYWORDS,'hashComments':false,'cStyleComments':true,'multiLineStrings':true,'regexLiterals':true}),['php','phtml','inc']);registerLangHandler(sourceDecorator({'keywords':'null,true,false'}),['json']);registerLangHandler(sourceDecorator({'keywords':CSHARP_KEYWORDS,'hashComments':true,'cStyleComments':true,'verbatimStrings':true,'types':C_TYPES}),['cs']);registerLangHandler(sourceDecorator({'keywords':JAVA_KEYWORDS,'cStyleComments':true}),['java']);registerLangHandler(sourceDecorator({'keywords':SH_KEYWORDS,'hashComments':true,'multiLineStrings':true}),['bsh','csh','sh']);registerLangHandler(sourceDecorator({'keywords':PYTHON_KEYWORDS,'hashComments':true,'multiLineStrings':true,'tripleQuotedStrings':true}),['cv','py']);registerLangHandler(sourceDecorator({'keywords':PERL_KEYWORDS,'hashComments':true,'multiLineStrings':true,'regexLiterals':true}),['perl','pl','pm']);registerLangHandler(sourceDecorator({'keywords':RUBY_KEYWORDS,'hashComments':true,'multiLineStrings':true,'regexLiterals':true}),['rb']);registerLangHandler(sourceDecorator({'keywords':JSCRIPT_KEYWORDS,'cStyleComments':true,'regexLiterals':true}),['js']);registerLangHandler(sourceDecorator({'keywords':COFFEE_KEYWORDS,'hashComments':3,'cStyleComments':true,'multilineStrings':true,'tripleQuotedStrings':true,'regexLiterals':true}),['coffee']);registerLangHandler(createSimpleLexer([],[[PR_STRING,/^[\s\S]+/]]),['regex']);registerLangHandler(sourceDecorator({'keywords':CONFIG_KEYWORDS,'literals':CONFIG_OPTIONS,'strings':CONFIG_ENVS,'hashComments':true,'cStyleComments':false,'multiLineStrings':false,'regexLiterals':false,'httpdComments':true}),['config']);function applyDecorator(job){var opt_langExtension=job.langExtension;try{var sourceAndSpans=extractSourceSpans(job.sourceNode,job.pre);var source=sourceAndSpans.sourceCode;job.sourceCode=source;job.spans=sourceAndSpans.spans;job.basePos=0;langHandlerForExtension(opt_langExtension,source)(job);recombineTagsAndDecorations(job);}catch(e){if(win['console']){console['log'](e&&e['stack']?e['stack']:e);}}}
2466+function prettyPrintOne(sourceCodeHtml,opt_langExtension,opt_numberLines){var container=document.createElement('pre');container.innerHTML=sourceCodeHtml;if(opt_numberLines){numberLines(container,opt_numberLines,true);}
2467+var job={langExtension:opt_langExtension,numberLines:opt_numberLines,sourceNode:container,pre:1};applyDecorator(job);return container.innerHTML;}
2468+function prettyPrint(opt_whenDone){function byTagName(tn){return document.getElementsByTagName(tn);}
2469+var codeSegments=[byTagName('pre'),byTagName('code'),byTagName('xmp')];var elements=[];for(var i=0;i<codeSegments.length;++i){for(var j=0,n=codeSegments[i].length;j<n;++j){elements.push(codeSegments[i][j]);}}
2470+codeSegments=null;var clock=Date;if(!clock['now']){clock={'now':function(){return+(new Date);}};}
2471+var k=0;var prettyPrintingJob;var langExtensionRe=/\blang(?:uage)?-([\w.]+)(?!\S)/;var prettyPrintRe=/\bprettyprint\b/;var prettyPrintedRe=/\bprettyprinted\b/;var preformattedTagNameRe=/pre|xmp/i;var codeRe=/^code$/i;var preCodeXmpRe=/^(?:pre|code|xmp)$/i;function doWork(){var endTime=(win['PR_SHOULD_USE_CONTINUATION']?clock['now']()+250:Infinity);for(;k<elements.length&&clock['now']()<endTime;k++){var cs=elements[k];var className=cs.className;if(prettyPrintRe.test(className)&&!prettyPrintedRe.test(className)){var nested=false;for(var p=cs.parentNode;p;p=p.parentNode){var tn=p.tagName;if(preCodeXmpRe.test(tn)&&p.className&&prettyPrintRe.test(p.className)){nested=true;break;}}
2472+if(!nested){cs.className+=' prettyprinted';var langExtension=className.match(langExtensionRe);var wrapper;if(!langExtension&&(wrapper=childContentWrapper(cs))&&codeRe.test(wrapper.tagName)){langExtension=wrapper.className.match(langExtensionRe);}
2473+if(langExtension){langExtension=langExtension[1];}
2474+var preformatted;if(preformattedTagNameRe.test(cs.tagName)){preformatted=1;}else{var currentStyle=cs['currentStyle'];var whitespace=(currentStyle?currentStyle['whiteSpace']:(document.defaultView&&document.defaultView.getComputedStyle)?document.defaultView.getComputedStyle(cs,null).getPropertyValue('white-space'):0);preformatted=whitespace&&'pre'===whitespace.substring(0,3);}
2475+var lineNums=cs.className.match(/\blinenums\b(?::(\d+))?/);lineNums=lineNums?lineNums[1]&&lineNums[1].length?+lineNums[1]:true:false;if(lineNums){numberLines(cs,lineNums,preformatted);}
2476+prettyPrintingJob={langExtension:langExtension,sourceNode:cs,numberLines:lineNums,pre:preformatted};applyDecorator(prettyPrintingJob);}}}
2477+if(k<elements.length){setTimeout(doWork,250);}else if(opt_whenDone){opt_whenDone();}}
2478+doWork();}
2479+var PR=win['PR']={'createSimpleLexer':createSimpleLexer,'registerLangHandler':registerLangHandler,'sourceDecorator':sourceDecorator,'PR_ATTRIB_NAME':PR_ATTRIB_NAME,'PR_ATTRIB_VALUE':PR_ATTRIB_VALUE,'PR_COMMENT':PR_COMMENT,'PR_DECLARATION':PR_DECLARATION,'PR_KEYWORD':PR_KEYWORD,'PR_LITERAL':PR_LITERAL,'PR_NOCODE':PR_NOCODE,'PR_PLAIN':PR_PLAIN,'PR_PUNCTUATION':PR_PUNCTUATION,'PR_SOURCE':PR_SOURCE,'PR_STRING':PR_STRING,'PR_TAG':PR_TAG,'PR_TYPE':PR_TYPE,'prettyPrintOne':win['prettyPrintOne']=prettyPrintOne,'prettyPrint':win['prettyPrint']=prettyPrint};PR['registerLangHandler'](PR['createSimpleLexer']([[PR['PR_PLAIN'],/^[\t\n\r \xA0]+/,null,'\t\n\r \xA0'],[PR['PR_STRING'],/^(?:\"(?:[^\"\\]|\\[\s\S])*(?:\"|$)|\'(?:[^\'\\]|\\[\s\S])*(?:\'|$))/,null,'"\'']],[[PR['PR_COMMENT'],/^--(?:\[(=*)\[[\s\S]*?(?:\]\1\]|$)|[^\r\n]*)/],[PR['PR_TYPE'],/^nil|false|true/],[PR['PR_STRING'],/^\[(=*)\[[\s\S]*?(?:\]\1\]|$)/],[PR['PR_KEYWORD'],/^(?:and|break|do|else|elseif|end|for|function|if|in|local|not|or|repeat|require|return|then|until|while)\b/,null],[PR['PR_LITERAL'],/^[+-]?(?:0x[\da-f]+|(?:(?:\.\d+|\d+(?:\.\d*)?)(?:e[+\-]?\d+)?))/i],[PR['PR_PLAIN'],/^[a-z_]\w*/i],[PR['PR_PUNCTUATION'],/^[^\w\t\n\r \xA0][^\w\t\n\r \xA0\"\'\-\+=]*/]]),['lua']);if(typeof define==="function"&&define['amd']){define("google-code-prettify",[],function(){return PR;});}})();
2480\ No newline at end of file
2481diff --git a/docs/manual/style/sitemap.dtd b/docs/manual/style/sitemap.dtd
2482new file mode 100644
2483index 0000000..829f326
2484--- /dev/null
2485+++ b/docs/manual/style/sitemap.dtd
2486@@ -0,0 +1,42 @@
2487+<?xml version='1.0' encoding='UTF-8' ?>
2488+
2489+<!--
2490+ Licensed to the Apache Software Foundation (ASF) under one or more
2491+ contributor license agreements. See the NOTICE file distributed with
2492+ this work for additional information regarding copyright ownership.
2493+ The ASF licenses this file to You under the Apache License, Version 2.0
2494+ (the "License"); you may not use this file except in compliance with
2495+ the License. You may obtain a copy of the License at
2496+
2497+ http://www.apache.org/licenses/LICENSE-2.0
2498+
2499+ Unless required by applicable law or agreed to in writing, software
2500+ distributed under the License is distributed on an "AS IS" BASIS,
2501+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2502+ See the License for the specific language governing permissions and
2503+ limitations under the License.
2504+-->
2505+
2506+<!ENTITY % common SYSTEM "common.dtd">
2507+%common;
2508+
2509+<!-- <sitemap> is the root element -->
2510+<!ELEMENT sitemap (title, summary?, seealso*, category*)>
2511+
2512+<!ATTLIST sitemap metafile CDATA #REQUIRED
2513+ upgrade CDATA #IMPLIED
2514+>
2515+
2516+<!-- <indexpage> is another root element -->
2517+<!ELEMENT indexpage (parentdocument, title, category*)>
2518+
2519+<!ATTLIST indexpage metafile CDATA #REQUIRED
2520+ upgrade CDATA #IMPLIED
2521+>
2522+
2523+<!ELEMENT category (title, page*)>
2524+<!ATTLIST category id ID #IMPLIED>
2525+
2526+<!ELEMENT page (#PCDATA)>
2527+<!ATTLIST page href CDATA #IMPLIED
2528+ separate (yes | no) "no" >
2529diff --git a/docs/manual/style/version.ent b/docs/manual/style/version.ent
2530new file mode 100644
2531index 0000000..b44b2a7
2532--- /dev/null
2533+++ b/docs/manual/style/version.ent
2534@@ -0,0 +1,24 @@
2535+<?xml version='1.0' encoding='UTF-8' ?>
2536+
2537+<!--
2538+ Licensed to the Apache Software Foundation (ASF) under one or more
2539+ contributor license agreements. See the NOTICE file distributed with
2540+ this work for additional information regarding copyright ownership.
2541+ The ASF licenses this file to You under the Apache License, Version 2.0
2542+ (the "License"); you may not use this file except in compliance with
2543+ the License. You may obtain a copy of the License at
2544+
2545+ http://www.apache.org/licenses/LICENSE-2.0
2546+
2547+ Unless required by applicable law or agreed to in writing, software
2548+ distributed under the License is distributed on an "AS IS" BASIS,
2549+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2550+ See the License for the specific language governing permissions and
2551+ limitations under the License.
2552+-->
2553+
2554+<!ENTITY httpd.major "2">
2555+<!ENTITY httpd.minor "4">
2556+<!ENTITY httpd.patch "29">
2557+
2558+<!ENTITY httpd.docs "2.4">
2559diff --git a/docs/manual/suexec.html b/docs/manual/suexec.html
2560new file mode 100644
2561index 0000000..c4cc65b
2562--- /dev/null
2563+++ b/docs/manual/suexec.html
2564@@ -0,0 +1,21 @@
2565+# GENERATED FROM XML -- DO NOT EDIT
2566+
2567+URI: suexec.html.en
2568+Content-Language: en
2569+Content-type: text/html; charset=ISO-8859-1
2570+
2571+URI: suexec.html.fr
2572+Content-Language: fr
2573+Content-type: text/html; charset=ISO-8859-1
2574+
2575+URI: suexec.html.ja.utf8
2576+Content-Language: ja
2577+Content-type: text/html; charset=UTF-8
2578+
2579+URI: suexec.html.ko.euc-kr
2580+Content-Language: ko
2581+Content-type: text/html; charset=EUC-KR
2582+
2583+URI: suexec.html.tr.utf8
2584+Content-Language: tr
2585+Content-type: text/html; charset=UTF-8
2586diff --git a/docs/manual/suexec.html.en b/docs/manual/suexec.html.en
2587new file mode 100644
2588index 0000000..28be5fd
2589--- /dev/null
2590+++ b/docs/manual/suexec.html.en
2591@@ -0,0 +1,643 @@
2592+<?xml version="1.0" encoding="ISO-8859-1"?>
2593+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
2594+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
2595+<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
2596+<!--
2597+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2598+ This file is generated from xml source: DO NOT EDIT
2599+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2600+ -->
2601+<title>suEXEC Support - Apache HTTP Server Version 2.4</title>
2602+<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
2603+<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
2604+<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" />
2605+<script src="./style/scripts/prettify.min.js" type="text/javascript">
2606+</script>
2607+
2608+<link href="./images/favicon.ico" rel="shortcut icon" /></head>
2609+<body id="manual-page"><div id="page-header">
2610+<p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p>
2611+<p class="apache">Apache HTTP Server Version 2.4</p>
2612+<img alt="" src="./images/feather.png" /></div>
2613+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="./images/left.gif" /></a></div>
2614+<div id="path">
2615+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="./">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>suEXEC Support</h1>
2616+<div class="toplang">
2617+<p><span>Available Languages: </span><a href="./en/suexec.html" title="English">&nbsp;en&nbsp;</a> |
2618+<a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Fran�ais">&nbsp;fr&nbsp;</a> |
2619+<a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
2620+<a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
2621+<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="T�rk�e">&nbsp;tr&nbsp;</a></p>
2622+</div>
2623+
2624+ <p>The <strong>suEXEC</strong> feature provides users of the Apache
2625+ HTTP Server the ability
2626+ to run <strong>CGI</strong> and <strong>SSI</strong> programs
2627+ under user IDs different from the user ID of the calling
2628+ web server. Normally, when a CGI or SSI program executes, it
2629+ runs as the same user who is running the web server.</p>
2630+
2631+ <p>Used properly, this feature can reduce
2632+ considerably the security risks involved with allowing users to
2633+ develop and run private CGI or SSI programs. However, if suEXEC
2634+ is improperly configured, it can cause any number of problems
2635+ and possibly create new holes in your computer's security. If
2636+ you aren't familiar with managing <em>setuid root</em> programs
2637+ and the security issues they present, we highly recommend that
2638+ you not consider using suEXEC.</p>
2639+ </div>
2640+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#before">Before we begin</a></li>
2641+<li><img alt="" src="./images/down.gif" /> <a href="#model">suEXEC Security Model</a></li>
2642+<li><img alt="" src="./images/down.gif" /> <a href="#install">Configuring &amp; Installing
2643+ suEXEC</a></li>
2644+<li><img alt="" src="./images/down.gif" /> <a href="#enable">Enabling &amp; Disabling
2645+ suEXEC</a></li>
2646+<li><img alt="" src="./images/down.gif" /> <a href="#usage">Using suEXEC</a></li>
2647+<li><img alt="" src="./images/down.gif" /> <a href="#debug">Debugging suEXEC</a></li>
2648+<li><img alt="" src="./images/down.gif" /> <a href="#jabberwock">Beware the Jabberwock:
2649+ Warnings &amp; Examples</a></li>
2650+</ul><h3>See also</h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
2651+<div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
2652+<div class="section">
2653+<h2><a name="before" id="before">Before we begin</a></h2>
2654+
2655+ <p>Before jumping head-first into this document,
2656+ you should be aware that certain assumptions are made about you and
2657+ the environment in which you will be using suexec.</p>
2658+
2659+ <p>First, it is assumed that you are using a UNIX
2660+ derivative operating system that is capable of
2661+ <strong>setuid</strong> and <strong>setgid</strong> operations.
