htdigest: Fix buffer overflow when reading digest

     is enabled, could allow local users to gain privileges via a .htaccess

     file. [Stefan Fritsch, Greg Ames]

  *) htdigest: Fix buffer overflow when reading digest password file

     with very long lines. PR 54893. [Rainer Jung]

  *) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the

     OpenSSL 0.9.7 flag which uses the server's cipher order rather

     than the client's.  PR 28665.

PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]

  * htdigest: Fix buffer overflow when reading digest

    password file with very long lines. PR 54893.

    trunk patch: https://svn.apache.org/r1475878

    2.4.x patch: https://svn.apache.org/11476089

    2.2.x patch: https://svn.apache.org/r1476242

    2.0.x patch: http://people.apache.org/~rjung/patches/htdigest-buffer_overflow_2_0.patch

    +1: rjung, minfrin, wrowe

    -1: 

PATCHES PROPOSED TO BACKPORT FROM TRUNK:

  [ please place SVN revisions from trunk here, so it is easy to

    char ch;

    apr_status_t rv = APR_EINVAL;

    while (i < (n - 1) && 

    /* we need 2 remaining bytes in buffer */

    while (i < (n - 2) &&

           ((rv = apr_file_getc(&ch, f)) == APR_SUCCESS) && (ch != '\n')) {

        s[i++] = ch;

    }

    /* First remaining byte potentially used here */

    if (ch == '\n')

        s[i++] = ch;

    /* Second remaining byte used here */

    s[i] = '\0';

    if (rv != APR_SUCCESS)