git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800190 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800188 13f79535-47bb-0310-9956-ffa450edef68

Added 2.2.x convenience patch.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800186 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800176 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800124 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800112 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799717 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799715 13f79535-47bb-0310-9956-ffa450edef68

a bounds overflow condition. [wrowe]
Backports: r417252

Simplify and correctly range test lb_num. [jorton]
Discovered by Hisanobu Okuda
(No prior commit no)

Reviewed by: jorton, wrowe, ylavic



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799356 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799236 13f79535-47bb-0310-9956-ffa450edef68

mod_mime: fix quoted pair scanning


Submitted By: ylavic




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799235 13f79535-47bb-0310-9956-ffa450edef68

  *) SECURITY: CVE-2017-3167 (cve.mitre.org)
     Use of the ap_get_basic_auth_pw() by third-party modules outside of the
     authentication phase may lead to authentication requirements being
     bypassed.
     [Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener]


Submitted By: Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener
Reviewed By: covener, ylavic, wrowe



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799232 13f79535-47bb-0310-9956-ffa450edef68

  *) SECURITY: CVE-2017-3169 (cve.mitre.org)
     mod_ssl may dereference a NULL pointer when third-party modules call
     ap_hook_process_connection() during an HTTP request to an HTTPS port.
     [Yann Ylavic]


Submitted By: ylavic
Reviewed By: covener, ylavic, wrowe



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799229 13f79535-47bb-0310-9956-ffa450edef68

short-circuit on NULL

Submitted By: jchampion
Reviewed By: jchampion, wrowe, ylavic



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799228 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1798838 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797554 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797552 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797210 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797055 13f79535-47bb-0310-9956-ffa450edef68

found my system problem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797039 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1797037 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1796985 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1796964 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1796941 13f79535-47bb-0310-9956-ffa450edef68

has been reclassified in current OpenSSL releases as WEAK due to 112
or fewer bits of remaining cipher strength, while the Sweet32 disclosure
extended the criticism of RC4 on to 3DES. (IDEA, which potentially has the
same issue, is never enabled by default in OpenSSL, due to patent concerns.)

This commit does not change default httpd behavior, but alters the suggested
behavior of newly provisioned httpd servers. Where adopted, XP with IE8 will
no longer handshake with mod_ssl (previously, XP with IE6 would not handshake.)
The same net effect occurs where OpenSSL is updated to 1.1.0.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1795360 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1794165 13f79535-47bb-0310-9956-ffa450edef68

  HttpProtocolOptions from global to vhost context.

Reviewed by: jorton, wrowe, covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1783440 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1781967 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1779733 13f79535-47bb-0310-9956-ffa450edef68

the -R option has been gone for ages.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1779471 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778914 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778913 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778811 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778810 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778014 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778011 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778010 13f79535-47bb-0310-9956-ffa450edef68

CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. **



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778007 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778005 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1778000 13f79535-47bb-0310-9956-ffa450edef68