Commits · 55ad7eb6a83b25282727e3b8baad43db15dbc29b · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

Nov 25, 2014

Merge r1640036, r1640331 from trunk: · 55ad7eb6

Joe Orton authored Nov 25, 2014

mod_proxy_fcgi: SECURITY: CVE-2014-3583 (cve.mitre.org)
Fix a potential crash with response headers' size above 8K.

The code changes to mod_authnz_fcgi keep the handle_headers()
function in sync between the two modules.  mod_authnz_fcgi
does not have this issue because it allocated a separate byte
for terminating '\0'.

Submitted by: ylavic, trawick
Reviewed by: ylavic, trawick, mrumph


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1641551 13f79535-47bb-0310-9956-ffa450edef68

55ad7eb6

Nov 24, 2014

xforms · 0975a21a

Eric Covener authored Nov 24, 2014



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1641437 13f79535-47bb-0310-9956-ffa450edef68

0975a21a

Merge r1641434 from trunk: · d1587f92

Eric Covener authored Nov 24, 2014

move text outside of example for readability.




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1641436 13f79535-47bb-0310-9956-ffa450edef68

d1587f92

xforms · c8a1e982

Eric Covener authored Nov 24, 2014



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1641417 13f79535-47bb-0310-9956-ffa450edef68

c8a1e982

Merge r1641414 from trunk: · 088fa6d5

Eric Covener authored Nov 24, 2014

steal the sethandler example from mod_proxy.html and mention worker issue
 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1641416 13f79535-47bb-0310-9956-ffa450edef68

088fa6d5

· 970f73ef

Eric Covener authored Nov 24, 2014

xforms


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1641387 13f79535-47bb-0310-9956-ffa450edef68

970f73ef

Merge r1641384 from trunk: · 732db059

Eric Covener authored Nov 24, 2014

the next sentence says:

The URL argument must be parsable as a URL before regexp substitutions (as well as after). This limits the matches you can use. For instance, if we had used

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1641386 13f79535-47bb-0310-9956-ffa450edef68

732db059

Merge r1641311, r1641382 from trunk: · 8ec830af

Eric Covener authored Nov 24, 2014

surprising but confirmed by comment in mod_proxy

test/document php-fpm with proxy_fcgi

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1641383 13f79535-47bb-0310-9956-ffa450edef68

8ec830af

Nov 22, 2014

quick votes · a803019a

Eric Covener authored Nov 22, 2014



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1641137 13f79535-47bb-0310-9956-ffa450edef68

a803019a

Nov 20, 2014
- Vote for mod_proxy_fcgi fix and add references for APR and APR-util 1.5.x branches. · 3bd2b2fc
  Mike Rumph authored Nov 20, 2014
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1640782 13f79535-47bb-0310-9956-ffa450edef68
```
  3bd2b2fc
Nov 19, 2014

Propose r1635428. · 317e62d3

Jan Kaluža authored Nov 19, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1640499 13f79535-47bb-0310-9956-ffa450edef68

317e62d3

Propose r1638072 and r1638073. · 1ea30376

Jan Kaluža authored Nov 19, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1640494 13f79535-47bb-0310-9956-ffa450edef68

1ea30376

Nov 18, 2014

*fcgi fun · ce110979

Jeff Trawick authored Nov 18, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1640339 13f79535-47bb-0310-9956-ffa450edef68

ce110979

Rebuild. · 6c4c19e8

Lucien Gentis authored Nov 18, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1640298 13f79535-47bb-0310-9956-ffa450edef68

6c4c19e8

XML updates. · b97fa1cf

Lucien Gentis authored Nov 18, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1640297 13f79535-47bb-0310-9956-ffa450edef68

b97fa1cf

Nov 16, 2014

Propose new *fcgi fix. · 28c8817c

Yann Ylavic authored Nov 16, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1640045 13f79535-47bb-0310-9956-ffa450edef68

28c8817c

Propose CVE-2014-3583 fix made minimal. · 172bec20

Yann Ylavic authored Nov 16, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1640037 13f79535-47bb-0310-9956-ffa450edef68

172bec20

Propose follow-up r1640031. · df066d7d

Yann Ylavic authored Nov 16, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1640033 13f79535-47bb-0310-9956-ffa450edef68

df066d7d

Vote · b6d1e35a

Christophe Jaillet authored Nov 16, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1639961 13f79535-47bb-0310-9956-ffa450edef68

b6d1e35a

Nov 15, 2014

Votes. · 641a6f64

Yann Ylavic authored Nov 15, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1639820 13f79535-47bb-0310-9956-ffa450edef68

641a6f64

Update fcgi fixes proposals according to Jeff's review. · 03bb535c

Yann Ylavic authored Nov 15, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1639815 13f79535-47bb-0310-9956-ffa450edef68

03bb535c

Nov 14, 2014

Propose poll()ing fixes for proxy_connect (PR57168) and proxy_wstunnel. · 20f1e25c
Yann Ylavic authored Nov 14, 2014
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1639800 13f79535-47bb-0310-9956-ffa450edef68
```
20f1e25c

