git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@979237 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@979187 13f79535-47bb-0310-9956-ffa450edef68

Translated by: Nilgün Belma Bugüner <nilgun belgeler.org>
Reviewed by:  Orhan Berent <berent belgeler.org>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@979186 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@966953 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@966949 13f79535-47bb-0310-9956-ffa450edef68

- removed obsolete -prefix compiler switch since already defined global for all files
- removed obsolete include paths
- changed include paths to use internal vars so hat apr/apr-util builds outside source tree
- removed trailing tabs and spaces, other minor cosmetic changes


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@966915 13f79535-47bb-0310-9956-ffa450edef68

I kept "back slash" when explicitely used in
comparison with "forward slash".

Backport of r965792 from trunk and of r965799
from 2.2.x.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@965803 13f79535-47bb-0310-9956-ffa450edef68

Thanks to Denis Howe for the hint.

PR49620.
Backport of r965798 from 2.2.x.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@965801 13f79535-47bb-0310-9956-ffa450edef68

been committed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@944165 13f79535-47bb-0310-9956-ffa450edef68

CVE-2009-3095: mod_proxy_ftp sanity check authn credentials.
Submitted by: Stefan Fritsch <sf fritsch.de>, Joe Orton

Reviewed by: pgollucci, poirier, rjung, trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943980 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943977 13f79535-47bb-0310-9956-ffa450edef68

  *) SECURITY: CVE-2009-3094 (cve.mitre.org)
     mod_proxy_ftp: NULL pointer dereference on error paths.
     [Stefan Fritsch <sf fritsch.de>, Joe Orton]

Reviewed by: pgollucci, poirier, trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943925 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943923 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943882 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943880 13f79535-47bb-0310-9956-ffa450edef68

SECURITY: Partial fix for CVE-2009-3555:

Reject client-initiated renegotiations; this is sufficient to prevent
the attack for any configuration which does not require renegotiation
due to per-directory/per-location access control configuration.

Configuration with per-directory/per-location access control
requirements (such as "SSLVerifyClient require") are still vulnerable
to CVE-2009-3555 with this patch applied (if using OpenSSL != 0.9.8l).

* modules/ssl/ssl_private.h (SSLConnRec): Add reneg_state field.
  (ssl_callback_Info): Renamed from ssl_callback_LogTracingState.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Install
  the (renamed) info callback unconditionally.

* modules/ssl/ssl_engine_io.c (ssl_filter_ctx_t): Add config pointer
  to SSLConnRec.
  (bio_filter_out_write, bio_filter_in_read): Fail with
  APR_ECONNABORTED if the reneg state is set to RENEG_ABORT.

* modules/ssl/ssl_engine_kernel.c (log_tracing_state): Factored out
  of ssl_callback_LogTracingState.
  (ssl_callback_Info): New function.

Submitted by: jorton, rpluem, rjung
Reviewed by: rjung, rpluem, pgollucci


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943879 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943869 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943750 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943749 13f79535-47bb-0310-9956-ffa450edef68

I haven't properly reviewed/tested these yet myself, but I'd guess
that some among us may be in a good position to review.  (And I
should get to it eventually.)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943603 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@942939 13f79535-47bb-0310-9956-ffa450edef68

As previously discussed with wrowe, treast this the same way roy treats
mime.types



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@942211 13f79535-47bb-0310-9956-ffa450edef68

to 2.0.x.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@923801 13f79535-47bb-0310-9956-ffa450edef68

SECURITY: CVE-2010-0434 (cve.mitre.org)
Ensure each subrequest has a shallow copy of headers_in so that the
parent request headers are not corrupted.  Elimiates a problematic
optimization in the case of no request body.

PR: 48359
Submitted by: Jake Scott, William Rowe, Ruediger Pluem
Reviewed by: wrowe, trawick, rpluem



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921910 13f79535-47bb-0310-9956-ffa450edef68

  *) SECURITY: CVE-2008-2364 (cve.mitre.org)
     mod_proxy_http: Better handling of excessive interim responses
     from origin server to prevent potential denial of service and high
     memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem,
     Joe Orton, Jim Jagielski]

Reviewed by: trawick, wrowe, rpluem



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921908 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921839 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921303 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921146 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921143 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921086 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921081 13f79535-47bb-0310-9956-ffa450edef68

to the 2.0.x branch for now.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921002 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@920995 13f79535-47bb-0310-9956-ffa450edef68

mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.

Submitted by: Brett Gervasoni <brettg senseofsecurity.com>, trawick
Reviewed by: trawick, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@920961 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@899795 13f79535-47bb-0310-9956-ffa450edef68

Translated by: Nilgün Belma Bugüner <nilgun belgeler.org>
Reviewed by:  Orhan Berent <berent belgeler.org>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@899794 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@897806 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@897805 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@896280 13f79535-47bb-0310-9956-ffa450edef68

Submitted by: HANAWA Yoshio <hanawa dino.co.jp>
Reviewed by:  takashi


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@893242 13f79535-47bb-0310-9956-ffa450edef68