Commits · 2.2.33 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

23 Jun, 2017 2 commits

Tag 2.2.33 · 4dd48504

William A. Rowe Jr authored Jun 23, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/tags/2.2.33@1799716 13f79535-47bb-0310-9956-ffa450edef68

2.2.33

4dd48504

Prepare to tag 2.2.33 · c9279805

William A. Rowe Jr authored Jun 23, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799715 13f79535-47bb-0310-9956-ffa450edef68

c9279805

20 Jun, 2017 1 commit

Make the range test legible; in the process, uncover and close · 2f67ebc4

William A. Rowe Jr authored Jun 20, 2017

a bounds overflow condition. [wrowe]
Backports: r417252

Simplify and correctly range test lb_num. [jorton]
Discovered by Hisanobu Okuda
(No prior commit no)

Reviewed by: jorton, wrowe, ylavic



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799356 13f79535-47bb-0310-9956-ffa450edef68

2f67ebc4

19 Jun, 2017 5 commits

attribution · 68fc2e03

Eric Covener authored Jun 19, 2017


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799236 13f79535-47bb-0310-9956-ffa450edef68

68fc2e03

Merge r1797550 from trunk: · 0b97b9f7

Eric Covener authored Jun 19, 2017

mod_mime: fix quoted pair scanning


Submitted By: ylavic




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799235 13f79535-47bb-0310-9956-ffa450edef68

0b97b9f7

Merge https://svn.apache.org/r1796348 from trunk: · 7103baa2

Eric Covener authored Jun 19, 2017

  *) SECURITY: CVE-2017-3167 (cve.mitre.org)
     Use of the ap_get_basic_auth_pw() by third-party modules outside of the
     authentication phase may lead to authentication requirements being
     bypassed.
     [Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener]


Submitted By: Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener
Reviewed By: covener, ylavic, wrowe



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799232 13f79535-47bb-0310-9956-ffa450edef68

7103baa2

Merge https://svn.apache.org/r1796343 from trunk: · 3fdeae4d

Eric Covener authored Jun 19, 2017

  *) SECURITY: CVE-2017-3169 (cve.mitre.org)
     mod_ssl may dereference a NULL pointer when third-party modules call
     ap_hook_process_connection() during an HTTP request to an HTTPS port.
     [Yann Ylavic]


Submitted By: ylavic
Reviewed By: covener, ylavic, wrowe



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799229 13f79535-47bb-0310-9956-ffa450edef68

3fdeae4d

Merge r1796350 from trunk: · ad581ced

Eric Covener authored Jun 19, 2017

short-circuit on NULL

Submitted By: jchampion
Reviewed By: jchampion, wrowe, ylavic



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799228 13f79535-47bb-0310-9956-ffa450edef68

ad581ced

15 Jun, 2017 1 commit

Looks good · 7ca24c82

William A. Rowe Jr authored Jun 15, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1798838 13f79535-47bb-0310-9956-ffa450edef68

7ca24c82

03 Jun, 2017 2 commits

Votes. · 60cbcdbb

Yann Ylavic authored Jun 03, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797554 13f79535-47bb-0310-9956-ffa450edef68

60cbcdbb

propose · da82b7c0

Eric Covener authored Jun 03, 2017



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797552 13f79535-47bb-0310-9956-ffa450edef68

da82b7c0

01 Jun, 2017 1 commit

propose ap_get-basic_auth_pw deprecation · 8f4f82fa

Eric Covener authored Jun 01, 2017



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797210 13f79535-47bb-0310-9956-ffa450edef68

8f4f82fa

31 May, 2017 5 commits

Vote. · 92c1c389

Yann Ylavic authored May 31, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797055 13f79535-47bb-0310-9956-ffa450edef68

92c1c389

· 7848cbe5

Eric Covener authored May 31, 2017

found my system problem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797039 13f79535-47bb-0310-9956-ffa450edef68

7848cbe5

add proposal · 4d542954

Eric Covener authored May 31, 2017



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797037 13f79535-47bb-0310-9956-ffa450edef68

4d542954

Vote, promote. · 247fd508

Yann Ylavic authored May 31, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1796985 13f79535-47bb-0310-9956-ffa450edef68

247fd508

Concur · 12b86f39

William A. Rowe Jr authored May 31, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1796964 13f79535-47bb-0310-9956-ffa450edef68

12b86f39

30 May, 2017 1 commit

Propose. · 5f3bd9e6

Jacob Champion authored May 30, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1796941 13f79535-47bb-0310-9956-ffa450edef68

5f3bd9e6

16 May, 2017 1 commit

Remove 3DES by default for users of older crypto librarys; the cipher · 50af83b2

William A. Rowe Jr authored May 16, 2017

has been reclassified in current OpenSSL releases as WEAK due to 112
or fewer bits of remaining cipher strength, while the Sweet32 disclosure
extended the criticism of RC4 on to 3DES. (IDEA, which potentially has the
same issue, is never enabled by default in OpenSSL, due to patent concerns.)