2662+ All command examples are given in this regard. Other platforms,
2663+ if they are capable of supporting suEXEC, may differ in their
2664+ configuration.</p>
2665+
2666+ <p>Second, it is assumed you are familiar with
2667+ some basic concepts of your computer's security and its
2668+ administration. This involves an understanding of
2669+ <strong>setuid/setgid</strong> operations and the various
2670+ effects they may have on your system and its level of
2671+ security.</p>
2672+
2673+ <p>Third, it is assumed that you are using an
2674+ <strong>unmodified</strong> version of suEXEC code. All code
2675+ for suEXEC has been carefully scrutinized and tested by the
2676+ developers as well as numerous beta testers. Every precaution
2677+ has been taken to ensure a simple yet solidly safe base of
2678+ code. Altering this code can cause unexpected problems and new
2679+ security risks. It is <strong>highly</strong> recommended you
2680+ not alter the suEXEC code unless you are well versed in the
2681+ particulars of security programming and are willing to share
2682+ your work with the Apache HTTP Server development team for consideration.</p>
2683+
2684+ <p>Fourth, and last, it has been the decision of
2685+ the Apache HTTP Server development team to <strong>NOT</strong> make suEXEC part of
2686+ the default installation of Apache httpd. To this end, suEXEC
2687+ configuration requires of the administrator careful attention
2688+ to details. After due consideration has been given to the
2689+ various settings for suEXEC, the administrator may install
2690+ suEXEC through normal installation methods. The values for
2691+ these settings need to be carefully determined and specified by
2692+ the administrator to properly maintain system security during
2693+ the use of suEXEC functionality. It is through this detailed
2694+ process that we hope to limit suEXEC
2695+ installation only to those who are careful and determined
2696+ enough to use it.</p>
2697+
2698+ <p>Still with us? Yes? Good. Let's move on!</p>
2699+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
2700+<div class="section">
2701+<h2><a name="model" id="model">suEXEC Security Model</a></h2>
2702+
2703+ <p>Before we begin configuring and installing
2704+ suEXEC, we will first discuss the security model you are about
2705+ to implement. By doing so, you may better understand what
2706+ exactly is going on inside suEXEC and what precautions are
2707+ taken to ensure your system's security.</p>
2708+
2709+ <p><strong>suEXEC</strong> is based on a setuid
2710+ "wrapper" program that is called by the main Apache HTTP Server.
2711+ This wrapper is called when an HTTP request is made for a CGI
2712+ or SSI program that the administrator has designated to run as
2713+ a userid other than that of the main server. When such a
2714+ request is made, Apache httpd provides the suEXEC wrapper with the
2715+ program's name and the user and group IDs under which the
2716+ program is to execute.</p>
2717+
2718+ <p>The wrapper then employs the following process
2719+ to determine success or failure -- if any one of these
2720+ conditions fail, the program logs the failure and exits with an
2721+ error, otherwise it will continue:</p>
2722+
2723+ <ol>
2724+ <li>
2725+ <strong>Is the user executing this wrapper a valid user of
2726+ this system?</strong>
2727+
2728+ <p class="indent">
2729+ This is to ensure that the user executing the wrapper is
2730+ truly a user of the system.
2731+ </p>
2732+ </li>
2733+
2734+ <li>
2735+ <strong>Was the wrapper called with the proper number of
2736+ arguments?</strong>
2737+
2738+ <p class="indent">
2739+ The wrapper will only execute if it is given the proper
2740+ number of arguments. The proper argument format is known
2741+ to the Apache HTTP Server. If the wrapper is not receiving
2742+ the proper number of arguments, it is either being
2743+ hacked, or there is something wrong with the suEXEC
2744+ portion of your Apache httpd binary.
2745+ </p>
2746+ </li>
2747+
2748+ <li>
2749+ <strong>Is this valid user allowed to run the
2750+ wrapper?</strong>
2751+
2752+ <p class="indent">
2753+ Is this user the user allowed to run this wrapper? Only
2754+ one user (the Apache user) is allowed to execute this
2755+ program.
2756+ </p>
2757+ </li>
2758+
2759+ <li>
2760+ <strong>Does the target CGI or SSI program have an unsafe
2761+ hierarchical reference?</strong>
2762+
2763+ <p class="indent">
2764+ Does the target CGI or SSI program's path contain a leading
2765+ '/' or have a '..' backreference? These are not allowed; the
2766+ target CGI/SSI program must reside within suEXEC's document
2767+ root (see <code>--with-suexec-docroot=<em>DIR</em></code>
2768+ below).
2769+ </p>
2770+ </li>
2771+
2772+ <li>
2773+ <strong>Is the target user name valid?</strong>
2774+
2775+ <p class="indent">
2776+ Does the target user exist?
2777+ </p>
2778+ </li>
2779+
2780+ <li>
2781+ <strong>Is the target group name valid?</strong>
2782+
2783+ <p class="indent">
2784+ Does the target group exist?
2785+ </p>
2786+ </li>
2787+
2788+ <li>
2789+ <strong>Is the target user <em>NOT</em> superuser?</strong>
2790+
2791+
2792+ <p class="indent">
2793+ suEXEC does not allow <code><em>root</em></code>
2794+ to execute CGI/SSI programs.
2795+ </p>
2796+ </li>
2797+
2798+ <li>
2799+ <strong>Is the target userid <em>ABOVE</em> the minimum ID
2800+ number?</strong>
2801+
2802+ <p class="indent">
2803+ The minimum user ID number is specified during
2804+ configuration. This allows you to set the lowest possible
2805+ userid that will be allowed to execute CGI/SSI programs.
2806+ This is useful to block out "system" accounts.
2807+ </p>
2808+ </li>
2809+
2810+ <li>
2811+ <strong>Is the target group <em>NOT</em> the superuser
2812+ group?</strong>
2813+
2814+ <p class="indent">
2815+ Presently, suEXEC does not allow the <code><em>root</em></code>
2816+ group to execute CGI/SSI programs.
2817+ </p>
2818+ </li>
2819+
2820+ <li>
2821+ <strong>Is the target groupid <em>ABOVE</em> the minimum ID
2822+ number?</strong>
2823+
2824+ <p class="indent">
2825+ The minimum group ID number is specified during
2826+ configuration. This allows you to set the lowest possible
2827+ groupid that will be allowed to execute CGI/SSI programs.
2828+ This is useful to block out "system" groups.
2829+ </p>
2830+ </li>
2831+
2832+ <li>
2833+ <strong>Can the wrapper successfully become the target user
2834+ and group?</strong>
2835+
2836+ <p class="indent">
2837+ Here is where the program becomes the target user and
2838+ group via setuid and setgid calls. The group access list
2839+ is also initialized with all of the groups of which the
2840+ user is a member.
2841+ </p>
2842+ </li>
2843+
2844+ <li>
2845+ <strong>Can we change directory to the one in which the target
2846+ CGI/SSI program resides?</strong>
2847+
2848+ <p class="indent">
2849+ If it doesn't exist, it can't very well contain files. If we
2850+ can't change directory to it, it might as well not exist.
2851+ </p>
2852+ </li>
2853+
2854+ <li>
2855+ <strong>Is the directory within the httpd webspace?</strong>
2856+
2857+ <p class="indent">
2858+ If the request is for a regular portion of the server, is
2859+ the requested directory within suEXEC's document root? If
2860+ the request is for a <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>, is the requested directory
2861+ within the directory configured as suEXEC's userdir (see
2862+ <a href="#install">suEXEC's configuration options</a>)?
2863+ </p>
2864+ </li>
2865+
2866+ <li>
2867+ <strong>Is the directory <em>NOT</em> writable by anyone
2868+ else?</strong>
2869+
2870+ <p class="indent">
2871+ We don't want to open up the directory to others; only
2872+ the owner user may be able to alter this directories
2873+ contents.
2874+ </p>
2875+ </li>
2876+
2877+ <li>
2878+ <strong>Does the target CGI/SSI program exist?</strong>
2879+
2880+ <p class="indent">
2881+ If it doesn't exists, it can't very well be executed.
2882+ </p>
2883+ </li>
2884+
2885+ <li>
2886+ <strong>Is the target CGI/SSI program <em>NOT</em> writable
2887+ by anyone else?</strong>
2888+
2889+ <p class="indent">
2890+ We don't want to give anyone other than the owner the
2891+ ability to change the CGI/SSI program.
2892+ </p>
2893+ </li>
2894+
2895+ <li>
2896+ <strong>Is the target CGI/SSI program <em>NOT</em> setuid or
2897+ setgid?</strong>
2898+
2899+ <p class="indent">
2900+ We do not want to execute programs that will then change
2901+ our UID/GID again.
2902+ </p>
2903+ </li>
2904+
2905+ <li>
2906+ <strong>Is the target user/group the same as the program's
2907+ user/group?</strong>
2908+
2909+ <p class="indent">
2910+ Is the user the owner of the file?
2911+ </p>
2912+ </li>
2913+
2914+ <li>
2915+ <strong>Can we successfully clean the process environment
2916+ to ensure safe operations?</strong>
2917+
2918+ <p class="indent">
2919+ suEXEC cleans the process' environment by establishing a
2920+ safe execution PATH (defined during configuration), as
2921+ well as only passing through those variables whose names
2922+ are listed in the safe environment list (also created
2923+ during configuration).
2924+ </p>
2925+ </li>
2926+
2927+ <li>
2928+ <strong>Can we successfully become the target CGI/SSI program
2929+ and execute?</strong>
2930+
2931+ <p class="indent">
2932+ Here is where suEXEC ends and the target CGI/SSI program begins.
2933+ </p>
2934+ </li>
2935+ </ol>
2936+
2937+ <p>This is the standard operation of the
2938+ suEXEC wrapper's security model. It is somewhat stringent and
2939+ can impose new limitations and guidelines for CGI/SSI design,
2940+ but it was developed carefully step-by-step with security in
2941+ mind.</p>
2942+
2943+ <p>For more information as to how this security
2944+ model can limit your possibilities in regards to server
2945+ configuration, as well as what security risks can be avoided
2946+ with a proper suEXEC setup, see the <a href="#jabberwock">"Beware the Jabberwock"</a> section of this
2947+ document.</p>
2948+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
2949+<div class="section">
2950+<h2><a name="install" id="install">Configuring &amp; Installing
2951+ suEXEC</a></h2>
2952+
2953+ <p>Here's where we begin the fun.</p>
2954+
2955+ <p><strong>suEXEC configuration
2956+ options</strong><br />
2957+ </p>
2958+
2959+ <dl>
2960+ <dt><code>--enable-suexec</code></dt>
2961+
2962+ <dd>This option enables the suEXEC feature which is never
2963+ installed or activated by default. At least one
2964+ <code>--with-suexec-xxxxx</code> option has to be provided
2965+ together with the <code>--enable-suexec</code> option to let
2966+ APACI accept your request for using the suEXEC feature.</dd>
2967+
2968+ <dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
2969+
2970+ <dd>The path to the <code>suexec</code> binary must be hard-coded
2971+ in the server for security reasons. Use this option to override
2972+ the default path. <em>e.g.</em>
2973+ <code>--with-suexec-bin=/usr/sbin/suexec</code></dd>
2974+
2975+ <dt><code>--with-suexec-caller=<em>UID</em></code></dt>
2976+
2977+ <dd>The <a href="mod/mpm_common.html#user">username</a> under which
2978+ httpd normally runs. This is the only user allowed to
2979+ execute the suEXEC wrapper.</dd>
2980+
2981+ <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
2982+
2983+ <dd>Define to be the subdirectory under users' home
2984+ directories where suEXEC access should be allowed. All
2985+ executables under this directory will be executable by suEXEC
2986+ as the user so they should be "safe" programs. If you are
2987+ using a "simple" <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>
2988+ directive (ie. one without a "*" in it) this should be set to the same
2989+ value. suEXEC will not work properly in cases where the <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> directive points to
2990+ a location that is not the same as the user's home directory
2991+ as referenced in the <code>passwd</code> file. Default value is
2992+ "<code>public_html</code>".<br />
2993+ If you have virtual hosts with a different <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> for each,
2994+ you will need to define them to all reside in one parent
2995+ directory; then name that parent directory here. <strong>If
2996+ this is not defined properly, "~userdir" cgi requests will
2997+ not work!</strong></dd>
2998+
2999+ <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
3000+
3001+ <dd>Define as the DocumentRoot set for httpd. This will be
3002+ the only hierarchy (aside from <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>s) that can be used for suEXEC behavior. The
3003+ default directory is the <code>--datadir</code> value with the suffix
3004+ "<code>/htdocs</code>", <em>e.g.</em> if you configure with
3005+ "<code>--datadir=/home/apache</code>" the directory
3006+ "<code>/home/apache/htdocs</code>" is used as document root for the
3007+ suEXEC wrapper.</dd>
3008+
3009+ <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
3010+
3011+ <dd>Define this as the lowest UID allowed to be a target user
3012+ for suEXEC. For most systems, 500 or 100 is common. Default
3013+ value is 100.</dd>
3014+
3015+ <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
3016+
3017+ <dd>Define this as the lowest GID allowed to be a target
3018+ group for suEXEC. For most systems, 100 is common and
3019+ therefore used as default value.</dd>
3020+
3021+ <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
3022+
3023+ <dd>This defines the filename to which all suEXEC
3024+ transactions and errors are logged (useful for auditing and
3025+ debugging purposes). By default the logfile is named
3026+ "<code>suexec_log</code>" and located in your standard logfile
3027+ directory (<code>--logfiledir</code>).</dd>
3028+
3029+ <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
3030+
3031+ <dd>Define a safe PATH environment to pass to CGI
3032+ executables. Default value is
3033+ "<code>/usr/local/bin:/usr/bin:/bin</code>".</dd>
3034+ </dl>
3035+
3036+ <h3>Compiling and installing the suEXEC wrapper</h3>
3037+
3038+
3039+ <p>If you have enabled the suEXEC feature with the
3040+ <code>--enable-suexec</code> option the <code>suexec</code> binary
3041+ (together with httpd itself) is automatically built if you execute
3042+ the <code>make</code> command.</p>
3043+
3044+ <p>After all components have been built you can execute the
3045+ command <code>make install</code> to install them. The binary image
3046+ <code>suexec</code> is installed in the directory defined by the
3047+ <code>--sbindir</code> option. The default location is
3048+ "/usr/local/apache2/bin/suexec".</p>
3049+
3050+ <p>Please note that you need <strong><em>root
3051+ privileges</em></strong> for the installation step. In order
3052+ for the wrapper to set the user ID, it must be installed as
3053+ owner <code><em>root</em></code> and must have the setuserid
3054+ execution bit set for file modes.</p>
3055+
3056+
3057+ <h3>Setting paranoid permissions</h3>
3058+
3059+
3060+ <p>Although the suEXEC wrapper will check to ensure that its
3061+ caller is the correct user as specified with the
3062+ <code>--with-suexec-caller</code> <code class="program"><a href="./programs/configure.html">configure</a></code>
3063+ option, there is
3064+ always the possibility that a system or library call suEXEC uses
3065+ before this check may be exploitable on your system. To counter
3066+ this, and because it is best-practise in general, you should use
3067+ filesystem permissions to ensure that only the group httpd
3068+ runs as may execute suEXEC.</p>
3069+
3070+ <p>If for example, your web server is configured to run as:</p>
3071+
3072+ <pre class="prettyprint lang-config">User www
3073+Group webgroup</pre>
3074+
3075+
3076+ <p>and <code class="program"><a href="./programs/suexec.html">suexec</a></code> is installed at
3077+ "/usr/local/apache2/bin/suexec", you should run:</p>
3078+
3079+ <div class="example"><p><code>
3080+ chgrp webgroup /usr/local/apache2/bin/suexec<br />
3081+ chmod 4750 /usr/local/apache2/bin/suexec<br />
3082+ </code></p></div>
3083+
3084+ <p>This will ensure that only the group httpd runs as can even
3085+ execute the suEXEC wrapper.</p>
3086+
3087+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3088+<div class="section">
3089+<h2><a name="enable" id="enable">Enabling &amp; Disabling
3090+ suEXEC</a></h2>
3091+
3092+ <p>Upon startup of httpd, it looks for the file
3093+ <code class="program"><a href="./programs/suexec.html">suexec</a></code> in the directory defined by the
3094+ <code>--sbindir</code> option (default is
3095+ "/usr/local/apache/sbin/suexec"). If httpd finds a properly
3096+ configured suEXEC wrapper, it will print the following message
3097+ to the error log:</p>
3098+
3099+<div class="example"><p><code>
3100+ [notice] suEXEC mechanism enabled (wrapper: <var>/path/to/suexec</var>)
3101+</code></p></div>
3102+
3103+ <p>If you don't see this message at server startup, the server is
3104+ most likely not finding the wrapper program where it expects
3105+ it, or the executable is not installed <em>setuid root</em>.</p>
3106+
3107+ <p>If you want to enable the suEXEC mechanism for the first time
3108+ and an Apache HTTP Server is already running you must kill and
3109+ restart httpd. Restarting it with a simple HUP or USR1 signal
3110+ will not be enough. </p>
3111+ <p>If you want to disable suEXEC you should kill and restart
3112+ httpd after you have removed the <code class="program"><a href="./programs/suexec.html">suexec</a></code> file.</p>
3113+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3114+<div class="section">
3115+<h2><a name="usage" id="usage">Using suEXEC</a></h2>
3116+
3117+ <p>Requests for CGI programs will call the suEXEC wrapper only if
3118+ they are for a virtual host containing a <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> directive or if
3119+ they are processed by <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code>.</p>
3120+
3121+ <p><strong>Virtual Hosts:</strong><br /> One way to use the suEXEC
3122+ wrapper is through the <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> directive in
3123+ <code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code> definitions. By
3124+ setting this directive to values different from the main server
3125+ user ID, all requests for CGI resources will be executed as the
3126+ <em>User</em> and <em>Group</em> defined for that <code class="directive"><a href="./mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code>. If this
3127+ directive is not specified for a <code class="directive"><a href="./mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code> then the main server userid
3128+ is assumed.</p>
3129+
3130+ <p><strong>User directories:</strong><br /> Requests that are
3131+ processed by <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code> will call the suEXEC
3132+ wrapper to execute CGI programs under the userid of the requested
3133+ user directory. The only requirement needed for this feature to
3134+ work is for CGI execution to be enabled for the user and that the
3135+ script must meet the scrutiny of the <a href="#model">security
3136+ checks</a> above. See also the
3137+ <code>--with-suexec-userdir</code> <a href="#install">compile
3138+ time option</a>.</p> </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3139+<div class="section">
3140+<h2><a name="debug" id="debug">Debugging suEXEC</a></h2>
3141+
3142+ <p>The suEXEC wrapper will write log information
3143+ to the file defined with the <code>--with-suexec-logfile</code>
3144+ option as indicated above. If you feel you have configured and
3145+ installed the wrapper properly, have a look at this log and the
3146+ error_log for the server to see where you may have gone astray.</p>
3147+
3148+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3149+<div class="section">
3150+<h2><a name="jabberwock" id="jabberwock">Beware the Jabberwock:
3151+ Warnings &amp; Examples</a></h2>
3152+
3153+ <p><strong>NOTE!</strong> This section may not be
3154+ complete. For the latest revision of this section of the
3155+ documentation, see the <a href="http://httpd.apache.org/docs/2.4/suexec.html">Online
3156+ Documentation</a> version.</p>
3157+
3158+ <p>There are a few points of interest regarding
3159+ the wrapper that can cause limitations on server setup. Please
3160+ review these before submitting any "bugs" regarding suEXEC.</p>
3161+
3162+ <ul>
3163+ <li><strong>suEXEC Points Of Interest</strong></li>
3164+
3165+ <li>
3166+ Hierarchy limitations
3167+
3168+ <p class="indent">
3169+ For security and efficiency reasons, all suEXEC requests
3170+ must remain within either a top-level document root for
3171+ virtual host requests, or one top-level personal document
3172+ root for userdir requests. For example, if you have four
3173+ VirtualHosts configured, you would need to structure all
3174+ of your VHosts' document roots off of one main httpd
3175+ document hierarchy to take advantage of suEXEC for
3176+ VirtualHosts. (Example forthcoming.)
