Commits · 7bf05fe8ceba18d25745ad6a060d8eae3e14bcd7 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

Jan 04, 2018

happy new year's documentation rebuild · 7bf05fe8

Luca Toscano authored Jan 04, 2018

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1820110 13f79535-47bb-0310-9956-ffa450edef68

7bf05fe8

Happy New Year 2018 · c476210b

Rainer Jung authored Jan 04, 2018

Backport of r1820101 from trunk
resp. r1820103 from 2.4.x.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1820104 13f79535-47bb-0310-9956-ffa450edef68

c476210b

Sep 08, 2017

This was released - note no further releases expected · c61f623b

William A. Rowe Jr authored Sep 08, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1807829 13f79535-47bb-0310-9956-ffa450edef68

c61f623b

Jul 24, 2017

Clarify 2.2.33 that wasn't. · 1f51c688

William A. Rowe Jr authored Jul 24, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1802848 13f79535-47bb-0310-9956-ffa450edef68

1f51c688

Jul 17, 2017

Add the CHANGES' security entry for 2.2.34. · 141ed0f6

Yann Ylavic authored Jul 17, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1802128 13f79535-47bb-0310-9956-ffa450edef68

141ed0f6

Jul 06, 2017

Ensure docs follow suit · 08cc13b8

William A. Rowe Jr authored Jul 06, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1801093 13f79535-47bb-0310-9956-ffa450edef68

08cc13b8

2.2.35-dev is most likely in our attic, but bump for disambiguation. · 7b95ea2b
William A. Rowe Jr authored Jul 06, 2017
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1801092 13f79535-47bb-0310-9956-ffa450edef68
```
7b95ea2b

No longer dev, prepare to tag 2.2.34-final · 532f230e

William A. Rowe Jr authored Jul 06, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1801089 13f79535-47bb-0310-9956-ffa450edef68

532f230e

Progress indicator · 5e3545e0

William A. Rowe Jr authored Jul 06, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800964 13f79535-47bb-0310-9956-ffa450edef68

5e3545e0

Fix negotiation type parsing to be strict about "*", "*/*" and "type/*" · a240aa3c

William A. Rowe Jr authored Jul 06, 2017

comparisons.

Submitted by: wrowe, Robert Święcki <robert swiecki.net>
Backports: r1800917
Reviewed by: wrowe, jchampion, ylavic



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800963 13f79535-47bb-0310-9956-ffa450edef68

a240aa3c

Correct string scope to prevent duplicated values for subsequent tokens. · 996e23b0

William A. Rowe Jr authored Jul 06, 2017

Submitted by: wrowe
Backports: r1800919
Reviewed by: wrowe, jchampion, ylavic



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800962 13f79535-47bb-0310-9956-ffa450edef68

996e23b0

Vote, promote. · 1e133f74

Yann Ylavic authored Jul 06, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800958 13f79535-47bb-0310-9956-ffa450edef68

1e133f74

Jul 05, 2017

Vote. · 4c678767

Jacob Champion authored Jul 05, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800953 13f79535-47bb-0310-9956-ffa450edef68

4c678767

Two more string parsing oddities for consideration · de918cce

William A. Rowe Jr authored Jul 05, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800923 13f79535-47bb-0310-9956-ffa450edef68

de918cce

Jun 29, 2017

Restore single-char field names inadvertantly disallowed in 2.4.25. · de0e7098

William A. Rowe Jr authored Jun 29, 2017

Backports: r1800173
PR: 61220 
Submitted by: ylavic
Reviewed by: wrowe, jchampion, ylavic



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800216 13f79535-47bb-0310-9956-ffa450edef68

de0e7098

Jun 28, 2017

Vote, promote. · edef3767

Yann Ylavic authored Jun 28, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800190 13f79535-47bb-0310-9956-ffa450edef68

edef3767

Actually this was a vote for 1800111, not the revised patch · 83056dd9

William A. Rowe Jr authored Jun 28, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800188 13f79535-47bb-0310-9956-ffa450edef68

83056dd9

Vote, promote. · c604aa19

Jacob Champion authored Jun 28, 2017

Added 2.2.x convenience patch.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800186 13f79535-47bb-0310-9956-ffa450edef68

c604aa19

Propose Yann's alternative · 29e521b3

William A. Rowe Jr authored Jun 28, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800176 13f79535-47bb-0310-9956-ffa450edef68

29e521b3

* Vote · 1a651680

Ruediger Pluem authored Jun 28, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800124 13f79535-47bb-0310-9956-ffa450edef68

1a651680

Proposed · 46af08ff

William A. Rowe Jr authored Jun 28, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800112 13f79535-47bb-0310-9956-ffa450edef68

46af08ff

Jun 23, 2017

And we are nominally at 2.2.34 although any further release is most unlikely · c30b770f
William A. Rowe Jr authored Jun 23, 2017
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799717 13f79535-47bb-0310-9956-ffa450edef68
```
c30b770f

