PR: 34275
Submitted by: Takashi Sato <serai lans-tv.com>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@612954 13f79535-47bb-0310-9956-ffa450edef68

PR 43596 (Dimitar Pashev)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@611483 13f79535-47bb-0310-9956-ffa450edef68

PR 11035


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@611475 13f79535-47bb-0310-9956-ffa450edef68

PR 27834


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@611466 13f79535-47bb-0310-9956-ffa450edef68

     values for errors encountered while forwarding the request body
     PR 44165 [Eric Covener]

See also PR 31759 / r448711



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@611292 13f79535-47bb-0310-9956-ffa450edef68

   bytes_in count [Eric Covener]

Practical example: alternate SSL implementation that lives 
beyond the filters (IOL)



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@611199 13f79535-47bb-0310-9956-ffa450edef68

PR 43319


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@611134 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@609114 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@608063 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607930 13f79535-47bb-0310-9956-ffa450edef68

return code of LDAP_UNAVAILABLE as if it were LDAP_SERVER_DOWN.

With this SDK, LDAP_UNAVAIALBLE is returned when the socket had been closed 
between LDAP API calls.

PR 39095



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607766 13f79535-47bb-0310-9956-ffa450edef68

to identify a default, or specific servers or paths which list their
contents in other-than ISO-8859-1 charset (e.g. utf-8).

Submitted by: Ruediger Pluem



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607638 13f79535-47bb-0310-9956-ffa450edef68

PR 38034
Patch by Paritosh Shah
Explanation by Werner Baumann


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607466 13f79535-47bb-0310-9956-ffa450edef68

  platforms and avoid a regression with conditional PUT's on lock and etag.

  Add a warning to the documentation of FileETAG that changes of the ETAG
  format can cause conditionals to fail on mod_dav_fs provided backends.

PR: 44152
Submitted by: Michael Clark <michael metaparadigm.com>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607437 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607403 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607402 13f79535-47bb-0310-9956-ffa450edef68

  by redirecting to other URLs. Reported by SecurityReason.

Submitted by: Mark Cox, Joe Orton
Reviewed by: security@httpd.apache.org


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607282 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607276 13f79535-47bb-0310-9956-ffa450edef68

  output of the balancer manager.

Reported by SecurityReason.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607275 13f79535-47bb-0310-9956-ffa450edef68

  parameter.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607273 13f79535-47bb-0310-9956-ffa450edef68

discussion on-list).
This is not a full-and-final fix, because we don't ourselves do anything
useful with these ETags.  But at least we're no longer screwing up clients.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607219 13f79535-47bb-0310-9956-ffa450edef68

  mod_proxy_balancer, mod_proxy_ftp, mod_info, mod_dav without a character
  set to ISO-8859-1.

Submitted by: jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@606693 13f79535-47bb-0310-9956-ffa450edef68

Submitted by: Kaspar Brand <asfbugz velox.ch>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@606190 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@604321 13f79535-47bb-0310-9956-ffa450edef68

Pointed out by: Takashi Sato <serai lans-tv.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@604000 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@603738 13f79535-47bb-0310-9956-ffa450edef68

This has no security impact since the browser cannot be tricked
into sending arbitrary method strings.

(words from jorton)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@603346 13f79535-47bb-0310-9956-ffa450edef68

installer.  This will permit the installation tool to remove
all running instances before attempting to remove the .exe.

Note that since the introduction of CriticalSections, our
compatibility with NT 4 was destroyed, and at this point that
is no loss (there are no more security updates to NT 4 ergo
it's not an OS we want connected to the internet, anyways).
The WTS api calls require 2000 or later, but I'm not wrapping
them since nobody notices the same issue with CriticalSections.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@603238 13f79535-47bb-0310-9956-ffa450edef68

  member of the proxy_conn_rec struct as we destroy this data more frequently
  than other data in the proxy_conn_rec struct like hostname and addr (at least
  in the case where we have keepalive connections that timed out and were
  closed by the backend).
  This fixes a memory leak with short lived and broken connections.

PR: 44026


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@603237 13f79535-47bb-0310-9956-ffa450edef68

  time) but empty it (via APR_BRIGADE_PREPEND) and reuse it. 

Submitted by: Stefan Fritsch <sf sfritsch.de>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@603227 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602795 13f79535-47bb-0310-9956-ffa450edef68

PR: 23567
Submitted by: Stefan Fritsch <sf sfritsch.de>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602735 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602682 13f79535-47bb-0310-9956-ffa450edef68

  Basicly the persistence is created by keeping the conn_rec structure
  created for our backend connection (whether http or https) in the connection
  pool. This required to adjust scoreboard.c in a way that its functions can
  properly deal with a NULL scoreboard handle by ignoring the call or returning
  an error code.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602542 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602509 13f79535-47bb-0310-9956-ffa450edef68

Determined to be not generally exploitable, but a flaw in any case.

PR: 44014
Submitted by: Victor Stinner <victor.stinner inl.fr>




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600645 13f79535-47bb-0310-9956-ffa450edef68

  This will not change the logic if no "-l" gets used, and it will spare
  one call to apr_time_now() in case "-l" gets used and more important
  it gives the code better atomicity, because in fact between the two calls
  there is a slight change of jumping oder the DST boundary

- for historic reasons the same code block is used two times with a
  slightly different way of transforming apr_time_t to int
  (once division by APR_USEC_PER_SEC, once call to apr_time_sec()),
  so let's unify it.

- finally move the block into a function, because it gets used already
  two times.

PR: 44004
Submitted by: Rainer Jung <rainer.jung kippdata.de>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600154 13f79535-47bb-0310-9956-ffa450edef68

filter_init problem remains, we should make it clear to users at startup time.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599393 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_config.c (modssl_ctx_init,
  modssl_ctx_cfg_merge): Initialize and merge OCSP config options.
  (ssl_cmd_SSLOCSPOverrideResponder, ssl_cmd_SSLOCSPDefaultResponder,
  ssl_cmd_SSLOCSPEnable): Add functions.

* modules/ssl/mod_ssl.c (ssl_config_cmds): Add config options.

* modules/ssl/ssl_private.h: Add prototypes, config options to
  modssl_ctx_t.

* modules/ssl/ssl_util_ocsp.c: New file, utility interface for
  dispatching OCSP requests.

* modules/ssl/ssl_engine_ocsp.c: New file, interface for performing
  OCSP validation.

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Perform
  OCSP validation if configured, and the cert is so-far verified to be
  trusted.  Fail if OCSP validation is configured an the optional-no-ca 
  check tripped.

* modules/ssl/config.m4: Check for OCSP support, build new files.

* modules/ssl/mod_ssl.dsp: Build new files.

* modules/ssl/ssl_toolkit_compat.h: Include headers for OCSP
  interfaces.

PR: 41123
Submitted by: Marc Stern <marc.stern approach.be>, Joe Orton
Reviewed by: Steve Henson <steve openssl.org>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599385 13f79535-47bb-0310-9956-ffa450edef68

PR 43956


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@598299 13f79535-47bb-0310-9956-ffa450edef68