This commit does not change default httpd behavior, but alters the suggested
behavior of newly provisioned httpd servers. Where adopted, XP with IE8 will
no longer handshake with mod_ssl (previously, XP with IE6 would not handshake.)
The same net effect occurs where OpenSSL is updated to 1.1.0.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1795360 13f79535-47bb-0310-9956-ffa450edef68

50af83b2

06 May, 2017 1 commit

update transformation · aa4587ed

André Malo authored May 06, 2017


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1794165 13f79535-47bb-0310-9956-ffa450edef68

aa4587ed

17 Feb, 2017 1 commit

* server/core.c (merge_core_server_configs): Fix merging of · b4b864b0

Joe Orton authored Feb 17, 2017

HttpProtocolOptions from global to vhost context.

Reviewed by: jorton, wrowe, covener

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1783440 13f79535-47bb-0310-9956-ffa450edef68

b4b864b0

07 Feb, 2017 1 commit

note 2.2.32 release in STATUS · 0682a1ec

Eric Covener authored Feb 07, 2017



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1781967 13f79535-47bb-0310-9956-ffa450edef68

0682a1ec

21 Jan, 2017 1 commit

XML update. · 427e37b9

Lucien Gentis authored Jan 21, 2017


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1779733 13f79535-47bb-0310-9956-ffa450edef68

427e37b9

19 Jan, 2017 1 commit

As per http://httpd.apache.org/docs/2.4/programs/httpd.html#comment_6187 · 67bbb4a9

Rich Bowen authored Jan 19, 2017

the -R option has been gone for ages.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1779471 13f79535-47bb-0310-9956-ffa450edef68

67bbb4a9

15 Jan, 2017 2 commits

Rebuild. · a77b0c53

Lucien Gentis authored Jan 15, 2017


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778914 13f79535-47bb-0310-9956-ffa450edef68

a77b0c53

XML update. · 1060f9c3

Lucien Gentis authored Jan 15, 2017


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778913 13f79535-47bb-0310-9956-ffa450edef68

1060f9c3

14 Jan, 2017 2 commits

Rebuild. · 07a67b06

Lucien Gentis authored Jan 14, 2017


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778811 13f79535-47bb-0310-9956-ffa450edef68

07a67b06

XML update. · 0fe9d388

Lucien Gentis authored Jan 14, 2017


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778810 13f79535-47bb-0310-9956-ffa450edef68

0fe9d388

09 Jan, 2017 8 commits

And we are at 2.2.33-dev · 8e9c0867

William A. Rowe Jr authored Jan 09, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778014 13f79535-47bb-0310-9956-ffa450edef68

8e9c0867

Prepare to tag 2.2.32 · 5ce0d607

William A. Rowe Jr authored Jan 09, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778011 13f79535-47bb-0310-9956-ffa450edef68

5ce0d607

Add warning, as suggested on dev@; rinse and repeat for Announcement · 58629893
William A. Rowe Jr authored Jan 09, 2017
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778010 13f79535-47bb-0310-9956-ffa450edef68
```
58629893

** NOTE: the vendor states "This mitigation has been assigned the identifier · 4b635482

William A. Rowe Jr authored Jan 09, 2017

CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. **



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778007 13f79535-47bb-0310-9956-ffa450edef68

4b635482

update transformation · 0771150a

André Malo authored Jan 09, 2017


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778005 13f79535-47bb-0310-9956-ffa450edef68

0771150a

Regenerated all docs for release · ceb842dc

William A. Rowe Jr authored Jan 09, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778000 13f79535-47bb-0310-9956-ffa450edef68

ceb842dc

http: allow folding in check_headers(), still compliant with RFC 7230 (3.2.4). · 19887a59

William A. Rowe Jr authored Jan 09, 2017

Backports: r1777460, r1777672
Submitted by: ylavic
Reviewed by: ylavic, covener, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1777999 13f79535-47bb-0310-9956-ffa450edef68

19887a59

Reviewed and approved, because 2.2.x is not likely to have another bugfix · 1371b2a9

William A. Rowe Jr authored Jan 09, 2017

release beyond security fixes.

For the same reason, demote months-old proposal to stalled, as this is not
likely to gain another reviewer.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1777998 13f79535-47bb-0310-9956-ffa450edef68

1371b2a9

08 Jan, 2017 2 commits

Rebuild. · f420351d

Lucien Gentis authored Jan 08, 2017


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1777895 13f79535-47bb-0310-9956-ffa450edef68

f420351d

XML updates. · 292863d8

Lucien Gentis authored Jan 08, 2017


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1777894 13f79535-47bb-0310-9956-ffa450edef68

292863d8

07 Jan, 2017 2 commits

Comment. · 47330504

Yann Ylavic authored Jan 07, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1777782 13f79535-47bb-0310-9956-ffa450edef68

47330504

Backported. · 4149bdbc

Yann Ylavic authored Jan 07, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1777780 13f79535-47bb-0310-9956-ffa450edef68

4149bdbc