Prepare to tag 2.2.33 · c9279805

William A. Rowe Jr authored Jun 23, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799715 13f79535-47bb-0310-9956-ffa450edef68

c9279805

Jun 20, 2017

Make the range test legible; in the process, uncover and close · 2f67ebc4

William A. Rowe Jr authored Jun 20, 2017

a bounds overflow condition. [wrowe]
Backports: r417252

Simplify and correctly range test lb_num. [jorton]
Discovered by Hisanobu Okuda
(No prior commit no)

Reviewed by: jorton, wrowe, ylavic



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799356 13f79535-47bb-0310-9956-ffa450edef68

2f67ebc4

Jun 19, 2017

attribution · 68fc2e03

Eric Covener authored Jun 19, 2017


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799236 13f79535-47bb-0310-9956-ffa450edef68

68fc2e03

Merge r1797550 from trunk: · 0b97b9f7

Eric Covener authored Jun 19, 2017

mod_mime: fix quoted pair scanning


Submitted By: ylavic




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799235 13f79535-47bb-0310-9956-ffa450edef68

0b97b9f7

Merge https://svn.apache.org/r1796348 from trunk: · 7103baa2

Eric Covener authored Jun 19, 2017

  *) SECURITY: CVE-2017-3167 (cve.mitre.org)
     Use of the ap_get_basic_auth_pw() by third-party modules outside of the
     authentication phase may lead to authentication requirements being
     bypassed.
     [Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener]


Submitted By: Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener
Reviewed By: covener, ylavic, wrowe



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799232 13f79535-47bb-0310-9956-ffa450edef68

7103baa2

Merge https://svn.apache.org/r1796343 from trunk: · 3fdeae4d

Eric Covener authored Jun 19, 2017

  *) SECURITY: CVE-2017-3169 (cve.mitre.org)
     mod_ssl may dereference a NULL pointer when third-party modules call
     ap_hook_process_connection() during an HTTP request to an HTTPS port.
     [Yann Ylavic]


Submitted By: ylavic
Reviewed By: covener, ylavic, wrowe



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799229 13f79535-47bb-0310-9956-ffa450edef68

3fdeae4d

Merge r1796350 from trunk: · ad581ced

Eric Covener authored Jun 19, 2017

short-circuit on NULL

Submitted By: jchampion
Reviewed By: jchampion, wrowe, ylavic



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799228 13f79535-47bb-0310-9956-ffa450edef68

ad581ced

Jun 15, 2017

Looks good · 7ca24c82

William A. Rowe Jr authored Jun 15, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1798838 13f79535-47bb-0310-9956-ffa450edef68

7ca24c82

Jun 03, 2017

Votes. · 60cbcdbb

Yann Ylavic authored Jun 03, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797554 13f79535-47bb-0310-9956-ffa450edef68

60cbcdbb

propose · da82b7c0

Eric Covener authored Jun 03, 2017



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797552 13f79535-47bb-0310-9956-ffa450edef68

da82b7c0

Jun 01, 2017

propose ap_get-basic_auth_pw deprecation · 8f4f82fa

Eric Covener authored Jun 01, 2017



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797210 13f79535-47bb-0310-9956-ffa450edef68

8f4f82fa

May 31, 2017

Vote. · 92c1c389

Yann Ylavic authored May 31, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797055 13f79535-47bb-0310-9956-ffa450edef68

92c1c389

· 7848cbe5

Eric Covener authored May 31, 2017

found my system problem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797039 13f79535-47bb-0310-9956-ffa450edef68

7848cbe5

add proposal · 4d542954

Eric Covener authored May 31, 2017



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797037 13f79535-47bb-0310-9956-ffa450edef68

4d542954

Vote, promote. · 247fd508

Yann Ylavic authored May 31, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1796985 13f79535-47bb-0310-9956-ffa450edef68

247fd508

Concur · 12b86f39

William A. Rowe Jr authored May 31, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1796964 13f79535-47bb-0310-9956-ffa450edef68

12b86f39

May 30, 2017

Propose. · 5f3bd9e6

Jacob Champion authored May 30, 2017

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1796941 13f79535-47bb-0310-9956-ffa450edef68

5f3bd9e6

May 16, 2017

Remove 3DES by default for users of older crypto librarys; the cipher · 50af83b2

William A. Rowe Jr authored May 16, 2017

has been reclassified in current OpenSSL releases as WEAK due to 112
or fewer bits of remaining cipher strength, while the Sweet32 disclosure
extended the criticism of RC4 on to 3DES. (IDEA, which potentially has the
same issue, is never enabled by default in OpenSSL, due to patent concerns.)

This commit does not change default httpd behavior, but alters the suggested
behavior of newly provisioned httpd servers. Where adopted, XP with IE8 will
no longer handshake with mod_ssl (previously, XP with IE6 would not handshake.)
The same net effect occurs where OpenSSL is updated to 1.1.0.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1795360 13f79535-47bb-0310-9956-ffa450edef68

50af83b2