git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943880 13f79535-47bb-0310-9956-ffa450edef68

SECURITY: Partial fix for CVE-2009-3555:

Reject client-initiated renegotiations; this is sufficient to prevent
the attack for any configuration which does not require renegotiation
due to per-directory/per-location access control configuration.

Configuration with per-directory/per-location access control
requirements (such as "SSLVerifyClient require") are still vulnerable
to CVE-2009-3555 with this patch applied (if using OpenSSL != 0.9.8l).

* modules/ssl/ssl_private.h (SSLConnRec): Add reneg_state field.
  (ssl_callback_Info): Renamed from ssl_callback_LogTracingState.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Install
  the (renamed) info callback unconditionally.

* modules/ssl/ssl_engine_io.c (ssl_filter_ctx_t): Add config pointer
  to SSLConnRec.
  (bio_filter_out_write, bio_filter_in_read): Fail with
  APR_ECONNABORTED if the reneg state is set to RENEG_ABORT.

* modules/ssl/ssl_engine_kernel.c (log_tracing_state): Factored out
  of ssl_callback_LogTracingState.
  (ssl_callback_Info): New function.

Submitted by: jorton, rpluem, rjung
Reviewed by: rjung, rpluem, pgollucci


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943879 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943869 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943750 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943749 13f79535-47bb-0310-9956-ffa450edef68

I haven't properly reviewed/tested these yet myself, but I'd guess
that some among us may be in a good position to review.  (And I
should get to it eventually.)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943603 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@942939 13f79535-47bb-0310-9956-ffa450edef68

As previously discussed with wrowe, treast this the same way roy treats
mime.types



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@942211 13f79535-47bb-0310-9956-ffa450edef68

to 2.0.x.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@923801 13f79535-47bb-0310-9956-ffa450edef68

SECURITY: CVE-2010-0434 (cve.mitre.org)
Ensure each subrequest has a shallow copy of headers_in so that the
parent request headers are not corrupted.  Elimiates a problematic
optimization in the case of no request body.

PR: 48359
Submitted by: Jake Scott, William Rowe, Ruediger Pluem
Reviewed by: wrowe, trawick, rpluem



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921910 13f79535-47bb-0310-9956-ffa450edef68

  *) SECURITY: CVE-2008-2364 (cve.mitre.org)
     mod_proxy_http: Better handling of excessive interim responses
     from origin server to prevent potential denial of service and high
     memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem,
     Joe Orton, Jim Jagielski]

Reviewed by: trawick, wrowe, rpluem



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921908 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921839 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921303 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921146 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921143 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921086 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921081 13f79535-47bb-0310-9956-ffa450edef68

to the 2.0.x branch for now.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921002 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@920995 13f79535-47bb-0310-9956-ffa450edef68

mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.

Submitted by: Brett Gervasoni <brettg senseofsecurity.com>, trawick
Reviewed by: trawick, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@920961 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@899795 13f79535-47bb-0310-9956-ffa450edef68

Translated by: Nilgün Belma Bugüner <nilgun belgeler.org>
Reviewed by:  Orhan Berent <berent belgeler.org>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@899794 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@897806 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@897805 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@896280 13f79535-47bb-0310-9956-ffa450edef68

Submitted by: HANAWA Yoshio <hanawa dino.co.jp>
Reviewed by:  takashi


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@893242 13f79535-47bb-0310-9956-ffa450edef68

Submitted by: OZAWA Sakuro <ozawa feedforce.jp>
Reviewed by:  takashi


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@892570 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@890374 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@889972 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@886856 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@882861 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@882610 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@882528 13f79535-47bb-0310-9956-ffa450edef68

(r833622 from 2.2.x).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@882479 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@826172 13f79535-47bb-0310-9956-ffa450edef68

Translated by: Nilgün Belma Bugüner <nilgun belgeler.org>
Reviewed by:  Orhan Berent <berent belgeler.org>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@826171 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@817080 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@810469 13f79535-47bb-0310-9956-ffa450edef68

Remove some duplicate extensions (reported by Jacob Rus)
Add more unregistered Microsoft types for silverlight (idiots)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@800632 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@790824 13f79535-47bb-0310-9956-ffa450edef68