propose the right event fix · 0ba7b946

Eric Covener authored Nov 14, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1639615 13f79535-47bb-0310-9956-ffa450edef68

0ba7b946

yank event proposal, it is about to be superceded in trunk · 6ae0d1bf

Eric Covener authored Nov 14, 2014



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1639563 13f79535-47bb-0310-9956-ffa450edef68

6ae0d1bf

Nov 13, 2014

Easy proposals to synch 2.4 and trunk · bcaa6ed8

Christophe Jaillet authored Nov 13, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1639254 13f79535-47bb-0310-9956-ffa450edef68

bcaa6ed8

Nov 12, 2014

propose event fix · 2bf0ae47

Eric Covener authored Nov 12, 2014



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1638882 13f79535-47bb-0310-9956-ffa450edef68

2bf0ae47

Propose fix for CVE-2014-3583. · bfee66b7

Yann Ylavic authored Nov 12, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1638820 13f79535-47bb-0310-9956-ffa450edef68

bfee66b7

Propose r1638772. · bde1159d

Jan Kaluža authored Nov 12, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1638817 13f79535-47bb-0310-9956-ffa450edef68

bde1159d

Vote. · 522ac53a

Yann Ylavic authored Nov 12, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1638778 13f79535-47bb-0310-9956-ffa450edef68

522ac53a

propose event fix http://svn.apache.org/r1638691 which was regressed in 2.4.10 and 2.4.11 · 98398fb1
Eric Covener authored Nov 12, 2014
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1638692 13f79535-47bb-0310-9956-ffa450edef68
```
98398fb1

Nov 11, 2014

Merge r1635762 from trunk: · 310823a3

Jim Jagielski authored Nov 11, 2014

Support custom ErrorDocuments for HTTP 501 and 414 status codes.
PR 57167 [Edward Lu <Chaosed0 gmail.com>]

Submitted By: Edward Lu <Chaosed0 gmail.com>
Committed By: covener

Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1638071 13f79535-47bb-0310-9956-ffa450edef68

310823a3

Merge r1632740 from trunk: · d2568b2d

Jim Jagielski authored Nov 11, 2014

mod_cache: avoid unlikely access to freed memory.
Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1638070 13f79535-47bb-0310-9956-ffa450edef68

d2568b2d

Merge r1622450 from trunk: · 2e10f701

Jim Jagielski authored Nov 11, 2014

ab: increase request and response header size to 8192 bytes,
fix potential buffer-overflow in Server: header handling.

Submitted by: jkaluza
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1638069 13f79535-47bb-0310-9956-ffa450edef68

2e10f701

Nov 10, 2014

xforms · abf66298

Eric Covener authored Nov 10, 2014



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1637773 13f79535-47bb-0310-9956-ffa450edef68

abf66298

Merge r1637768 from trunk: · 1a407f1e

Eric Covener authored Nov 10, 2014

fix copy/paste error for CacheSocacheMinTime, rest of content is correct.
http://httpd.apache.org/docs/trunk/mod/mod_cache_socache.html#comment_3247

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1637769 13f79535-47bb-0310-9956-ffa450edef68

1a407f1e

Nov 09, 2014

Rebuild. · c3824f29

Lucien Gentis authored Nov 09, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1637699 13f79535-47bb-0310-9956-ffa450edef68

c3824f29

XML updates. · 8b20749d

Lucien Gentis authored Nov 09, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1637698 13f79535-47bb-0310-9956-ffa450edef68

8b20749d

Nov 06, 2014

vote, promote · e44f1f58

Jeff Trawick authored Nov 06, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1637125 13f79535-47bb-0310-9956-ffa450edef68

e44f1f58

missed mergeinfo update from r1637114 · 9d4c47c0

Jeff Trawick authored Nov 06, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1637116 13f79535-47bb-0310-9956-ffa450edef68

9d4c47c0

make docs · 54d39fd8

Jeff Trawick authored Nov 06, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1637115 13f79535-47bb-0310-9956-ffa450edef68

54d39fd8