3177+ </p>
3178+ </li>
3179+
3180+ <li>
3181+ suEXEC's PATH environment variable
3182+
3183+ <p class="indent">
3184+ This can be a dangerous thing to change. Make certain
3185+ every path you include in this define is a
3186+ <strong>trusted</strong> directory. You don't want to
3187+ open people up to having someone from across the world
3188+ running a trojan horse on them.
3189+ </p>
3190+ </li>
3191+
3192+ <li>
3193+ Altering the suEXEC code
3194+
3195+ <p class="indent">
3196+ Again, this can cause <strong>Big Trouble</strong> if you
3197+ try this without knowing what you are doing. Stay away
3198+ from it if at all possible.
3199+ </p>
3200+ </li>
3201+ </ul>
3202+
3203+</div></div>
3204+<div class="bottomlang">
3205+<p><span>Available Languages: </span><a href="./en/suexec.html" title="English">&nbsp;en&nbsp;</a> |
3206+<a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Fran�ais">&nbsp;fr&nbsp;</a> |
3207+<a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
3208+<a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
3209+<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="T�rk�e">&nbsp;tr&nbsp;</a></p>
3210+</div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
3211+<script type="text/javascript"><!--//--><![CDATA[//><!--
3212+var comments_shortname = 'httpd';
3213+var comments_identifier = 'http://httpd.apache.org/docs/2.4/suexec.html';
3214+(function(w, d) {
3215+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
3216+ d.write('<div id="comments_thread"><\/div>');
3217+ var s = d.createElement('script');
3218+ s.type = 'text/javascript';
3219+ s.async = true;
3220+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
3221+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
3222+ }
3223+ else {
3224+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
3225+ }
3226+})(window, document);
3227+//--><!]]></script></div><div id="footer">
3228+<p class="apache">Copyright 2017 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
3229+<p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
3230+if (typeof(prettyPrint) !== 'undefined') {
3231+ prettyPrint();
3232+}
3233+//--><!]]></script>
3234+</body></html>
3235\ No newline at end of file
3236diff --git a/docs/manual/suexec.html.fr b/docs/manual/suexec.html.fr
3237new file mode 100644
3238index 0000000..02aa50c
3239--- /dev/null
3240+++ b/docs/manual/suexec.html.fr
3241@@ -0,0 +1,689 @@
3242+<?xml version="1.0" encoding="ISO-8859-1"?>
3243+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3244+<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"><head>
3245+<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
3246+<!--
3247+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
3248+ This file is generated from xml source: DO NOT EDIT
3249+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
3250+ -->
3251+<title>Support suEXEC - Serveur Apache HTTP Version 2.4</title>
3252+<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
3253+<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
3254+<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" />
3255+<script src="./style/scripts/prettify.min.js" type="text/javascript">
3256+</script>
3257+
3258+<link href="./images/favicon.ico" rel="shortcut icon" /></head>
3259+<body id="manual-page"><div id="page-header">
3260+<p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossaire</a> | <a href="./sitemap.html">Plan du site</a></p>
3261+<p class="apache">Serveur Apache HTTP Version 2.4</p>
3262+<img alt="" src="./images/feather.png" /></div>
3263+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="./images/left.gif" /></a></div>
3264+<div id="path">
3265+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">Serveur HTTP</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="./">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>Support suEXEC</h1>
3266+<div class="toplang">
3267+<p><span>Langues Disponibles: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
3268+<a href="./fr/suexec.html" title="Fran�ais">&nbsp;fr&nbsp;</a> |
3269+<a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
3270+<a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
3271+<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="T�rk�e">&nbsp;tr&nbsp;</a></p>
3272+</div>
3273+
3274+ <p>La fonctionnalit� <strong>suEXEC</strong> permet
3275+ l'ex�cution des programmes <strong>CGI</strong> et
3276+ <strong>SSI</strong> sous un utilisateur autre que celui sous
3277+ lequel s'ex�cute le serveur web qui appelle ces programmes.
3278+ Normalement, lorsqu'un programme CGI ou SSI est lanc�, il
3279+ s'ex�cute sous le m�me utilisateur que celui du serveur web qui
3280+ l'appelle.</p>
3281+
3282+ <p>Utilis�e de mani�re appropri�e, cette fonctionnalit� peut
3283+ r�duire consid�rablement les risques de s�curit� encourus
3284+ lorsqu'on autorise les utilisateurs � d�velopper et faire
3285+ s'ex�cuter des programmes CGI ou SSI de leur cru. Cependant, mal
3286+ configur�, suEXEC peut causer de nombreux probl�mes et m�me cr�er
3287+ de nouvelles failles dans la s�curit� de votre ordinateur. Si
3288+ vous n'�tes pas familier avec la gestion des programmes
3289+ <em>setuid root</em> et les risques de s�curit� qu'ils comportent,
3290+ nous vous recommandons vivement de ne pas tenter
3291+ d'utiliser suEXEC.</p>
3292+ </div>
3293+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#before">Avant de commencer</a></li>
3294+<li><img alt="" src="./images/down.gif" /> <a href="#model">Mod�le de s�curit� de suEXEC</a></li>
3295+<li><img alt="" src="./images/down.gif" /> <a href="#install">Configurer et installer suEXEC</a></li>
3296+<li><img alt="" src="./images/down.gif" /> <a href="#enable">Activation et d�sactivation
3297+de suEXEC</a></li>
3298+<li><img alt="" src="./images/down.gif" /> <a href="#usage">Utilisation de suEXEC</a></li>
3299+<li><img alt="" src="./images/down.gif" /> <a href="#debug">D�bogage de suEXEC</a></li>
3300+<li><img alt="" src="./images/down.gif" /> <a href="#jabberwock">Avis � la population !
3301+ Avertissements et exemples</a></li>
3302+</ul><h3>Voir aussi</h3><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div>
3303+<div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3304+<div class="section">
3305+<h2><a name="before" id="before">Avant de commencer</a></h2>
3306+
3307+ <p>Avant de foncer t�te baiss�e dans la lecture de ce document,
3308+ vous devez tenir compte de certaines hypoth�ses concernant vous-m�me
3309+ et l'environnement dans lequel vous allez utiliser suexec.</p>
3310+
3311+ <p>Premi�rement, vous devez utiliser un syst�me d'exploitation
3312+ UNIX ou d�riv�, capable d'effectuer des op�rations
3313+ <strong>setuid</strong> et <strong>setgid</strong>. Tous les
3314+ exemples de commande sont donn�s en cons�quence. D'autres
3315+ plates-formes, m�me si elles supportent suEXEC, peuvent
3316+ avoir une configuration diff�rente.</p>
3317+
3318+ <p>Deuxi�mement, vous devez �tre familier avec les concepts de base
3319+ relatifs � la s�curit� de votre ordinateur et son administration.
3320+ Ceci implique la compr�hension des op�rations
3321+ <strong>setuid/setgid</strong> et des diff�rents effets qu'elles
3322+ peuvent produire sur votre syst�me et son niveau de s�curit�.</p>
3323+
3324+ <p>Troisi�mement, vous devez utiliser une version
3325+ <strong>non modifi�e</strong> du code de suEXEC. L'ensemble du
3326+ code de suEXEC a �t� scrut� et test� avec soin par les d�veloppeurs
3327+ et de nombreux b�ta testeurs. Toutes les pr�cautions ont �t� prises
3328+ pour s'assurer d'une base s�re de code non seulement simple, mais
3329+ aussi solide. La modification de ce code peut causer des probl�mes
3330+ inattendus et de nouveaux risques de s�curit�. Il est
3331+ <strong>vivement</strong> recommand� de ne pas modifier le code de
3332+ suEXEC, � moins que vous ne soyez un programmeur sp�cialiste des
3333+ particularit�s li�es � la s�curit�, et souhaitez partager votre
3334+ travail avec l'�quipe de d�veloppement du serveur HTTP Apache afin
3335+ de pouvoir en discuter.</p>
3336+
3337+ <p>Quatri�mement et derni�rement, l'�quipe de d�veloppement du
3338+ serveur HTTP Apache a d�cid� de ne
3339+ <strong>PAS</strong> inclure suEXEC dans l'installation par d�faut
3340+ d'Apache httpd. Pour pouvoir mettre en oeuvre suEXEC, l'administrateur
3341+ doit porter la plus grande attention aux d�tails. Apr�s avoir bien
3342+ r�fl�chi aux diff�rents points de la configuration de suEXEC,
3343+ l'administrateur peut l'installer selon les m�thodes classiques.
3344+ Les valeurs des param�tres de configuration doivent �tre
3345+ d�termin�es et sp�cifi�es avec soin par l'administrateur, afin de
3346+ maintenir la s�curit� du syst�me de mani�re appropri�e lors de
3347+ l'utilisation de la fonctionnalit� suEXEC. C'est par le biais de
3348+ ce processus minutieux que nous esp�rons r�server
3349+ l'installation de suEXEC aux administrateurs prudents et
3350+ suffisamment d�termin�s � vouloir l'utiliser.</p>
3351+
3352+ <p>Vous �tes encore avec nous ? Oui ? Bien.
3353+ Alors nous pouvons continuer !</p>
3354+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3355+<div class="section">
3356+<h2><a name="model" id="model">Mod�le de s�curit� de suEXEC</a></h2>
3357+
3358+ <p>Avant d'installer et configurer suEXEC, nous allons tout d'abord
3359+ d�crire le mod�le de s�curit� que vous �tes sur le point
3360+ d'impl�menter. Vous devriez ainsi mieux comprendre ce qui se passe
3361+ vraiment � l'int�rieur de suEXEC et quelles pr�cautions ont �t�
3362+ prises pour pr�server la s�curit� de votre syst�me.</p>
3363+
3364+ <p><strong>suEXEC</strong> est bas� sur un programme "conteneur"
3365+ (wrapper) setuid qui est appel� par le serveur HTTP Apache principal.
3366+ Ce conteneur est appel� quand une requ�te HTTP concerne
3367+ un programme CGI ou SSI que l'administrateur
3368+ a d�cid� de faire s'ex�cuter
3369+ sous un utilisateur autre que celui du serveur principal.
3370+ Lorsqu'il re�oit une telle requ�te, Apache httpd fournit au conteneur
3371+ suEXEC le nom du programme, ainsi que les identifiants utilisateur
3372+ et groupe sous lesquels le programme doit s'ex�cuter.</p>
3373+
3374+ <p>Le conteneur effectue ensuite les v�rifications suivantes afin
3375+ de d�terminer la r�ussite ou l'�chec du processus -- si une seule
3376+ de ces conditions n'est pas v�rifi�e, le programme journalise
3377+ l'erreur et se termine en retournant un code d'erreur, sinon il
3378+ continue :</p>
3379+
3380+ <ol>
3381+ <li>
3382+ <strong>L'utilisateur qui ex�cute le conteneur est-il un
3383+ utilisateur valide de ce syst�me ?</strong>
3384+
3385+ <p class="indent">
3386+ Ceci permet de s'assurer que l'utilisateur qui ex�cute le
3387+ conteneur est vraiment un utilisateur appartenant au syst�me.
3388+ </p>
3389+ </li>
3390+
3391+ <li>
3392+ <strong>Le conteneur a-t-il �t� appel� avec un nombre
3393+ d'arguments correct ?</strong>
3394+
3395+ <p class="indent">
3396+ Le conteneur ne s'ex�cutera que si on lui fournit un nombre
3397+ d'arguments correct. Le serveur HTTP apache sait quel est le
3398+ bon format des arguments. Si le conteneur ne re�oit pas un
3399+ nombre d'arguments correct, soit il a �t� modifi�,
3400+ soit quelque chose ne va pas dans la portion suEXEC de
3401+ votre binaire Apache httpd.
