git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@780459 13f79535-47bb-0310-9956-ffa450edef68

CVE-2009-1195:

* include/http_core.h: Add back the OPT_INCNOEXEC and hide
  OPT_INC_WITH_EXEC as internal-only.

* server/core.c (ap_allow_options): Invert the returned
  OPT_INC_WITH_EXEC bit such that the exposed semantics of
  OPT_INCNOEXEC are retained.

* modules/filters/mod_include.c (includes_filter): Revert to using
  OPT_INCNOEXEC.

Submitted by: trawick, jorton
Reviewed by: jorton, trawick, rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779472 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779404 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779292 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779180 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779150 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@778447 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777213 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777194 13f79535-47bb-0310-9956-ffa450edef68

      2.0.50 which leads to bad process handling on Solaris and wasted process
           resources on all platforms.
              Trunk version (new behavior);
                     http://svn.apache.org/viewvc?view=rev&revision=775300
                            http://svn.apache.org/viewvc?view=rev&revision=775320
                               Proposed 2.2.12 patch, retaining default behavior from 2.2.11;
                                      http://people.apache.org/~wrowe/fixlog22.patch



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777193 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777192 13f79535-47bb-0310-9956-ffa450edef68

As mentioned inline in comments, correctly handle more sophisticated
transformations which currently fail for balancer://foo targets, but
work just fine with other ProxyReverse targets.

  The balancer comparison is a bit trickier.  Given the context

    BalancerMember balancer://alias http://example.com/foo
    ProxyPassReverse /bash balancer://alias/bar

  translate url http://example.com/foo/bar/that to /bash/that

E.g. there may be several different url-suffixes (1st order) of any
particular BalancerMember set e.g. /app1, /app1 and /appbeta while
there may be additional suffixes associated with the actual
ProxyPassReverse directive.  Neither were properly reversed, now
both should be properly handled.

One *critical* assumption;

    BalancerMember balancer://alias/foo http://example.com/bar

should be documented as a meaningless construct, since one cannot
have two members, balancer://alias/foo and balancer://alias/bar,
and the balancer member structures discard this path.

Note one more existing error case as an XXX comment due to invalid
uri comparisons.



* Silence compiler warning.

Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777191 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777188 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777187 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777079 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777067 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776436 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776433 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776284 13f79535-47bb-0310-9956-ffa450edef68

     support for name based virtual hosts with SSL. PR 34607


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776281 13f79535-47bb-0310-9956-ffa450edef68

* Improve and simplify the implementation of SSLProxyCheckPeerExpire by
  directly using X509_get_notBefore(), X509_get_notAfter() and
  X509_cmp_current_time().
  Thanks to jorton for the pointer.

Submitted by: rpluem
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776279 13f79535-47bb-0310-9956-ffa450edef68

o formally unstall the pcre debate


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776195 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@775757 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@775323 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@775314 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774746 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774745 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774744 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774743 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774742 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774547 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774501 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774443 13f79535-47bb-0310-9956-ffa450edef68

https://issues.apache.org/bugzilla/show_bug.cgi?id=47186 to avoid
double-escaping of URIs.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774162 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773882 13f79535-47bb-0310-9956-ffa450edef68

Reviewed By: jorton, rpluem, covener

Security fix for CVE-2009-1195: fix Options handling such that
'AllowOverride Options=IncludesNoExec' does not permit Includes with
exec= enabled to be configured in an .htaccess file:

* include/http_core.h: Change semantics of Includes/IncludeNoExec
 options bits to be additive; OPT_INCLUDES now means SSI is enabled
 without exec=.  OPT_INCLUDES|OPT_INC_WITH_EXEC means SSI is enabled
 with exec=.

* server/core.c (create_core_dir_config): Remove defunct OPT_INCNOEXEC
 from default override_opts; no functional change.
 (merge_core_dir_configs): Update logic to ensure that exec= is
 disabled in a context where IncludesNoexec is configured, even if
 Includes-with-exec is permitted in the inherited options set.
 (set_allow_opts, set_options): Update to reflect new semantics
 of OPT_INCLUDES, OPT_INC_WITH_EXEC.

* server/config.c: Update to remove OPT_INCNOEXEC from default
 override_opts; no functional change.

* modules/filters/mod_include.c (includes_filter): Update to reflect
 new options semantics - disable exec= support if the
 OPT_INC_WITH_EXEC bit is not set.

Submitted by: Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>,
         jorton
Thanks to: Vincent Danon <vdanon redhat.com>




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773881 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773880 13f79535-47bb-0310-9956-ffa450edef68

* Escape pathes of filenames in 406 responses to avoid HTML injections and
  HTTP response splitting.

PR: 46837
Submitted by: Geoff Keating <geoffk apple.com>
Reviewed by: rpluem, jim, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773354 13f79535-47bb-0310-9956-ffa450edef68

Prevent a case of SSI timefmt-smashing with filter chains including
multiple INCLUDES filters:

* modules/filters/mod_include.c (add_include_vars): Drop unused
  timefmt argument.
  (add_include_vars_lazy): Take timefmt argument.
  (get_include_var, handle_printenv): Pass time format from context.

PR: 39369

Submitted by: jorton
Reviewed by: rpluem, jim, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773352 13f79535-47bb-0310-9956-ffa450edef68

* modules/mappers/mod_rewrite.c (apply_rewrite_rule): When evaluating
  a proxy rule in directory context, do escape the filename by
  default, since mod_proxy will not escape in that case due to the
  (deliberate) fixup hook ordering.

Thanks to: rpluem
PR: 46428

Submitted by: jorton
Reviewed by: rpluem, jim, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773351 13f79535-47bb-0310-9956-ffa450edef68