git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1230283 13f79535-47bb-0310-9956-ffa450edef68

SECURITY (CVE-2012-0031): Fix possible crash on shutdown if a child
changes the sb_type field in the scoreboard.  Since unprivileged
children should not be able to affect the parent in this way, this is
treated as a Low severity security issue.

Thanks to "halfdog" <me halfdog.net> for reporting this issue.

* server/scoreboard.c (ap_cleanup_scoreboard, ap_create_scoreboard):
  Use a static global to store an authoritative copy of the scoreboard
  type.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1230069 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1225481 13f79535-47bb-0310-9956-ffa450edef68

Fix segfault when trying to log a nameless valueless cookie

PR: 52256
Submitted by: Rainer Canavan <rainer-apache 7val com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1225385 13f79535-47bb-0310-9956-ffa450edef68

SSLProtocol: allow explicit control of TLSv1.1 and TLSv1.2 flavors when
compiled against OpenSSL 1.0.1 or later. Update documentation.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1222922 13f79535-47bb-0310-9956-ffa450edef68

Set OPENSSL_NO_SSL_INTERN when compiling against OpenSSL 1.0.1
or later, so that mod_ssl retains binary compatibility with future
versions when internal structures are changed. Use API functions
where available, and fall back to direct access for OpenSSL up
to 1.0.0, where needed.

Remove SSL_make_ciphersuite() from ssl_util_ssl.[ch], as it was
never used by any released version of mod_ssl.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1222920 13f79535-47bb-0310-9956-ffa450edef68

mod_mime: Don't arbitrarily bypass AddOutputFilter during a ProxyPass,
but then allow AddOutputFilter during a RewriteRule [P]. Make mod_mime
behave identically in both cases. PR52342.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1222643 13f79535-47bb-0310-9956-ffa450edef68

Move ab, logresolve, httxt2dbm and apxs to bin from sbin, along with
corresponding man pages.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1221299 13f79535-47bb-0310-9956-ffa450edef68

Distinguish properly between the bindir and sbindir directories when
installing binaries. Previously all binaries were silently installed to
sbindir, whether they were system administration commands or not.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1220867 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1214793 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1214787 13f79535-47bb-0310-9956-ffa450edef68

Streamline TLS session ticket key handling (added in r1200040):
- drop the SSLTicketKeyDefault directive, and only support a single
  ticket key per server/vhost
- rename the SSLTicketKeyFile directive to SSLSessionTicketKeyFile,
  remove the keyname parameter
- move ticket key parameters from SSLSrvConfigRec to modssl_ctx_t
- configure the tlsext_ticket_key_cb only when in server mode
- add documentation for SSLSessionTicketKeyFile


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1213395 13f79535-47bb-0310-9956-ffa450edef68

Limit length of lines in .htaccess to 8K again, to reduce DoS potential.
Make ap_varbuf_cfg_getline() strictly enforce the max_len parameter.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1213344 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1210288 13f79535-47bb-0310-9956-ffa450edef68

Fix segfault with Solaris LDAP SDK when enabling ldaps.

Enable SSL by passing secure=1 to apr_ldap_init instead of calling
apr_ldap_set_option(... APR_LDAP_OPT_TLS ...).

This change carefully avoids any change of behavior on non-Solaris LDAP SDKs.

PR: 42682


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1209604 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1209070 13f79535-47bb-0310-9956-ffa450edef68

mod_rewrite: Add the AllowNoSlash RewriteOption, which makes it possible
for RewriteRules to be placed in .htaccess files that match the directory
with no trailing slash. PR 48304.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1209057 13f79535-47bb-0310-9956-ffa450edef68

mod_session_crypto: Add a SessionCryptoPassphraseFile directive so that the
administrator can hide the keys from the configuration.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1208518 13f79535-47bb-0310-9956-ffa450edef68

as per the following thread:
http://www.gossamer-threads.com/lists/apache/dev/395830?do=post_view_threaded#395830


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1208384 13f79535-47bb-0310-9956-ffa450edef68