3402+ </p>
3403+ </li>
3404+
3405+ <li>
3406+ <strong>Cet utilisateur valide est-il autoris� � ex�cuter le
3407+ conteneur ?</strong>
3408+
3409+ <p class="indent">
3410+ Cet utilisateur est-il celui autoris� � ex�cuter le
3411+ conteneur ? Un seul utilisateur (celui d'Apache) est
3412+ autoris� � ex�cuter ce programme.
3413+ </p>
3414+ </li>
3415+
3416+ <li>
3417+ <strong>Le chemin du programme CGI ou SSI cible est-il
3418+ non s�r ?</strong>
3419+
3420+ <p class="indent">
3421+ Le chemin du programme CGI ou SSI cible d�bute-t-il par un
3422+ '/' ou contient-il une r�f�rence arri�re '..' ? Ceci est
3423+ interdit ; le programme CGI ou SSI cible doit se trouver dans
3424+ la hi�rarchie de la racine des documents de suEXEC (voir
3425+ <code>--with-suexec-docroot=<em>DIR</em></code> ci-dessous).
3426+ </p>
3427+ </li>
3428+
3429+ <li>
3430+ <strong>Le nom utilisateur cible est-il valide ?</strong>
3431+
3432+ <p class="indent">
3433+ L'utilisateur cible existe-t-il ?
3434+ </p>
3435+ </li>
3436+
3437+ <li>
3438+ <strong>Le nom du groupe cible est-il valide ?</strong>
3439+
3440+ <p class="indent">
3441+ Le groupe cible existe-t-il ?
3442+ </p>
3443+ </li>
3444+
3445+ <li>
3446+ <strong>L'utilisateur cible n'est-il <em>PAS</em>
3447+ superutilisateur ?</strong>
3448+
3449+
3450+ <p class="indent">
3451+ suEXEc ne permet pas �
3452+ <code><em>root</em></code> d'ex�cuter des programmes CGI/SSI.
3453+ </p>
3454+ </li>
3455+
3456+ <li>
3457+ <strong>Le num�ro de l'identifiant de l'utilisateur cible
3458+ est-il <em>SUPERIEUR</em> au num�ro d'identifiant
3459+ minimum ?</strong>
3460+
3461+ <p class="indent">
3462+ Le num�ro d'identifiant utilisateur minimum est d�fini �
3463+ l'ex�cution du script configure. Ceci vous permet de d�finir
3464+ le num�ro d'identifiant utilisateur le plus bas qui sera
3465+ autoris� � �x�cuter des programmes CGI/SSI. En particulier,
3466+ cela permet d'�carter les comptes syst�me.
3467+ </p>
3468+ </li>
3469+
3470+ <li>
3471+ <strong>Le groupe cible n'est-il <em>PAS</em> le groupe
3472+ superutilisateur ?</strong>
3473+
3474+ <p class="indent">
3475+ Actuellement, suEXEC ne permet pas au groupe
3476+ <code><em>root</em></code> d'ex�cuter des programmes CGI/SSI.
3477+ </p>
3478+ </li>
3479+
3480+ <li>
3481+ <strong> Le num�ro d'identifiant du groupe cible est-il
3482+ <em>SUPERIEUR</em> au num�ro d'identifiant minimum ?</strong>
3483+
3484+ <p class="indent">
3485+ Le num�ro d'identifiant de groupe minimum est sp�cifi� lors
3486+ de l'ex�cution du script configure. Ceci vous permet de
3487+ d�finir l'identifiant de groupe le plus bas possible qui sera
3488+ autoris� � ex�cuter des programmes CGI/SSI, et est
3489+ particuli�rement utile pour �carter les groupes "syst�me".
3490+ </p>
3491+ </li>
3492+
3493+ <li>
3494+ <strong>Le conteneur peut-il obtenir avec succ�s l'identit�
3495+ des utilisateur et groupe cibles ?</strong>
3496+
3497+ <p class="indent">
3498+ C'est ici que le programme obtient l'identit� des utilisateur
3499+ et groupe cibles via des appels � setuid et setgid. De m�me,
3500+ la liste des acc�s groupe est initialis�e avec tous les
3501+ groupes auxquels l'utilisateur cible appartient.
3502+ </p>
3503+ </li>
3504+
3505+ <li>
3506+ <strong>Peut-on se positionner dans le r�pertoire dans dequel
3507+ sont situ�s les programmes CGI/SSI ?</strong>
3508+
3509+ <p class="indent">
3510+ S'il n'existe pas, il ne peut pas contenir de fichier. Et si
3511+ l'on ne peut pas s'y positionner, il n'existe probablement
3512+ pas.
3513+ </p>
3514+ </li>
3515+
3516+ <li>
3517+ <strong>Le r�pertoire est-il dans l'espace web
3518+ de httpd ?</strong>
3519+
3520+ <p class="indent">
3521+ Si la requ�te concerne une portion de la racine du serveur,
3522+ le r�pertoire demand� est-il dans la hi�rarchie de la racine
3523+ des documents de suEXEC ? Si la requ�te concerne un
3524+ <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>, le r�pertoire demand� est-il dans
3525+ la hi�rarchie du r�pertoire d�fini comme le r�pertoire
3526+ utilisateur de suEXEC (voir les
3527+ <a href="#install">options de configuration de suEXEC</a>) ?
3528+ </p>
3529+ </li>
3530+
3531+ <li>
3532+ <strong>L'�criture dans le r�pertoire est-elle interdite pour
3533+ un utilisateur autre que le propri�taire </strong>
3534+
3535+ <p class="indent">
3536+ Le r�pertoire ne doit pas �tre ouvert aux autres
3537+ utilisateurs ; seul l'utilisateur propri�taire doit pouvoir
3538+ modifier le contenu du r�pertoire.
3539+ </p>
3540+ </li>
3541+
3542+ <li>
3543+ <strong>Le programme CGI/SSI cible existe-t-il ?</strong>
3544+
3545+ <p class="indent">
3546+ S'il n'existe pas, il ne peut pas �tre ex�cut�.
3547+ </p>
3548+ </li>
3549+
3550+ <li>
3551+ <strong>Les utilisateurs autres que le propri�taire n'ont-ils
3552+ <em>PAS</em> de droits en �criture sur le programme
3553+ CGI/SSI ?</strong>
3554+
3555+ <p class="indent">
3556+ Les utilisateurs autres que le propri�taire ne doivent pas
3557+ pouvoir modifier le programme CGI/SSI.
3558+ </p>
3559+ </li>
3560+
3561+ <li>
3562+ <strong>Le programme CGI/SSI n'est-il <em>PAS</em> setuid ou
3563+ setgid ?</strong>
3564+
3565+ <p class="indent">
3566+ Les programmes cibles ne doivent pas pouvoir modifier �
3567+ nouveau les identifiants utilisateur/groupe.
3568+ </p>
3569+ </li>
3570+
3571+ <li>
3572+ <strong>Le couple utilisateur/groupe cible est-il le m�me que
3573+ celui du programme ?</strong>
3574+
3575+ <p class="indent">
3576+ L'utilisateur est-il le propri�taire du fichier ?
3577+ </p>
3578+ </li>
3579+
3580+ <li>
3581+ <strong>Peut-on nettoyer avec succ�s l'environnement des
3582+ processus afin de garantir la s�ret� des op�rations ?</strong>
3583+
3584+ <p class="indent">
3585+ suExec nettoie l'environnement des processus en �tablissant
3586+ un chemin d'ex�cution s�r (d�fini lors de la configuration),
3587+ et en ne passant que les variables dont les noms font partie
3588+ de la liste de l'environnement s�r (cr��e de m�me lors de la
3589+ configuration).
3590+ </p>
3591+ </li>
3592+
3593+ <li>
3594+ <strong>Le conteneur peut-il avec succ�s se substituer au
3595+ programme CGI/SSI cible et s'ex�cuter ?</strong>
3596+
3597+ <p class="indent">
3598+ C'est l� o� l'ex�cution de suEXEC s'arr�te et o� commence
3599+ celle du programme CGI/ssi cible.
3600+ </p>
3601+ </li>
3602+ </ol>
3603+
3604+ <p>Ce sont les op�rations standards effectu�es par le mod�le de
3605+ s�curit� du conteneur suEXEC. Il peut para�tre strict et est
3606+ susceptible d'imposer de nouvelles limitations et orientations
3607+ dans la conception des programmes CGI/SSI, mais il a �t� d�velopp�
3608+ avec le plus grand soin, �tape par �tape, en se focalisant sur
3609+ la s�curit�.</p>
3610+
3611+ <p>Pour plus d'informations sur la mesure dans laquelle ce mod�le
3612+ de s�curit� peut limiter vos possibilit�s au regard de la
3613+ configuration du serveur, ainsi que les risques de s�curit� qui
3614+ peuvent �tre �vit�s gr�ce � une configuration appropri�e de suEXEC,
3615+ se r�f�rer � la section <a href="#jabberwock">"Avis � la population !"</a> de ce document.</p>
3616+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3617+<div class="section">
3618+<h2><a name="install" id="install">Configurer et installer suEXEC</a></h2>
3619+
3620+ <p>C'est ici que nous entrons dans le vif du sujet.</p>
3621+
3622+ <p><strong>Options de configuration de suEXEC</strong><br />
3623+ </p>
3624+
3625+ <dl>
3626+ <dt><code>--enable-suexec</code></dt>
3627+
3628+ <dd>Cette option active la fonctionnalit� suEXEC qui n'est
3629+ jamais install�e ou activ�e par d�faut. Au moins une option
3630+ <code>--with-suexec-xxxxx</code> doit accompagner l'option
3631+ <code>--enable-suexec</code> pour qu'APACI (l'utilitaire de
3632+ configuration de la compilation d'Apache) accepte votre demande
3633+ d'utilisation de la fonctionnalit� suEXEC.</dd>
3634+
3635+ <dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
3636+
3637+ <dd>Le chemin du binaire <code>suexec</code> doit �tre cod� en
3638+ dur dans le serveur pour des raisons de s�curit�. Cette option
3639+ vous permet de modifier le chemin par d�faut.
3640+ <em>Par exemple</em>
3641+ <code>--with-suexec-bin=/usr/sbin/suexec</code></dd>
3642+
3643+ <dt><code>--with-suexec-caller=<em>UID</em></code></dt>
3644+
3645+ <dd>L'<a href="mod/mpm_common.html#user">utilisateur</a> sous
3646+ lequel httpd s'ex�cute habituellement. C'est le seul utilisateur
3647+ autoris� � ex�cuter le wrapper suEXEC.</dd>
3648+
3649+ <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
3650+
3651+ <dd>Cette option d�finit le sous-r�pertoire de la hi�rarchie des
3652+ r�pertoires utilisateurs dans lequel l'utilisation
3653+ de suEXEC sera autoris�e. Tous les ex�cutables situ�s dans ce
3654+ r�pertoire seront ex�cutables par suEXEC sous l'utilisateur
3655+ cible ; ces programmes doivent donc �tre s�rs. Si vous utilisez
3656+ une directive <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>
3657+ "simple" (c'est � dire ne contenant pas de
3658+ "*"), l'option --with-suexec-userdir
3659+ devra contenir la m�me valeur. SuEXEC ne fonctionnera pas
3660+ correctement si la directive <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> contient une valeur
3661+ diff�rente du r�pertoire home de l'utilisateur tel qu'il est
3662+ d�fini dans le fichier <code>passwd</code>. la valeur par d�faut
3663+ est "<code>public_html</code>".<br />
3664+ Si vous avez plusieurs h�tes virtuels avec une directive
3665+ <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> diff�rente
3666+ pour chacun d'entre eux, vous devrez faire en sorte que chaque
3667+ UserDir poss�de un r�pertoire parent commun ; donnez alors �
3668+ l'option --with-suexec-userdir le nom
3669+ de ce r�pertoire commun. <strong>Si tout ceci n'est pas d�fini
3670+ correctement, les requ�tes CGI "~userdir" ne fonctionneront
3671+ pas !</strong></dd>
3672+
3673+ <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
3674+
3675+ <dd>Cette option fonctionne comme la directive DocumentRoot pour
3676+ httpd. Il s'agit de la seule hi�rarchie (en dehors des directives
3677+ <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>) dans laquelle la fonctionnalit� suEXEC
3678+ pourra �tre utilis�e. La valeur par d�faut est la valeur de
3679+ <code>--datadir</code> accompagn�e du suffixe
3680+ "<code>/htdocs</code>" ;
3681+ <em>Par exemple</em>, si vous ex�cutez configure avec
3682+ "<code>--datadir=/home/apache</code>", la valeur
3683+ "<code>/home/apache/htdocs</code>" sera utilis�e par d�faut comme
3684+ racine des documents pour le conteneur suEXEC.</dd>
3685+
3686+ <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
3687+
3688+ <dd>Cette option d�finit l'identifiant utilisateur le plus bas
3689+ avec lequel un utilisateur pourra �tre la cible de
3690+ suEXEC. 500 ou 100 sont des valeurs courantes sur la plupart des
3691+ syst�mes. la valeur par d�faut est 100.</dd>
3692+
3693+ <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
3694+
3695+ <dd>Cette option d�finit l'identifiant de groupe le plus bas
3696+ avec lequel un utilisateur pourra �tre la cible de
3697+ suEXEC. 100 est une valeur courante sur la plupart des
3698+ syst�mes et est par cons�quent la valeur par d�faut.</dd>
3699+
3700+ <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
3701+
3702+ <dd>Cette option permet de d�finir le fichier dans lequel
3703+ toutes les transactions et erreurs de suEXEC seront journalis�es
3704+ (� des fins d'analyse ou de d�bogage). Par d�faut, le fichier
3705+ journal se nomme "<code>suexec_log</code>" et se trouve dans votre
3706+ r�pertoire standard des fichiers journaux d�fini par
3707+ <code>--logfiledir</code></dd>
3708+
3709+ <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
3710+
3711+ <dd>Cette option permet de d�finir une variable d'environnement
3712+ PATH s�re � passer aux ex�cutables CGI. La valeur par d�faut
3713+ est "<code>/usr/local/bin:/usr/bin:/bin</code>".</dd>
3714+ </dl>
3715+
3716+ <h3>Compilation et installation du conteneur suEXEC</h3>
3717+
3718+
3719+ <p>Si vous avez activ� la fonctionnalit� suEXEC � l'aide de
3720+ l'option <code>--enable-suexec</code>, le binaire
3721+ <code>suexec</code> sera automatiquement construit (en m�me temps
3722+ que httpd) lorsque vous ex�cuterez la commande
3723+ <code>make</code>.</p>
3724+
3725+ <p>Lorsque tous les composants auront �t� construits, vous pourrez
3726+ ex�cuter la commande <code>make install</code> afin de les
3727+ installer. Le binaire <code>suexec</code> sera install� dans le
3728+ r�pertoire d�fini � l'aide de l'option <code>--sbindir</code>. La
3729+ localisation par d�faut est "/usr/local/apache2/bin/suexec".</p>
3730+ <p>Veuillez noter que vous aurez besoin des
3731+ <strong><em>privil�ges root</em></strong> pour passer l'�tape de
3732+ l'installation. Pour que le conteneur puisse changer
3733+ l'identifiant utilisateur, il doit avoir comme propri�taire
3734+ <code><em>root</em></code>, et les droits du fichier doivent
3735+ inclure le bit d'ex�cution setuserid.</p>
3736+
3737+
3738+ <h3>&gt;Mise en place de permissions pour
3739+ parano�aque</h3>
3740+
3741+ <p>Bien que le conteneur suEXEC v�rifie que l'utilisateur qui
3742+ l'appelle correspond bien � l'utilisateur sp�cifi� � l'aide de
3743+ l'option <code>--with-suexec-caller</code> du programme
3744+ <code class="program"><a href="./programs/configure.html">configure</a></code>, il subsiste toujours le risque qu'un
3745+ appel syst�me ou une biblioth�que fasse appel � suEXEC avant que
3746+ cette v�rification ne soit exploitable sur votre syst�me. Pour
3747+ tenir compte de ceci, et parce que c'est en g�n�ral la meilleure
3748+ pratique, vous devez utiliser les permissions du syst�me de
3749+ fichiers afin de vous assurer que seul le groupe sous lequel
3750+ s'ex�cute httpd puisse faire appel � suEXEC.</p>
3751+
3752+ <p>Si, par exemple, votre serveur web est configur� pour
3753+ s'ex�cuter en tant que :</p>
3754+
3755+<pre class="prettyprint lang-config">User www
3756+Group webgroup</pre>
3757+
3758+
3759+ <p>et <code class="program"><a href="./programs/suexec.html">suexec</a></code> se trouve �
3760+ "/usr/local/apache2/bin/suexec", vous devez ex�cuter les
3761+ commandes</p>
3762+
3763+<div class="example"><p><code>
3764+ chgrp webgroup /usr/local/apache2/bin/suexec<br />
3765+ chmod 4750 /usr/local/apache2/bin/suexec<br />
3766+</code></p></div>
3767+
3768+ <p>Ceci permet de s'assurer que seul le groupe sous lequel httpd
3769+ s'ex�cute (ici webgroup) puisse faire appel au conteneur
