- Sep 29, 2010
-
-
Guenter Knauf authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1002449 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 28, 2010
-
-
Rainer Jung authored
The new proposals fix previous test framework failures. Those tests are disabled for 2.0 right now. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1002266 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
from trunk resp. 917044 from 2.2.x: New releases of OpenSSL will only allow secure renegotiation by default. Add an "SSLInsecureRenegotiation" directive to enable renegotiation against unpatched clients, to ease transition. Submitted by: jorton Backport by: rjung Reviewed by: pgollucci, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1002233 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
Further mitigation for the TLS renegotation attack, CVE-2009-3555: * modules/ssl/ssl_engine_kernel.c (has_buffered_data): New function. (ssl_hook_Access): Forcibly disable keepalive for the connection if there is any buffered data readable from the input filter stack. * modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Ensure that the BIO uses blocking operations when invoked outside direct control of the httpd filter stack. Thanks to Hartmut Keil <Hartmut.Keil adnovum.ch> for proposing this technique. Submitted by: jorton Backport by: rjung Reviewed by: pgollucci, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1002227 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 27, 2010
-
-
Jeff Trawick authored
mod_ssl: Use memmove instead of memcpy for overlapping buffers Submitted by: jorton Reviewed by: sf, trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1001762 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 26, 2010
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1001426 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
SECURITY: CVE-2009-1891 (cve.mitre.org) Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. [Joe Orton, Ruediger Pluem] Submitted by: jorton, rpluem Reviewed by: pgollucci, poirier, rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1001425 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1001424 13f79535-47bb-0310-9956-ffa450edef68
-
Guenter Knauf authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1001403 13f79535-47bb-0310-9956-ffa450edef68
-
Guenter Knauf authored
disabled by default until gen_test_char.c is modified to allow for cross-compile. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1001396 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1001392 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 25, 2010
-
-
Stefan Fritsch authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1001311 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 14, 2010
-
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@996770 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
by trawick. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@996743 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 13, 2010
-
-
William A. Rowe Jr authored
Promote, demote. Please look at this specific patch if you care that it just hit the 'going nowhere' category git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@996719 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 05, 2010
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@982705 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 26, 2010
-
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@979237 13f79535-47bb-0310-9956-ffa450edef68
-
Nilgun Belma Buguner authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@979187 13f79535-47bb-0310-9956-ffa450edef68
-
Nilgun Belma Buguner authored
Translated by: Nilgün Belma Bugüner <nilgun belgeler.org> Reviewed by: Orhan Berent <berent belgeler.org> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@979186 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 23, 2010
-
-
Guenter Knauf authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@966953 13f79535-47bb-0310-9956-ffa450edef68
-
Guenter Knauf authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@966949 13f79535-47bb-0310-9956-ffa450edef68
-
Guenter Knauf authored
- removed obsolete -prefix compiler switch since already defined global for all files - removed obsolete include paths - changed include paths to use internal vars so hat apr/apr-util builds outside source tree - removed trailing tabs and spaces, other minor cosmetic changes git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@966915 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 20, 2010
-
-
Rainer Jung authored
I kept "back slash" when explicitely used in comparison with "forward slash". Backport of r965792 from trunk and of r965799 from 2.2.x. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@965803 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
Thanks to Denis Howe for the hint. PR49620. Backport of r965798 from 2.2.x. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@965801 13f79535-47bb-0310-9956-ffa450edef68
-
- May 14, 2010
-
-
Rainer Jung authored
been committed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@944165 13f79535-47bb-0310-9956-ffa450edef68
-
- May 13, 2010
-
-
Jeff Trawick authored
CVE-2009-3095: mod_proxy_ftp sanity check authn credentials. Submitted by: Stefan Fritsch <sf fritsch.de>, Joe Orton Reviewed by: pgollucci, poirier, rjung, trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943980 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943977 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
*) SECURITY: CVE-2009-3094 (cve.mitre.org) mod_proxy_ftp: NULL pointer dereference on error paths. [Stefan Fritsch <sf fritsch.de>, Joe Orton] Reviewed by: pgollucci, poirier, trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943925 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943923 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943882 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943880 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
SECURITY: Partial fix for CVE-2009-3555: Reject client-initiated renegotiations; this is sufficient to prevent the attack for any configuration which does not require renegotiation due to per-directory/per-location access control configuration. Configuration with per-directory/per-location access control requirements (such as "SSLVerifyClient require") are still vulnerable to CVE-2009-3555 with this patch applied (if using OpenSSL != 0.9.8l). * modules/ssl/ssl_private.h (SSLConnRec): Add reneg_state field. (ssl_callback_Info): Renamed from ssl_callback_LogTracingState. * modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Install the (renamed) info callback unconditionally. * modules/ssl/ssl_engine_io.c (ssl_filter_ctx_t): Add config pointer to SSLConnRec. (bio_filter_out_write, bio_filter_in_read): Fail with APR_ECONNABORTED if the reneg state is set to RENEG_ABORT. * modules/ssl/ssl_engine_kernel.c (log_tracing_state): Factored out of ssl_callback_LogTracingState. (ssl_callback_Info): New function. Submitted by: jorton, rpluem, rjung Reviewed by: rjung, rpluem, pgollucci git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943879 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Earl Poirier authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943869 13f79535-47bb-0310-9956-ffa450edef68
-
- May 12, 2010
-
-
Philip M. Gollucci authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943750 13f79535-47bb-0310-9956-ffa450edef68
-
Philip M. Gollucci authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943749 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
I haven't properly reviewed/tested these yet myself, but I'd guess that some among us may be in a good position to review. (And I should get to it eventually.) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943603 13f79535-47bb-0310-9956-ffa450edef68
-
- May 10, 2010
-
-
Richard Bowen authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@942939 13f79535-47bb-0310-9956-ffa450edef68
-
- May 07, 2010
-
-
Philip M. Gollucci authored
As previously discussed with wrowe, treast this the same way roy treats mime.types git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@942211 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 16, 2010
-
-
Rainer Jung authored
to 2.0.x. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@923801 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 11, 2010
-
-
Jeff Trawick authored
SECURITY: CVE-2010-0434 (cve.mitre.org) Ensure each subrequest has a shallow copy of headers_in so that the parent request headers are not corrupted. Elimiates a problematic optimization in the case of no request body. PR: 48359 Submitted by: Jake Scott, William Rowe, Ruediger Pluem Reviewed by: wrowe, trawick, rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921910 13f79535-47bb-0310-9956-ffa450edef68
-