Introduce a per request version of the remote IP address, which can be
optionally modified by a module when the effective IP of the client
is not the same as the real IP of the client (such as a load balancer).
Introduce a per connection "peer_ip" and a per request "client_ip" to
distinguish between the raw IP address of the connection and the effective
IP address of the request.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1208378 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1205850 13f79535-47bb-0310-9956-ffa450edef68

Pass ap_errorlog_info to error_log hook


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1205573 13f79535-47bb-0310-9956-ffa450edef68

mod_cache_disk: Make sure we check return codes on all writes and attempts
to close, and clean up after ourselves in these cases. PR43589.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204602 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204357 13f79535-47bb-0310-9956-ffa450edef68

PR51471: IndexIgnore doesn't work in DirectoryMatch.




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204342 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204320 13f79535-47bb-0310-9956-ffa450edef68

PR39923: Allow AddDescription to work with absolute filesystem paths,
by not adding "*/" to their prefix (intended for relative paths)




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204309 13f79535-47bb-0310-9956-ffa450edef68

mod_cache_disk: Remove the unnecessary intermediate brigade while
writing to disk. Fixes a problem where mod_disk_cache was leaving 
buckets in the intermediate brigade and not passing them to out on 
exit.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204102 13f79535-47bb-0310-9956-ffa450edef68

Change the SSLCipherSuite default to a shorter, whitelist
oriented definition, and add an example for a speed-optimized
configuration (commented out by default).

In the SSL How-To, streamline the SSLCipherSuite examples where
applicable (explicitly banning EXP and NULL is not needed when
only HIGH is specified).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1203753 13f79535-47bb-0310-9956-ffa450edef68

drop SSLv2 support (set SSL_OP_NO_SSLv2 for any new SSL_CTX)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1203495 13f79535-47bb-0310-9956-ffa450edef68

add per-dir config merging to mod_lua so LuaHook* in multiple per-dir sections
behaves as expected instead of discarding previous sections.


Reviewed by: covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201445 13f79535-47bb-0310-9956-ffa450edef68

Server directive display (-L): Include directives of DSOs.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201358 13f79535-47bb-0310-9956-ffa450edef68

mod_cache: Make sure we merge headers correctly when we handle a
non cacheable conditional response. PR52120.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201332 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201216 13f79535-47bb-0310-9956-ffa450edef68

Part 3: Remote MPM simple.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201214 13f79535-47bb-0310-9956-ffa450edef68

Part 2: Remove mod_serf.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201210 13f79535-47bb-0310-9956-ffa450edef68

Part 1: mod_noloris was superseded by mod_reqtimeout.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201164 13f79535-47bb-0310-9956-ffa450edef68

Set MaxMemFree 2048 by default


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201161 13f79535-47bb-0310-9956-ffa450edef68

Fix assertion failure during very high load by preventing race condition
between appending to the timeout queues and adding to the pollset. We don't
add additional locking calls but only extend the present calls to include the
apr_pollset_add. Therefore this hopefully should not cause too much performance
regression.

Add some comments 

Replace two AP_DEBUG_ASSERTS with better error handling


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201149 13f79535-47bb-0310-9956-ffa450edef68

1) Promoted from "most" to "yes/few"

- mod_headers

2) Demoted from "yes/few" to "most"

- mod_actions
- mod_allowmethods
- mod_auth_form
- mod_buffer
- mod_cgi(d)
- mod_include
- mod_negotiation
- mod_ratelimit
- mod_request
- mod_userdir

Remember: default module set is "most",
but only the LoadModule lines of all
modules except "yes/few" are commented out by default.

The following modules will now be loaded by default:

- mod_access_compat
- mod_alias
- mod_auth_basic
- mod_authn_core
- mod_authn_file
- mod_authz_core
- mod_authz_groupfile
- mod_authz_host
- mod_authz_user
- mod_autoindex
- mod_dir
- mod_env
- mod_filter
- mod_headers
- mod_log_config
- mod_mime
- mod_mpm_event
- mod_reqtimeout
- mod_setenvif
- mod_status
- mod_unixd
- mod_version

Backport of r1201111 from trunk.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201118 13f79535-47bb-0310-9956-ffa450edef68