3770+ suEXEC.</p>
3771+
3772+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3773+<div class="section">
3774+<h2><a name="enable" id="enable">Activation et d�sactivation
3775+de suEXEC</a></h2>
3776+
3777+ <p>Au d�marrage, httpd v�rifie la pr�sence du fichier
3778+ <code class="program"><a href="./programs/suexec.html">suexec</a></code> dans le r�pertoire d�fini par
3779+ l'option <code>--sbindir</code> du script configure (le
3780+ r�pertoire par d�faut est "/usr/local/apache/sbin/suexec"). Si
3781+ httpd trouve un conteneur suEXEC correctement configur�, il
3782+ enregistrera le message suivant dans le journal des erreurs :</p>
3783+
3784+<div class="example"><p><code>
3785+ [notice] suEXEC mechanism enabled (wrapper: <var>/path/to/suexec</var>)
3786+</code></p></div>
3787+
3788+ <p>Si ce message n'est pas g�n�r� au d�marrage du serveur, ce
3789+ dernier ne trouve probablement pas le programme conteneur �
3790+ l'endroit o� il est sens� �tre, ou l'ex�cutable suexec n'est pas
3791+ install� en <em>setuid root</em>.</p>
3792+
3793+ <p>Si le serveur HTTP Apache est d�j� en cours d'ex�cution, et si
3794+ vous activez le m�canisme suEXEC pour la premi�re fois, vous
3795+ devez arr�ter et red�marrer httpd. Un red�marrage
3796+ � l'aide d'un simple signal HUP ou USR1 suffira. </p>
3797+ <p>Pour d�sactiver suEXEC, vous devez supprimer le fichier
3798+ <code class="program"><a href="./programs/suexec.html">suexec</a></code>, puis arr�ter et red�marrer
3799+ httpd.</p>
3800+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3801+<div class="section">
3802+<h2><a name="usage" id="usage">Utilisation de suEXEC</a></h2>
3803+
3804+ <p>Les requ�tes pour des programmes CGI ne feront appel au
3805+ conteneur suEXEC que si elles concernent un h�te virtuel
3806+ contenant une directive <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code>, ou si elles sont
3807+ trait�es par <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code>.</p>
3808+
3809+ <p><strong>H�tes virtuels :</strong><br /> Une des m�thodes
3810+ d'utilisation du conteneur suEXEC consiste � ins�rer une
3811+ directive <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> dans une section
3812+ <code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code>. En d�finissant
3813+ des valeurs diff�rentes de celles du serveur principal, toutes les
3814+ requ�tes pour des ressources CGI seront ex�cut�es sous
3815+ les <em>User</em> et <em>Group</em> d�finis pour cette section
3816+ <code class="directive"><a href="./mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code>. Si cette
3817+ directive est absente de la section <code class="directive"><a href="./mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code>, l'utilisateur du
3818+ serveur principal sera pris par d�faut</p>
3819+
3820+ <p><strong>R�pertoires des utilisateurs :</strong><br /> Avec
3821+ cette m�thode, les
3822+ requ�tes trait�es par <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code> appelleront le
3823+ conteneur suEXEC pour ex�cuter le programme CGI sous l'identifiant
3824+ utilisateur du r�pertoire utilisateur concern�. Seuls pr�requis
3825+ pour pouvoir acc�der � cette fonctionnalit� : l'ex�cution des CGI
3826+ doit �tre activ�e pour l'utilisateur concern�, et le script doit
3827+ passer avec succ�s le test des <a href="#model">v�rifications de
3828+ s�curit�</a> d�crit plus haut. Voir aussi l'
3829+ <a href="#install">option de compilation</a>
3830+ <code>--with-suexec-userdir</code>.</p> </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3831+<div class="section">
3832+<h2><a name="debug" id="debug">D�bogage de suEXEC</a></h2>
3833+
3834+ <p>Le conteneur suEXEC va �crire ses informations de journalisation
3835+ dans le fichier d�fini par l'option de compilation
3836+ <code>--with-suexec-logfile</code> comme indiqu� plus haut. Si vous
3837+ pensez avoir configur� et install� correctement le conteneur,
3838+ consultez ce journal, ainsi que le journal des erreurs du serveur
3839+ afin de d�terminer l'endroit o� vous avez fait fausse route.</p>
3840+
3841+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3842+<div class="section">
3843+<h2><a name="jabberwock" id="jabberwock">Avis � la population !
3844+ Avertissements et exemples</a></h2>
3845+
3846+ <p><strong>NOTE !</strong> Cette section est peut-�tre incompl�te.
3847+ Pour en consulter la derni�re r�vision, voir la version de la <a href="http://httpd.apache.org/docs/2.4/suexec.html">Documentation en ligne</a>.</p>
3848+
3849+ <p>Quelques points importants du conteneur peuvent
3850+ imposer des contraintes du point de vue de la configuration du
3851+ serveur. Veuillez en prendre connaissance avant de soumettre un
3852+ rapport de bogue � propos de suEXEC.</p>
3853+
3854+ <ul>
3855+ <li><strong>Points importants de suEXEC</strong></li>
3856+
3857+ <li>
3858+ Limitations concernant la hi�rarchie.
3859+
3860+ <p class="indent">
3861+ Pour des raisons de s�curit� et d'efficacit�, toutes les
3862+ requ�tes suEXEC ne doivent concerner que des ressources
3863+ situ�es dans la racine des documents d�finie pour les
3864+ requ�tes concernant un h�te virtuel, ou des ressources
3865+ situ�es dans la racine des documents d�finies pour les
3866+ requ�tes concernant un r�pertoire utilisateur. Par exemple,
3867+ si vous avez configur� quatre h�tes virtuels, vous devrez
3868+ d�finir la structure des racines de documents de vos h�tes
3869+ virtuels en dehors d'une hi�rarchie de documents principale
3870+ de httpd, afin de tirer parti de suEXEC dans le contexte des
3871+ h�tes virtuels (Exemple � venir).
3872+ </p>
3873+ </li>
3874+
3875+ <li>
3876+ La variable d'environnement PATH de suEXEC
3877+
3878+ <p class="indent">
3879+ Modifier cette variable peut s'av�rer dangereux. Assurez-vous
3880+ que tout chemin que vous ajoutez � cette variable est un
3881+ r�pertoire <strong>de confiance</strong>. Vous n'avez
3882+ probablement pas l'intention d'ouvrir votre serveur de fa�on
3883+ � ce que l'on puisse y ex�cuter un cheval de Troie.
3884+ </p>
3885+ </li>
3886+
3887+ <li>
3888+ Modification de suEXEC
3889+
3890+ <p class="indent">
3891+ Encore une fois, ceci peut vous causer de
3892+ <strong>graves ennuis</strong> si vous vous y essayez sans
3893+ savoir ce que vous faites. Evitez de vous y risquer dans la
3894+ mesure du possible.
3895+ </p>
3896+ </li>
3897+ </ul>
3898+
3899+</div></div>
3900+<div class="bottomlang">
3901+<p><span>Langues Disponibles: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
3902+<a href="./fr/suexec.html" title="Fran�ais">&nbsp;fr&nbsp;</a> |
3903+<a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
3904+<a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
3905+<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="T�rk�e">&nbsp;tr&nbsp;</a></p>
3906+</div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
3907+<script type="text/javascript"><!--//--><![CDATA[//><!--
3908+var comments_shortname = 'httpd';
3909+var comments_identifier = 'http://httpd.apache.org/docs/2.4/suexec.html';
3910+(function(w, d) {
3911+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
3912+ d.write('<div id="comments_thread"><\/div>');
3913+ var s = d.createElement('script');
3914+ s.type = 'text/javascript';
3915+ s.async = true;
3916+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
3917+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
3918+ }
3919+ else {
3920+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
3921+ }
3922+})(window, document);
3923+//--><!]]></script></div><div id="footer">
3924+<p class="apache">Copyright 2017 The Apache Software Foundation.<br />Autoris� sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
3925+<p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossaire</a> | <a href="./sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
3926+if (typeof(prettyPrint) !== 'undefined') {
3927+ prettyPrint();
3928+}
3929+//--><!]]></script>
3930+</body></html>
3931\ No newline at end of file
3932diff --git a/docs/manual/suexec.html.ja.utf8 b/docs/manual/suexec.html.ja.utf8
3933new file mode 100644
3934index 0000000..31fd90d
3935--- /dev/null
3936+++ b/docs/manual/suexec.html.ja.utf8
3937@@ -0,0 +1,643 @@
3938+<?xml version="1.0" encoding="UTF-8"?>
3939+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3940+<html xmlns="http://www.w3.org/1999/xhtml" lang="ja" xml:lang="ja"><head>
3941+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
3942+<!--
3943+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
3944+ This file is generated from xml source: DO NOT EDIT
3945+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
3946+ -->
3947+<title>suEXEC サポート - Apache HTTP サーバ バージョン 2.4</title>
3948+<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
3949+<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
3950+<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" />
3951+<script src="./style/scripts/prettify.min.js" type="text/javascript">
3952+</script>
3953+
3954+<link href="./images/favicon.ico" rel="shortcut icon" /></head>
3955+<body id="manual-page"><div id="page-header">
3956+<p class="menu"><a href="./mod/">モジュール</a> | <a href="./mod/directives.html">ディレクティブ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">用語</a> | <a href="./sitemap.html">サイトマップ</a></p>
3957+<p class="apache">Apache HTTP サーバ バージョン 2.4</p>
3958+<img alt="" src="./images/feather.png" /></div>
3959+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="./images/left.gif" /></a></div>
3960+<div id="path">
3961+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP サーバ</a> &gt; <a href="http://httpd.apache.org/docs/">ドキュメンテーション</a> &gt; <a href="./">バージョン 2.4</a></div><div id="page-content"><div id="preamble"><h1>suEXEC サポート</h1>
3962+<div class="toplang">
3963+<p><span>翻訳済み言語: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
3964+<a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
3965+<a href="./ja/suexec.html" title="Japanese">&nbsp;ja&nbsp;</a> |
3966+<a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
3967+<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a></p>
3968+</div>
3969+<div class="outofdate">この日本語訳はすでに古くなっている
3970+ 可能性があります。
3971+ 最近更新された内容を見るには英語版をご覧下さい。
3972+ </div>
3973+
3974+ <p><strong>suEXEC</strong>
3975+ 機能により、Apache ユーザは Web サーバを実行しているユーザ ID とは
3976+ 異なるユーザ ID で <strong>CGI</strong> プログラムや <strong>SSI</strong>
3977+ プログラムを実行することができます。CGI プログラムまたは SSI
3978+ プログラムを実行する場合、通常は web サーバと同じユーザで実行されます。
3979+ </p>
3980+
3981+ <p>適切に使用すると、この機能によりユーザが個別の CGI
3982+ や SSI プログラムを開発し実行することで生じるセキュリティ上の危険を、
3983+ かなり減らすことができます。しかし、suEXEC の設定が不適切だと、
3984+ 多くの問題が生じ、あなたのコンピュータに新しいセキュリティホールを
3985+ 作ってしまう可能性があります。あなたが <em>setuid root</em>
3986+ されたプログラムと、それらから生じるセキュリティ上の問題の管理に
3987+ 詳しくないようなら、suEXEC の使用を検討しないように強く推奨します。
3988+ </p>
3989+ </div>
3990+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#before">始める前に</a></li>
3991+<li><img alt="" src="./images/down.gif" /> <a href="#model">suEXEC セキュリティモデル</a></li>
3992+<li><img alt="" src="./images/down.gif" /> <a href="#install">suEXEC
3993+ の設定とインストール</a></li>
3994+<li><img alt="" src="./images/down.gif" /> <a href="#enable">suEXEC
3995+ の有効化と無効化</a></li>
3996+<li><img alt="" src="./images/down.gif" /> <a href="#usage">suEXEC の使用</a></li>
3997+<li><img alt="" src="./images/down.gif" /> <a href="#debug">suEXEC のデバッグ</a></li>
3998+<li><img alt="" src="./images/down.gif" /> <a href="#jabberwock">とかげに注意: 警告と事例</a></li>
3999+</ul><h3>参照</h3><ul class="seealso"><li><a href="#comments_section">コメント</a></li></ul></div>
4000+<div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4001+<div class="section">
4002+<h2><a name="before" id="before">始める前に</a></h2>
4003+
4004+ <p>この文書の先頭に飛ぶ前に、Apache
4005+ グループとこの文書での仮定を知っておくべきでしょう。
4006+ </p>
4007+
4008+ <p>第 1 に、あなたが <strong>setuid</strong> と
4009+ <strong>setgid</strong> 操作が可能な UNIX
4010+ 由来のオペレーティングシステムを使っていることを想定しています。
4011+ これは、すべてのコマンド例にあてはまります。
4012+ その他のプラットホームでは、もし suEXEC
4013+ がサポートされていたとしても設定は異なるかもしれません。</p>
4014+
4015+ <p>第 2 に、あなたが使用中のコンピュータの
4016+ セキュリティに関する基本的な概念と、それらの管理について詳しいことを
4017+ 想定しています。これは、<strong>setuid/setgid</strong>
4018+ 操作、あなたのシステム上でのその操作による様々な効果、
4019+ セキュリティレベルについてあなたが理解しているということを含みます。
4020+ </p>
4021+
4022+ <p>第 3 に、<strong>改造されていない</strong> suEXEC
4023+ コードの使用を想定しています。suEXEC のコードは、
4024+ 多くのベータテスタだけでなく、開発者によっても注意深く精査され
4025+ テストされています。それらの注意により、簡潔で信頼できる安全な
4026+ コードの基盤が保証されます。このコードを改変することで、
4027+ 予期されない問題や新しいセキュリティ上の危険が生じることがあります。
4028+ セキュリティプログラミングの詳細に通じていて、
4029+ 今後の検討のために成果を Apache
4030+ グループと共有しようと思うのでなければ、suEXEC
4031+ コードは変えないことを <strong>強く</strong>推奨します。</p>
4032+
4033+ <p>第 4 に、これが最後ですが、suEXEC を Apache
4034+ のデフォルトインストールには<strong>含めない</strong>ことが
4035+ Apache グループで決定されています。これは、suEXEC
4036+ の設定には管理者の詳細にわたる慎重な注意が必要だからです。
4037+ suEXEC の様々な設定について検討が終われば、管理者は suEXEC
4038+ を通常のインストール方法でインストールすることができます。
4039+ これらの設定値は、suEXEC
4040+ 機能の使用中にシステムセキュリティを適切に保つために、
4041+ 管理者によって慎重に決定され指定されることが必要です。
4042+ この詳細な手順により、Apache グループは、suEXEC
4043+ のインストールについて、注意深く十分に検討してそれを使用することを
4044+ 決定した場合に限っていただきたいと考えています。
4045+ </p>
4046+
4047+ <p>それでも進みますか? よろしい。では、先へ進みましょう!</p>
4048+ </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4049+<div class="section">
4050+<h2><a name="model" id="model">suEXEC セキュリティモデル</a></h2>
4051+
4052+ <p>suEXEC の設定とインストールを始める前に、
4053+ まず実装しようとしているセキュリティモデルについて論じておきます。
4054+ それには、suEXEC の内部で行なわれていること、
4055+ システムのセキュリティを保証するために警告されることを
4056+ よく理解しておいた方がよいでしょう。</p>
4057+
4058+ <p><strong>suEXEC</strong> は、Apache web
4059+ サーバから呼び出される setuid された "wrapper"
4060+ プログラムが基本となっています。設計した CGI、または SSI
4061+ プログラムへの HTTP リクエストがあると、この wrapper
4062+ が呼び出されます。このようなリクエストがあると、Apache
4063+ はそのプログラムが実行される際のプログラム名とユーザ ID とグループ
4064+ ID を指定して suEXEC wrapper を実行します。
4065+ </p>
4066+
4067+ <p>それから、wrapper は成功または失敗を決定するため
4068+ 以下の処理を行ないます。これらの状態のうち一つでも失敗した場合、
4069+ プログラムは失敗をログに記録してエラーで終了します。
4070+ そうでなければ、後の処理が続けられます。</p>
4071+
4072+ <ol>
4073+ <li>
4074+ <strong>wrapper
4075+ を実行しているユーザはこのシステムの正当なユーザか?</strong>
4076+
4077+ <p class="indent">
4078+ これは、wrapper を実行しているユーザが
4079+ 本当にシステムの利用者であることを保証するためです。
4080+ </p>
4081+ </li>
4082+
4083+
4084+ <li>
4085+ <strong>wrapper が適切な数の引数で呼び出されたか?</strong>
4086+
4087+
4088+ <p class="indent">
4089+ wrapper は適切な数の引数が与えられた場合にのみ実行されます。
4090+ 適切な引数のフォーマットは Apache Web サーバに解釈されます。
4091+ 適切な数の引数を受け取らなければ、攻撃をされたか
4092+ あなたの Apache バイナリの suEXEC の部分が
4093+ どこかおかしい可能性があります。
4094+ </p>
4095+ </li>
4096+
4097+ <li>
4098+ <strong>この正当なユーザは wrapper
4099+ の実行を許可されているか?</strong>
4100+
4101+ <p class="indent">
4102+ このユーザは wrapper 実行を許可されたユーザですか?
4103+ ただ一人のユーザ (Apache ユーザ) だけが、
4104+ このプログラムの実行を許可されます。
4105+ </p>
4106+ </li>
4107+
4108+ <li>
4109+ <strong>対象の CGI, SSI プログラムが安全でない階層の参照をしているか?
4110+ </strong>
4111+
4112+ <p class="indent">
4113+ 対象の CGI, SSI プログラムが '/' から始まる、または
4114+ '..' による参照を行なっていますか? これらは許可されません。
4115+ 対象のプログラムは suEXEC のドキュメントルート
4116+ (下記の <code>--with-suexec-docroot=<em>DIR</em></code> を参照)
4117+ 内に存在しなければなりません。
4118+ </p>
4119+ </li>
4120+
4121+ <li>
4122+ <strong>対象となるユーザ名は正当なものか?</strong>
4123+
4124+ <p class="indent">
4125+ 対象となるユーザ名は存在していますか?
4126+ </p>
4127+ </li>
4128+
4129+ <li>
4130+ <strong>対象となるグループ名は正当なものか?</strong>
4131+
4132+ <p class="indent">
4133+ 対象となるグループ名は存在していますか?
4134+ </p>
4135+ </li>
4136+
4137+ <li>
4138+ <strong>目的のユーザはスーパーユーザでは<em>ない</em>か?
4139+ </strong>
4140+
4141+ <p class="indent">
4142+ 今のところ、suEXEC は <code><em>root</em></code> による CGI/SSI
4143+ プログラムの実行を許可していません。
4144+ </p>
4145+ </li>
4146+
4147+ <li>
4148+ <strong>対象となるユーザ ID は、最小の ID
4149+ 番号よりも<em>大きい</em>か? </strong>
4150+
4151+ <p class="indent">
4152+ 最小ユーザ ID 番号は設定時に指定されます。これは、
4153+ CGI/SSI プログラム実行を許可されるユーザ ID
4154+ のとりうる最小値です。これは
4155+ "system" 用のアカウントを閉め出すのに有効です。
4156+ </p>
4157+ </li>
4158+
4159+ <li>
4160+ <strong>対象となるグループはスーパーユーザのグループでは
4161+ <em>ない</em>か?</strong>
4162+
4163+ <p class="indent">
4164+ 今のところ、suEXEC は 'root' グループによる CGI/SSI
4165+ プログラムの実行を許可していません。
4166+ </p>
4167+ </li>
4168+
4169+ <li>
4170+ <strong>対象となるグループ ID は最小の ID
4171+ 番号よりも<em>大きい</em>か?</strong>
4172+
4173+ <p class="indent">
4174+ 最小グループ ID 番号は設定時に指定されます。これは、
4175+ CGI/SSI プログラム実行を許可されるグループ
4176+ ID のとりうる最小値です。
4177+ これは "system" 用のグループを閉め出すのに有効です。
4178+ </p>
4179+ </li>
4180+
4181+ <li>
4182+ <strong>wrapper が正常に対象となるユーザとグループになれるか?
4183+ </strong>
4184+
4185+ <p class="indent">
4186+ ここで、setuid と setgid
4187+ の起動によりプログラムは対象となるユーザとグループになります。
4188+ グループアクセスリストは、
4189+ ユーザが属しているすべてのグループで初期化されます。
4190+ </p>
4191+ </li>
4192+
4193+ <li>
4194+ <strong>CGI/SSI プログラムが置かれているディレクトリに移動
4195+ (change directory) できるか?</strong>
4196+
4197+ <p class="indent">
4198+ ディレクトリが存在しないなら、そのファイルも存在しないかもしれません。
4199+ ディレクトリに移動できないのであれば、おそらく存在もしないでしょう。
4200+ </p>
4201+ </li>
4202+
4203+ <li>
4204+ <strong>ディレクトリが Apache のドキュメントツリー内にあるか?
4205+ </strong>
4206+
4207+ <p class="indent">
4208+ リクエストがサーバ内のものであれば、
4209+ 要求されたディレクトリが suEXEC のドキュメントルート配下にありますか?
4210+ リクエストが UserDir のものであれば、要求されたディレクトリが suEXEC
4211+ のユーザのドキュメントルート配下にありますか?
4212+ (<a href="#install">suEXEC 設定オプション</a> 参照)
4213+ </p>
4214+ </li>
4215+
4216+ <li>
4217+ <strong>ディレクトリを他のユーザが書き込めるようになって
4218+ <em>いない</em>か?</strong>
4219+
4220+ <p class="indent">
4221+ ディレクトリを他ユーザに開放しないようにします。
4222+ 所有ユーザだけがこのディレクトリの内容を改変できるようにします。
4223+ </p>
4224+ </li>
4225+
4226+
4227+ <li>
4228+ <strong>対象となる CGI/SSI プログラムは存在するか?</strong>
4229+
4230+ <p class="indent">
4231+ 存在しなければ実行できません。
4232+ </p>
4233+ </li>
4234+
4235+ <li>
4236+ <strong>対象となる CGI/SSI プログラムファイルが他アカウントから
4237+ 書き込めるようになって<em>いない</em>か?</strong>
4238+
4239+ <p class="indent">
4240+ 所有者以外には CGI/SSI プログラムを変更する権限は与えられません。
4241+ </p>
4242+ </li>
4243+
4244+
4245+ <li>
4246+ <strong>対象となる CGI/SSI プログラムが setuid または setgid
4247+ されて<em>いない</em>か?</strong>
4248+
4249+ <p class="indent">
4250+ UID/GID を再度変更してのプログラム実行はしません
4251+ </p>
4252+ </li>
4253+
4254+
4255+ <li>
4256+ <strong>対象となるユーザ/グループがプログラムの
4257+ ユーザ/グループと同じか?</strong>
4258+
4259+ <p class="indent">
4260+ ユーザがそのファイルの所有者ですか?
4261+ </p>
4262+ </li>
4263+
4264+ <li>
4265+ <strong>安全な動作を保証するための環境変数クリアが可能か?
4266+ </strong>
4267+
4268+ <p class="indent">
4269+ suEXEC は、安全な環境変数のリスト
4270+ (これらは設定時に作成されます) 内の変数として渡される安全な
4271+ PATH 変数 (設定時に指定されます) を設定することで、
4272+ プロセスの環境変数をクリアします。
4273+ </p>
4274+ </li>
4275+
4276+
4277+ <li>
4278+ <strong>対象となる CGI/SSI プログラムを exec して実行できるか?</strong>
4279+
4280+
4281+ <p class="indent">
4282+ ここで suEXEC が終了し、対象となるプログラムが開始されます。
4283+ </p>
4284+ </li>
4285+ </ol>
4286+
4287+ <p>ここまでが suEXEC の wrapper
4288+ におけるセキュリティモデルの標準的な動作です。もう少し厳重に
4289+ CGI/SSI 設計についての新しい制限や規定を取り入れることもできますが、
4290+ suEXEC はセキュリティに注意して慎重に少しずつ開発されてきました。
4291+ </p>
4292+
4293+ <p>このセキュリティモデルを用いて
4294+ サーバ設定時にどのように許すことを制限するか、また、suEXEC
4295+ を適切に設定するとどのようなセキュリティ上の危険を避けられるかに
4296+ 関するより詳しい情報については、<a href="#jabberwock">"とかげに注意"
4297+ (Beware the Jabberwock)</a> の章を参照してください。
4298+ </p>
4299+ </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4300+<div class="section">
4301+<h2><a name="install" id="install">suEXEC
4302+ の設定とインストール</a></h2>
4303+
4304+ <p>ここから楽しくなります。</p>
4305+
4306+ <p><strong>suEXEC
4307+ 設定オプション</strong><br />
4308+ </p>
4309+
4310+ <dl>
4311+ <dt><code>--enable-suexec</code></dt>
4312+
4313+ <dd>このオプションは、デフォルトではインストールされず、
4314+ 有効にはならない suEXEC 機能を有効にします。
4315+ suEXEC を使うように APACI に要求するには、<code>--enable-suexec</code>
4316+ オプションにあわせて少なくとも一つは <code>--with-suexec-xxxxx</code>
4317+ オプションが指定されなければなりません。</dd>
4318+
4319+ <dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
4320+
4321+ <dd>セキュリティ上の理由により、<code>suexec</code> バイナリのパスはサーバに
4322+ ハードコードされている必要があります。デフォルトのパスを
4323+ 変えたいときはこのオプションを使ってください。<em>例えば</em>、
4324+ <code>--with-suexec-bin=/usr/sbin/suexec</code> のように。</dd>
4325+
4326+ <dt><code>--with-suexec-caller=<em>UID</em></code></dt>
4327+
4328+ <dd>Apache を通常動作させる<a href="mod/mpm_common.html#user">ユーザ名</a>を指定します。
4329+ このユーザだけが suexec の実行を許可されたユーザになります。</dd>
4330+
4331+ <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
4332+
4333+ <dd>suEXEC がアクセスを許されるユーザホームディレクトリ配下の
4334+ サブディレクトリを指定します。
4335+ このディレクトリ以下の全実行ファイルは、"安全な"プログラムになるよう、
4336+ suEXEC がそのユーザとして実行できるようにします。
4337+ "単純な" UserDir ディレクティブを使っている場合
4338+ (すなわち "*" を含まないもの)、これと同じ値を設定すべきです。
4339+ Userdir ディレクティブがそのユーザのパスワードファイル内の
4340+ ホームディレクトリと同じ場所を指していなければ、
4341+ suEXEC は適切に動作しません。デフォルトは "public_html" です。
4342+ <br />
4343+ 各 UserDir が異なった仮想ホストを設定している場合、
4344+ それらを全て一つの親ディレクトリに含めて、
4345+ その親ディレクトリの名前をここで指定する必要があります。
4346+ <strong>このように指定されなければ "~userdir" cgi
4347+ へのリクエストが動作しません。</strong></dd>
4348+
4349+ <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
4350+
4351+ <dd>Apache のドキュメントルートを設定します。これが suEXEC
4352+ の動作で使用する唯一のディレクトリ階層になります (UserDir
4353+ の指定は別)。デフォルトでは <code>--datedir</code> に "/htdocs"
4354+ というサフィックスをつけたものです。
4355+ "<code>--datadir=/home/apache</code>" として設定すると、
4356+ suEXEC wrapper にとって "/home/apache/htdocs"
4357+ がドキュメントルートとして使われます。</dd>
4358+
4359+ <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
4360+
4361+ <dd>suEXEC の対象ユーザとして許される UID の最小値を指定します。
4362+ 大抵のシステムでは 500 か 100 が一般的です。
4363+ デフォルト値は 100 です。</dd>
4364+
4365+ <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
4366+
4367+ <dd>suEXEC の対象グループとして許される GID
4368+ の最小値を指定します。大抵のシステムでは 100 が一般的なので、
4369+ デフォルト値としても 100 が使われています。</dd>
4370+
4371+ <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
4372+
4373+ <dd>suEXEC の処理とエラーが記録されるファイル名を指定します。
4374+ (監査やデバッグ目的に有用)
4375+ デフォルトではログファイルは "suexec_log" という名前で、
4376+ 標準のログファイルディレクトリ (<code>--logfiledir</code>) に置かれます。
4377+ </dd>
4378+
4379+ <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
4380+
4381+ <dd>CGI 実行ファイルに渡される安全な PATH 環境変数です。
4382+ デフォルト値は "/usr/local/bin:/usr/bin:/bin" です。
4383+ </dd>
4384+ </dl>
4385+
4386+ <p><strong>suEXEC wrapper
4387+ のコンパイルとインストール</strong><br />
4388+ <code>--enable-suexec</code> オプションで suEXEC 機能を有効にすると、
4389+ "make" コマンドを実行した時に <code>suexec</code> のバイナリ (Apache 自体も)
4390+ が自動的に作成されます。
4391+ <br />
4392+ すべての構成要素が作成されると、それらのインストールには
4393+ <code>make install</code> コマンドが実行できます。バイナリイメージの <code>suexec</code>
4394+ は <code>--sbindir</code> オプションで指定されたディレクトリにインストールされます。
4395+ デフォルトの場所は "/usr/local/apache/bin/suexec" です。<br />
4396+ インストール時には <strong><em>root</em></strong>
4397+ 権限が必要なので注意してください。wrapper がユーザ ID
4398+ を設定するために、所有者 <code><em>root</em></code>
4399+ でのセットユーザ ID
4400+ ビットをそのファイルのモードに設定しなければなりません。
4401+ </p>
4402+
4403+ <p><strong>安全なパーミッションを設定する</strong><br />
4404+ suEXEC ラッパーは、<code>--with-suexec-caller</code> <code class="program"><a href="./programs/configure.html">configure</a></code>
4405+ オプションで指定した正しいユーザで起動されていることを確認しますが、
4406+ システム上でこのチェックが行なわれる前に、
4407+ suEXEC が呼ぶシステムやライブラリが脆弱である可能性は残ります。対抗策として、
4408+ 一般に良い習慣ともされいますが、
4409+ ファイルシステムパーミッションを使って
4410+ Apache の実行時のグループのみが suEXEC を実行できるように
4411+ するのが良いでしょう。</p>
4412+
4413+ <p>たとえば、次のようにサーバが設定されていたとします。</p>
4414+
4415+<div class="example"><p><code>
4416+ User www<br />
4417+ Group webgroup<br />
4418+</code></p></div>
4419+
4420+ <p><code class="program"><a href="./programs/suexec.html">suexec</a></code> が "/usr/local/apache2/bin/suexec"
4421+ にインストールされていた場合、次のように設定する必要があります。</p>
4422+
4423+<div class="example"><p><code>
4424+ chgrp webgroup /usr/local/apache2/bin/suexec<br />
4425+ chmod 4750 /usr/local/apache2/bin/suexec<br />
4426+</code></p></div>
4427+
4428+ <p>これで Apache が実行されるグループのみが
4429+ suEXEC ラッパーを実行できるということを
4430+ 確証します。</p>
4431+ </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4432+<div class="section">
4433+<h2><a name="enable" id="enable">suEXEC
4434+ の有効化と無効化</a></h2>
4435+
4436+ <p>起動時に、Apache は <code>--sbindir</code>
4437+ オプションで設定されたディレクトリで
4438+ <code>suexec</code> を探します
4439+ (デフォルトは "/usr/local/apache/sbin/suexec") 。
4440+ 適切に設定された suEXEC がみつかると、
4441+ エラーログに以下のメッセージが出力されます。</p>
4442+
4443+<div class="example"><p><code>
4444+ [notice] suEXEC mechanism enabled (wrapper: <var>/path/to/suexec</var>)
4445+</code></p></div>
4446+
4447+ <p>サーバ起動時にこのメッセージが出ない場合、
4448+ 大抵はサーバが想定した場所で wrapper プログラムが見つからなかったか、
4449+ <em>setuid root</em> としてインストールされていないかです。</p>
4450+
4451+ <p>suEXEC の仕組みを使用するのが初めてで、Apache が既に動作中であれば、
4452+ Apache を kill して、再起動しなければなりません。HUP シグナルや
4453+ USR1 シグナルによる単純な再起動では不十分です。</p>
4454+ <p>suEXEC を無効にする場合は、<code>suexec</code> ファイルを削除してから
4455+ Apache を kill して再起動します。
4456+ </p>
4457+ </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4458+<div class="section">
4459+<h2><a name="usage" id="usage">suEXEC の使用</a></h2>
4460+
4461+ <p>CGI プログラムへのリクエストが suEXEC ラッパーを呼ぶのは、
4462+ <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> ディレクティブを
4463+ 含むバーチャルホストへのリクエストか、<code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code> により
4464+ 処理されたリクエストの場合に限ります。</p>
4465+
4466+ <p><strong>仮想ホスト:</strong><br />
4467+ suEXEC wrapper の使い方として、
4468+ <code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code> 設定での
4469+ <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code>
4470+ ディレクティブを通したものがあります。
4471+ このディレクティブをメインサーバのユーザ ID
4472+ と異なるものにすると、CGI リソースへのすべてのリクエストは、その
4473+ <code class="directive"><a href="./mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code> で指定された <em>User</em> と
4474+ <em>Group</em> として実行されます。<code class="directive"><a href="./mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code>
4475+ でこのディレクティブが指定されていない場合、
4476+ メインサーバのユーザ ID が想定されます。</p>
4477+
4478+ <p><strong>ユーザディレクトリ:</strong><br />
4479+ <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code> により処理されたリクエストは
4480+ リクエストされたユーザディレクトリのユーザ ID で CGI プログラムを
4481+ 実行するために suEXEC ラッパーを呼びます。
4482+ この機能を動作させるために必要なことは、CGI
4483+ をそのユーザで実行できること、そのスクリプトが上記の<a href="#model">セキュリティ検査</a>をパスできることです。
4484+ <a href="#install">コンパイル
4485+ 時のオプション</a> <code>--with-suexec-userdir</code> も参照してください。</p>
4486+ </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4487+<div class="section">
4488+<h2><a name="debug" id="debug">suEXEC のデバッグ</a></h2>
4489+
4490+ <p>suEXEC wrapper は、上記で述べた <code>--with-suexec-logfile</code>
4491+ オプションで指定されたファイルにログ情報を記録します。
4492+ wrapper を適切に設定、インストールできていると思う場合、
4493+ どこで迷っているか見ようとするならこのログとサーバの
4494+ エラーログを見るとよいでしょう。</p>
4495+ </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4496+<div class="section">
4497+<h2><a name="jabberwock" id="jabberwock">とかげに注意: 警告と事例</a></h2>
4498+
4499+ <p><strong>注意!</strong>
4500+ この章は完全ではありません。この章の最新改訂版については、
4501+ Apache グループの<a href="http://httpd.apache.org/docs/2.4/suexec.html">
4502+ オンラインドキュメント</a>版を参照してください。
4503+ </p>
4504+
4505+ <p>サーバの設定に制限をもうける wrapper について、
4506+ いくつか興味深い点があります。suEXEC に関する "バグ"
4507+ を報告する前にこれらを確認してください。</p>
4508+
4509+ <ul>
4510+ <li><strong>suEXEC の興味深い点</strong></li>
4511+
4512+ <li>階層構造の制限
4513+
4514+
4515+ <p class="indent">
4516+ セキュリティと効率の理由から、<code>suEXEC</code> の全てのリクエストは
4517+ 仮想ホストへのリクエストにおける最上位のドキュメントルート内か、
4518+ ユーザディレクトリへのリクエストにおける個々のユーザの最上位の
4519+ ドキュメントルート内に残らなければなりません。
4520+ 例えば、四つの仮想ホストを設定している場合、
4521+ 仮想ホストの suEXEC に有利なように、メインの Apache
4522+ ドキュメント階層の外側に全ての仮想ホストのドキュメントルートを
4523+ 構築する必要があります。(例は後日記載)
4524+ </p>
4525+ </li>
4526+
4527+ <li>suEXEC の PATH 環境変数
4528+
4529+
4530+ <p class="indent">
4531+ これを変更するのは危険です。この指定に含まれる各パスが
4532+ <strong>信頼できる</strong>
4533+ ディレクトリであることを確認してください。
4534+ 世界からのアクセスにより、誰かがホスト上でトロイの木馬
4535+ を実行できるようにはしたくないでしょう。
4536+ </p>
4537+ </li>
4538+
4539+ <li>suEXEC コードの改造
4540+
4541+
4542+ <p class="indent">
4543+ 繰り返しますが、何をやろうとしているか把握せずにこれをやると
4544+ <strong>大きな問題</strong>を引き起こしかねません。
4545+ 可能な限り避けてください。
4546+ </p>
4547+ </li>
4548+ </ul>
4549+</div></div>
4550+<div class="bottomlang">
4551+<p><span>翻訳済み言語: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
4552+<a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
4553+<a href="./ja/suexec.html" title="Japanese">&nbsp;ja&nbsp;</a> |
4554+<a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
4555+<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a></p>
4556+</div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">コメント</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
4557+<script type="text/javascript"><!--//--><![CDATA[//><!--
4558+var comments_shortname = 'httpd';
4559+var comments_identifier = 'http://httpd.apache.org/docs/2.4/suexec.html';
4560+(function(w, d) {
4561+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
4562+ d.write('<div id="comments_thread"><\/div>');
4563+ var s = d.createElement('script');
4564+ s.type = 'text/javascript';
4565+ s.async = true;
4566+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
4567+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
4568+ }
4569+ else {
4570+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
4571+ }
4572+})(window, document);
4573+//--><!]]></script></div><div id="footer">
4574+<p class="apache">Copyright 2017 The Apache Software Foundation.<br />この文書は <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> のライセンスで提供されています。.</p>
4575+<p class="menu"><a href="./mod/">モジュール</a> | <a href="./mod/directives.html">ディレクティブ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">用語</a> | <a href="./sitemap.html">サイトマップ</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
4576+if (typeof(prettyPrint) !== 'undefined') {
4577+ prettyPrint();
4578+}
4579+//--><!]]></script>
4580+</body></html>
4581\ No newline at end of file
4582diff --git a/docs/manual/suexec.html.ko.euc-kr b/docs/manual/suexec.html.ko.euc-kr
4583new file mode 100644
4584index 0000000..0e8df7a
4585--- /dev/null
4586+++ b/docs/manual/suexec.html.ko.euc-kr
4587@@ -0,0 +1,564 @@
4588+<?xml version="1.0" encoding="EUC-KR"?>
4589+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
4590+<html xmlns="http://www.w3.org/1999/xhtml" lang="ko" xml:lang="ko"><head>
4591+<meta content="text/html; charset=EUC-KR" http-equiv="Content-Type" />
4592+<!--
4593+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
4594+ This file is generated from xml source: DO NOT EDIT
4595+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
4596+ -->
4597+<title>suEXEC ���� - Apache HTTP Server Version 2.4</title>
4598+<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
4599+<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
4600+<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" />
4601+<script src="./style/scripts/prettify.min.js" type="text/javascript">
4602+</script>
4603+
4604+<link href="./images/favicon.ico" rel="shortcut icon" /></head>
4605+<body id="manual-page"><div id="page-header">
4606+<p class="menu"><a href="./mod/">���</a> | <a href="./mod/directives.html">���þ��</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">���</a> | <a href="./sitemap.html">����Ʈ��</a></p>
4607+<p class="apache">Apache HTTP Server Version 2.4</p>
4608+<img alt="" src="./images/feather.png" /></div>
4609+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="./images/left.gif" /></a></div>
4610+<div id="path">
4611+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="./">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>suEXEC ����</h1>
4612+<div class="toplang">
4613+<p><span>������ ���: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
4614+<a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Fran&#231;ais">&nbsp;fr&nbsp;</a> |
4615+<a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
4616+<a href="./ko/suexec.html" title="Korean">&nbsp;ko&nbsp;</a> |
4617+<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="T&#252;rk&#231;e">&nbsp;tr&nbsp;</a></p>
4618+</div>
4619+<div class="outofdate">�� ������ �ֽ��� ������ �ƴմϴ�.
4620+ �ֱٿ� ����� ������ ���� ������ �����ϼ���.</div>
4621+
4622+ <p><strong>suEXEC</strong> ����� ����ġ�� <strong>CGI</strong>��
4623+ <strong>SSI</strong> ���α׷��� �������� ������ ����� ID��
4624+ �ƴ� �ٸ� ����� ID�� �����ϵ��� �Ѵ�. ���� CGI�� SSI ���α׷���
4625+ �����ϸ� �������� ������ ����ڿ� ���� ����ڷ� �����Ѵ�.</p>
4626+
4627+ <p>�� ����� ������ ����ϸ� ����ڰ� ���� CGI�� SSI ���α׷���
4628+ �����ϰ� �����Ҷ� �߻��� �� �ִ� ���������� ����� ����
4629+ �� �ִ�. �׷��� suEXEC�� �������ϰ� �����Ǹ� ���� ������
4630+ ��ǻ�Ϳ� ���ο� ���� ������ ���� �� �ִ�. ���� <em>setuid root</em>
4631+ ���α׷��� �̷� ���α׷��� ���� ������ �����ϴٸ� suEXEC��
4632+ ��������ʱ� �������� �ٶ���.</p>
4633+ </div>
4634+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#before">�����ϱ� ����</a></li>
4635+<li><img alt="" src="./images/down.gif" /> <a href="#model">suEXEC ���ȸ�</a></li>
4636+<li><img alt="" src="./images/down.gif" /> <a href="#install">suEXEC ������ ��ġ</a></li>
4637+<li><img alt="" src="./images/down.gif" /> <a href="#enable">suEXEC �� ���</a></li>
4638+<li><img alt="" src="./images/down.gif" /> <a href="#usage">suEXEC ����ϱ�</a></li>
4639+<li><img alt="" src="./images/down.gif" /> <a href="#debug">suEXEC ������ϱ�</a></li>
4640+<li><img alt="" src="./images/down.gif" /> <a href="#jabberwock">�ٽ� �ѹ� �����϶�: ���� ����</a></li>
4641+</ul><h3>����</h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
4642+<div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4643+<div class="section">
4644+<h2><a name="before" id="before">�����ϱ� ����</a></h2>
4645+
4646+ <p>�����ϱ� ���� �켱 ����ġ�׷�� �� ������ ������ ������.</p>
4647+
4648+ <p>���� <strong>setuid</strong>�� <strong>setgid</strong>
4649+ ����� ������ ���н��� �ü���� ����Ѵٰ� �����Ѵ�. ���
4650+ ��ɾ� ���鵵 ���� ������ �Ѵ�. suEXEC�� �����ϴ� �ٸ� �÷�����
4651+ ����ϴٸ� ������ �ٸ� �� �ִ�.</p>
4652+
4653+ <p>�ι�°, ����� ��ǻ�� ������ �⺻ ����� ������ �ͼ��ϴٰ�
4654+ �����Ѵ�. ���⿡�� <strong>setuid/setgid</strong> ��ɰ�
4655+ �̵��� �ý��۰� ���ȿ� ��ġ�� ���� ���⿡ ���� ���ذ� ���Եȴ�.</p>
4656+
4657+ <p>����°, suEXEC �ڵ��� <strong>������������</strong>
4658+ ������ ����Ѵٰ� �����Ѵ�. �����ڿ� ���� ��Ÿ�׽��͵���
4659+ suEXEC�� ���õ� ��� �ڵ带 ���ɽ����� �����ϰ� �˻��ߴ�.
4660+ �ڵ带 �����ϰ� �ϰ� Ȯ���� ������ �����ϱ����� ��� ���Ǹ�
4661+ ��￴��. �� �ڵ带 �����ϸ� ����ġ���� ������ ���ο� ����
4662+ ������ �߻��� �� �ִ�. ���� ���α׷��ֿ� ���� �ſ� �� �˰�
4663+ �ڵ带 ���캸������ ����ġ�׷�� �۾��� ������ �ǻ簡 ���ٸ�
4664+ suEXEC �ڵ带 ���������ʱ� <strong>������</strong> ���Ѵ�.</p>
4665+
4666+ <p>�׹�°���� ����������, ����ġ�׷��� suEXEC�� ����ġ
4667+ �⺻��ġ�� �������� <strong>�ʱ��</strong> �����ߴ�. �ᱹ
4668+ �����ڰ� ���Ǹ� ��←�� suEXEC�� �����ؾ� �Ѵ�. suEXEC��
4669+ ���� ������ �� ������� �����ڴ� �Ϲ����� ��ġ����� suEXEC��
4670+ ��ġ�� �� �ִ�. suEXEC ����� ����ϴ� �ý����� ������ å������
4671+ �����ڴ� �� ���������� �����ְ� ���캸�� �����ؾ� �Ѵ�.
4672+ �̷� ���� ������ suEXEC�� ����Ҹ�ŭ �����ְ� ��ȣ��
4673+ ������� suEXEC�� ����ϵ��� ����ġ�׷��� ���ϱ� �����̴�.</p>
4674+
4675+ <p>������ ����ϱ� ���ϴ°�? �׷���? ����. ���� ��������!</p>
4676+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4677+<div class="section">
4678+<h2><a name="model" id="model">suEXEC ���ȸ�</a></h2>
4679+
4680+ <p>suEXEC�� �����ϰ� ��ġ�ϱ� ���� �츮�� ���ȸ��� ����
4681+ �����Ѵ�. �̸� ���� ��Ȯ�� suEXEC �ȿ����� ���� ���� �Ͼ��
4682+ �ý����� ������ ���� ������ �����ؾ� ���� �� �� ������ ��
4683+ �ִ�.</p>
4684+
4685+ <p><strong>suEXEC</strong>�� ����ġ �������� �θ��� setuid
4686+ "wrapper" ���α׷��� ������� �Ѵ�. �� wrapper�� �����ڰ�
4687+ �ּ����� �ٸ� userid�� �����ϵ��� ������ CGI�� SSI ���α׷���
4688+ HTTP ��û�� ���� �Ҹ���. �̷� ��û�� ���� ����ġ�� suEXEC
4689+ wrapper���� ���α׷���� ���α׷��� ������ ����ڿ� �׷�
4690+ ID�� �����Ѵ�.</p>
4691+
4692+ <p>�׷��� wrapper�� ���� ������ ���� ������ ���и� �����Ѵ�.
4693+ �� ������ �ϳ��� �����ϸ� ���α׷��� ���з� ��ϵǰ� ������
4694+ ���� �����Ѵ�. �������� ������ ������ ����Ѵ�:</p>
4695+
4696+ <ol>
4697+ <li>
4698+ <strong>wrapper�� �����ϴ� ����ڰ� �ý����� ��������
4699+ �������</strong>
4700+
4701+ <p class="indent">
4702+ wrapper�� �����ϴ� ����ڰ� ������ �ý����� ���������
4703+ Ȯ���Ѵ�.
4704+ </p>
4705+ </li>
4706+
4707+ <li>
4708+ <strong>������ ���� �ƱԸ�Ʈ�� wrapper�� �����ϴ°�?</strong>
4709+
4710+ <p class="indent">
4711+ wrapper�� ������ ���� �ƱԸ�Ʈ�� �־�߸� ����ȴ�.
4712+ ����ġ �������� �� ������ �ȴ�. wrapper�� ������ ����
4713+ �ƱԸ�Ʈ�� �������ϸ� ��ŷ�Ǿ��ų� ����ġ�� suEXEC��
4714+ ���� ������ �ִ� ���̴�.
4715+ </p>
4716+ </li>
4717+
4718+ <li>
4719+ <strong>�� ����ڰ� wrapper�� �����ϵ��� ���Ǿ���?</strong>
4720+
4721+ <p class="indent">
4722+ �� ����ڰ� wrapper�� �����ϵ��� ���Ǿ���? ����
4723+ �� �����(����ġ �����)���� �� ���α׷��� ������
4724+ �� �ִ�.
4725+ </p>
4726+ </li>
4727+
4728+ <li>
4729+ <strong>������ CGI�� SSI ���α׷��� ������������ ����������
4730+ �����°�?</strong>
4731+
4732+ <p class="indent">
4733+ ������ CGI�� SSI ���α׷��� '/'�� �����ϰų� ������
4734+ '..'�� �����°�? �̵��� ����� �� ����. ������ CGI/SSI
4735+ ���α׷��� suEXEC ���� root (�Ʒ�
4736+ <code>--with-suexec-docroot=<em>DIR</em></code> ����)
4737+ ���� �־�� �Ѵ�.
4738+ </p>
4739+ </li>
4740+
4741+ <li>
4742+ <strong>������ ����ڸ��� ��ȿ�Ѱ�?</strong>
4743+
4744+ <p class="indent">
4745+ ������ ����ڰ� �����ϴ°�?
4746+ </p>
4747+ </li>
4748+
4749+ <li>
4750+ <strong>������ �׷���� ��ȿ�Ѱ�?</strong>
4751+
4752+ <p class="indent">
4753+ ������ �׷��� �����ϴ°�?
4754+ </p>
4755+ </li>
4756+
4757+ <li>
4758+ <strong>������ ����ڰ� superuser�� <em>�ƴѰ�</em>?</strong>
4759+
4760+
4761+ <p class="indent">
4762+ ���� suEXEC�� <code><em>root</em></code>�� CGI/SSI
4763+ ���α׷��� ������ �� ������ �Ѵ�.
4764+ </p>
4765+ </li>
4766+
4767+ <li>
4768+ <strong>������ userid�� �ּ� ID ���ں��� <em>ū��</em>?</strong>
4769+
4770+ <p class="indent">
4771+ �������� �ּ� ����� ID ���ڸ� �����Ѵ�. �׷��� CGI/SSI
4772+ ���α׷��� ������ �� �ִ� userid�� �ּ�ġ�� ������
4773+ �� �ִ�. "�ý��ۿ�" ������ �����Ҷ� �����ϴ�.
4774+ </p>
4775+ </li>
4776+
4777+ <li>
4778+ <strong>������ �׷��� superuser �׷��� <em>�ƴѰ�</em>?</strong>
4779+
4780+ <p class="indent">
4781+ ���� suEXEC�� <code><em>root</em></code> �׷��� CGI/SSI
4782+ ���α׷��� ������ �� ������ �Ѵ�.
4783+ </p>
4784+ </li>
4785+
4786+ <li>
4787+ <strong>������ groupid�� �ּ� ID ���ں��� <em>ū��</em>?</strong>
4788+
4789+ <p class="indent">
4790+ �������� �ּ� �׷� ID ���ڸ� �����Ѵ�. �׷��� CGI/SSI
4791+ ���α׷��� ������ �� �ִ� groupid�� �ּ�ġ�� ������
4792+ �� �ִ�. "�ý��ۿ�" �׷��� �����Ҷ� �����ϴ�.
4793+ </p>
4794+ </li>
4795+
4796+ <li>
4797+ <strong>wrapper�� ���������� ������ ����ڿ� �׷���
4798+ �� �� �ִ°�?</strong>
4799+
4800+ <p class="indent">
4801+ �� �ܰ迡�� ���α׷��� setuid�� setgid ȣ���� �Ͽ�
4802+ ������ ����ڿ� �׷��� �ȴ�. ��, �׷� ���ٸ����
4803+ ����ڰ� �ش�� ��� �׷����� �ʱ�ȭ�ȴ�.
4804+ </p>
4805+ </li>
4806+
4807+ <li>
4808+ <strong>CGI/SSI ���α׷��� �ִ� ���丮�� ���丮��
4809+ ������ �� �ִ°�?</strong>
4810+
4811+ <p class="indent">
4812+ ���丮�� �������� �ʴٸ� ������ ���� �� ����. �̰�����
4813+ ���丮�� ������ �� ���ٸ� ���丮�� �������� ����
4814+ ���̴�.
4815+ </p>
4816+ </li>
4817+
4818+ <li>
4819+ <strong>���丮�� ����ġ ������ �ȿ� �ִ°�?</strong>
4820+
4821+ <p class="indent">
4822+ ������ �Ϲ����� �κ��� ��û�� ��� ��û�ϴ� ���丮��
4823+ suEXEC ���� root �Ʒ� �ִ°�? UserDir�� ��û�� ���
4824+ ��û�ϴ� ���丮�� suEXEC userdir�� ������ (<a href="#install">suEXEC ���� �ɼ�</a> ����) ���丮
4825+ �Ʒ��� �ִ°�?
4826+ </p>
4827+ </li>
4828+
4829+ <li>
4830+ <strong>�ٸ� ������ ���丮�� ��������� <em>���°�</em>?</strong>
4831+
4832+ <p class="indent">
4833+ ���丮�� �ٸ� ������� ����α� �������ʴ´�. ����
4834+ �����ڸ��� ���丮 ������ ������ �� �ִ�.
4835+ </p>
4836+ </li>
4837+
4838+ <li>
4839+ <strong>������ CGI/SSI ���α׷��� �����ϴ°�?</strong>
4840+
4841+ <p class="indent">
4842+ ���������ʴٸ� ������ ���� ����.
4843+ </p>
4844+ </li>
4845+
4846+ <li>
4847+ <strong>�ٸ� ������ ������ CGI/SSI ���α׷��� ���������
4848+ <em>���°�</em>?</strong>
4849+
4850+ <p class="indent">
4851+ �����ڿ� ������ CGI/SSI ���α׷��� �����ϱ� �������ʴ´�.
4852+ </p>
4853+ </li>
4854+
4855+ <li>
4856+ <strong>������ CGI/SSI ���α׷��� setuid�� setgid��
4857+ <em>�ƴѰ�</em>?</strong>
4858+
4859+ <p class="indent">
4860+ �츮�� ���α׷��� �ٽ� UID/GID�� �����ϱ� �������ʴ´�.
4861+ </p>
4862+ </li>
4863+
4864+ <li>
4865+ <strong>������ �����/�׷��� ���α׷��� �����/�׷�� ������?</strong>
4866+
4867+ <p class="indent">
4868+ ����ڰ� ������ �������ΰ�?
4869+ </p>
4870+ </li>
4871+
4872+ <li>
4873+ <strong>������ ������ ���� ���μ����� ȯ�溯���� û����
4874+ �� �ִ°�?</strong>
4875+
4876+ <p class="indent">
4877+ suEXEC�� (�������� ������) ������ ���� PATH�� ���,
4878+ (�̰͵� �������� ����) ������ ȯ�溯�� ��Ͽ� ���ŵ�
4879+ ������ ����� ���μ����� ȯ�溯���� �����.
4880+ </p>
4881+ </li>
4882+
4883+ <li>
4884+ <strong>���������� ������ CGI/SSI ���α׷��� ������
4885+ �� �ִ°�?</strong>
4886+
4887+ <p class="indent">
4888+ ���⼭ suEXEC�� ������ ������ CGI/SSI ���α׷��� �����Ѵ�.
4889+ </p>
4890+ </li>
4891+ </ol>
4892+
4893+ <p>�̰��� suEXEC wrapper ���ȸ��� ǥ�� �����̴�. �ټ�
4894+ �����ϰ� CGI/SSI ���迡 ���ο� ������ ������, ������ ���ο�
4895+ �ΰ� �Ѵܰ辿 ���ɽ����� ���������.</p>
4896+
4897+ <p>�� ���� ���� ���� ������ � ������ �ִ����� ������
4898+ suEXEC �������� � ���� ������ ���� �� �ִ����� ���� ��
4899+ ������ <a href="#jabberwock">"�ٽ� �ѹ� �����϶�"</a> ����
4900+ �����϶�.</p>
4901+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4902+<div class="section">
4903+<h2><a name="install" id="install">suEXEC ������ ��ġ</a></h2>
4904+
4905+ <p>���� ����ִ� ������ �����Ѵ�.</p>
4906+
4907+ <p><strong>suEXEC ���� �ɼ�</strong><br />
4908+ </p>
4909+
4910+ <dl>
4911+ <dt><code>--enable-suexec</code></dt>
4912+
4913+ <dd>�� �ɼ��� �⺻������ ��ġ�ǰų� Ȱ��ȭ�����ʴ� suEXEC
4914+ ����� Ȱ��ȭ�Ѵ�. APACI�� suEXEC�� �޾Ƶ��̷���
4915+ <code>--enable-suexec</code> �ɼǿܿ�
4916+ <code>--with-suexec-xxxxx</code> �ɼ��� �ּ��� �Ѱ�
4917+ �ʿ��ϴ�.</dd>
4918+
4919+ <dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
4920+
4921+ <dd><code>suexec</code> ���̳ʸ� ��δ� ���Ȼ� ������
4922+ ������ ��ϵǾ� �Ѵ�. ��� �⺻���� �����Ϸ��� �� �ɼ���
4923+ ����Ѵ�. <em>���� ���</em>
4924+ <code>--with-suexec-bin=/usr/sbin/suexec</code></dd>
4925+
4926+ <dt><code>--with-suexec-caller=<em>UID</em></code></dt>
4927+
4928+ <dd>���� ����ġ�� �����ϴ� <a href="mod/mpm_common.html#user">����ڸ�</a>. ���α׷���
4929+ ������ �� �ִ� ������ ����ڴ�.</dd>
4930+
4931+ <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
4932+
4933+ <dd>suEXEC ������ ���Ǵ� ����� Ȩ���丮�� �������丮��
4934+ �����Ѵ�. �� ���丮�� �ִ� ��� ���������� �������
4935+ suEXEC�� ����Ƿ�, ��� ���α׷��� "�����ؾ�" �Ѵ�. (����
4936+ ���, ���� "*"�� ����) "������" UserDir ���þ ����Ѵٸ�
4937+ ���� ���� �����ؾ� �Ѵ�. UserDir ���þ passwd ���Ͽ�
4938+ ���� ����� Ȩ���丮�� �ٸ��� suEXEC�� ����������
4939+ �۵����� �ʴ´�. �⺻���� "public_html"�̴�.<br />
4940+ ����ȣ��Ʈ���� ���� �ٸ� UserDir�� ����Ѵٸ� ��� ��
4941+ �θ� ���丮 �ȿ� �ֵ��� �����ؾ� �ϰ�, �� �θ� ���丮����
4942+ ���� ���´�. <strong>�̷��� �������� ������, "~userdir"
4943+ cgi ��û�� �۵����� �ʴ´�!</strong></dd>
4944+
4945+ <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
4946+
4947+ <dd>����ġ�� DocumentRoot�� �����Ѵ�. �̴� suEXEC�� �����
4948+ �� �ִ� (UserDirs�� ������) ������ �����̴�. �⺻ ���丮��
4949+ <code>--datadir</code> ���� "/htdocs"�� ���� ���̴�.
4950+ <em>���� ���</em> "<code>--datadir=/home/apache</code>"��
4951+ �����ߴٸ� suEXEC wrapper�� document root��
4952+ "/home/apache/htdocs" ���丮�� ����Ѵ�.</dd>
4953+
4954+ <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
4955+
4956+ <dd>suEXEC���� ���������� ������� �ּ� UID�� �����Ѵ�.
4957+ ��κ��� �ý��ۿ��� 500�̳� 100�� �����ϴ�. �⺻����
4958+ 100�̴�.</dd>
4959+
4960+ <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
4961+
4962+ <dd>suEXEC���� ���������� �׷��� �ּ� GID�� �����Ѵ�.
4963+ ��κ��� �ý��ۿ��� 100�� �����ϹǷ� �� ���� �⺻���̴�.</dd>
4964+
4965+ <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
4966+
4967+ <dd>��� suEXEC �۵��� ������ (���ó� ����� ������ ������)
4968+ ����� �α����ϸ��� �����Ѵ�. �⺻������ �α������� �̸���
4969+ "suexec_log"�̰� ǥ�� �α����� ���丮��
4970+ (<code>--logfiledir</code>) ��ġ�Ѵ�.</dd>
4971+
4972+ <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
4973+
4974+ <dd>CGI �������Ͽ� �Ѱ��� ������ PATH ȯ�溯���� �����Ѵ�.
4975+ �⺻���� "/usr/local/bin:/usr/bin:/bin"�̴�.</dd>
4976+ </dl>
4977+
4978+ <p><strong>suEXEC wrapper�� �������ϰ� ��ġ�ϱ�</strong><br />
4979+ <code>--enable-suexec</code> �ɼ����� suEXEC ����� �����ϰ���
4980+ ��� <code>make</code> ��ɾ �����ϸ� <code>suexec</code>
4981+ ���������� (����ġ�� �Բ�) �ڵ����� ���������.<br />
4982+ ������ �������� �� <code>make install</code> ��ɾ
4983+ �����Ͽ� ��ġ�� �� �ִ�. ���̳ʸ����� <code>suexec</code>��
4984+ <code>--sbindir</code> �ɼ����� ������ ���丮�� ��ġ�ȴ�.
4985+ �⺻ ��ġ�� "/usr/local/apache2/sbin/suexec"�̴�.<br />
4986+ ��ġ ������ <strong><em>root ����</em></strong>�� �ʿ�����
4987+ �����϶�. wrapper�� ����� ID�� �����ϱ����ؼ��� �����ڰ�
4988+ <code><em>root</em></code>�̰� ���ϸ��� setuserid �����Ʈ��
4989+ �����Ǿ� �Ѵ�.</p>
4990+
4991+ <p><strong>���������� ���Ѽ���</strong><br />
4992+ suEXEC wrapper�� �ڽ��� ������ ����ڰ� ���� �ɼ�
4993+ <code>--with-suexec-caller</code>�� ������ �ùٸ� ���������
4994+ Ȯ���� ������, �� �˻� ������ suEXEC�� ����ϴ� �ý���ȣ��
4995+ Ȥ�� ���̺귯�� �Լ��� ���۵Ǿ��� �� �ִ�. �̸� ����ϸ�
4996+ �Ϲ������� ���� �����̹Ƿ� ���� ����ġ�� �����ϴ� �׷츸��
4997+ suEXEC�� ������ �� �ֵ��� ���Ͻý��� ������ �����ؾ� �Ѵ�.</p>
4998+
4999+ <p>���� ���, �������� ������ ���� �����ϰ�:</p>
5000+
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches