]>
git.ipfire.org Git - thirdparty/apache/httpd.git/log 
Rich Bowen  [Wed, 3 Sep 2014 16:18:40 +0000  (16:18 +0000)]  
Rebuild
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1622294  13f79535 -47bb-0310-9956-
ffa450edef68 
Rich Bowen  [Wed, 3 Sep 2014 16:16:41 +0000  (16:16 +0000)]  
Merges some corrections from trunk
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1622292  13f79535 -47bb-0310-9956-
ffa450edef68 
Christophe Jaillet  [Mon, 1 Sep 2014 14:45:03 +0000  (14:45 +0000)]  
Proposal
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1621812  13f79535 -47bb-0310-9956-
ffa450edef68 
Jim Jagielski  [Sun, 31 Aug 2014 16:09:08 +0000  (16:09 +0000)]  
Merge r1618541 from trunk:
Avoid useless warning message when parsing a section guarded by <IfDefine foo> if $(foo) is used within the section.
PR 56503
Submitted by: jailletc36
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1621603  13f79535 -47bb-0310-9956-
ffa450edef68 
Jim Jagielski  [Sun, 31 Aug 2014 16:08:33 +0000  (16:08 +0000)]  
Merge r1618401 from trunk:
mod_proxy_fcgi: Fix faulty logging of large amounts of stderr from the
application.
PR: 56858
Submitted by: Manuel Mausz <manuel-asf mausz.at>
Reviewed by: trawick
Submitted by: trawick
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1621602  13f79535 -47bb-0310-9956-
ffa450edef68 
Jim Jagielski  [Sun, 31 Aug 2014 16:07:45 +0000  (16:07 +0000)]  
Merge r1615289, r1620324 from trunk:
PR53420: Proxy responses with error status and
"ProxyErrorOverride On" hang until proxy timeout.
Regression from 2.2. It was introduced by r912063
in order to fix PR41646.
Switch preference for headers, Transfer-Encoding
first, Content-Length second.
Addition to r1615289.
Submitted by: rjung
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1621601  13f79535 -47bb-0310-9956-
ffa450edef68 
Jim Jagielski  [Sun, 31 Aug 2014 16:06:36 +0000  (16:06 +0000)]  
Merge r1615026 from trunk:
Turn some APR_BUCKET_REMOVE(e)+apr_bucket_destroy(e) into the equivalent apr_bucket_delete(e) to reduce code verbosity
Submitted by: jailletc36
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1621600  13f79535 -47bb-0310-9956-
ffa450edef68 
Guenter Knauf  [Sun, 31 Aug 2014 13:16:11 +0000  (13:16 +0000)]  
Fix NetWare build: set NLM version with commandline option
instead of linker def file due to bug with mwldnlm linker
where patch version > 26 is ignored from def file.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1621588  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Sun, 31 Aug 2014 01:28:37 +0000  (01:28  +0000)]  
mention weird looking ^xx formats in mod_log_config backported as
part of the trailers fix
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1621552  13f79535 -47bb-0310-9956-
ffa450edef68 
Christophe Jaillet  [Sat, 30 Aug 2014 20:08:36 +0000  (20:08 +0000)]  
Fix PR number
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1621534  13f79535 -47bb-0310-9956-
ffa450edef68 
Lucien Gentis  [Sat, 30 Aug 2014 13:14:48 +0000  (13:14 +0000)]  
Rebuild.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1621457  13f79535 -47bb-0310-9956-
ffa450edef68 
Lucien Gentis  [Sat, 30 Aug 2014 13:13:32 +0000  (13:13 +0000)]  
XML update.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1621456  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Sat, 30 Aug 2014 13:06:03 +0000  (13:06 +0000)]  
propose mod_cache 304 fix
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1621455  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Sat, 30 Aug 2014 12:47:16 +0000  (12:47 +0000)]  
vote
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1621451  13f79535 -47bb-0310-9956-
ffa450edef68 
Jim Jagielski  [Wed, 27 Aug 2014 16:37:58 +0000  (16:37 +0000)]  
Merge r1620932 from trunk:
Make up-to-date
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1620933  13f79535 -47bb-0310-9956-
ffa450edef68 
Yann Ylavic  [Wed, 27 Aug 2014 09:38:27 +0000  (09:38 +0000)]  
Vote PR53420's fix.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1620834  13f79535 -47bb-0310-9956-
ffa450edef68 
Jan Kaluža  [Wed, 27 Aug 2014 06:55:47 +0000  (06:55 +0000)]  
propose r1527509
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1620782  13f79535 -47bb-0310-9956-
ffa450edef68 
Rainer Jung  [Mon, 25 Aug 2014 13:47:04 +0000  (13:47 +0000)]  
Add a second patch to proposal.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1620325  13f79535 -47bb-0310-9956-
ffa450edef68 
André Malo  [Sat, 23 Aug 2014 20:19:04 +0000  (20:19 +0000)]  
update transformation
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1620072  13f79535 -47bb-0310-9956-
ffa450edef68 
Lucien Gentis  [Sat, 23 Aug 2014 11:18:28 +0000  (11:18 +0000)]  
Rebuild.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1620005  13f79535 -47bb-0310-9956-
ffa450edef68 
Lucien Gentis  [Sat, 23 Aug 2014 11:17:04 +0000  (11:17 +0000)]  
XML updates.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1620004  13f79535 -47bb-0310-9956-
ffa450edef68 
William A. Rowe Jr  [Fri, 22 Aug 2014 18:18:54 +0000  (18:18 +0000)]  
Sync docs to r1619884
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1619885  13f79535 -47bb-0310-9956-
ffa450edef68 
William A. Rowe Jr  [Fri, 22 Aug 2014 18:18:08 +0000  (18:18 +0000)]  
SECURITY: CVE-2013-5704 (cve.mitre.org)
core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
otherwise confusing modules that examined or modified
request headers earlier.  Adds "MergeTrailers" directive to restore
legacy behavior.
Submitted by: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener
Backports: r1610814
Reviewed by: covener, wrowe, ylavic
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1619884  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Thu, 21 Aug 2014 15:36:11 +0000  (15:36 +0000)]  
premature
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1619447  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Thu, 21 Aug 2014 13:17:27 +0000  (13:17 +0000)]  
propose deflate tweak
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1619387  13f79535 -47bb-0310-9956-
ffa450edef68 
Yann Ylavic  [Thu, 21 Aug 2014 13:00:36 +0000  (13:00 +0000)]  
Votes.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1619381  13f79535 -47bb-0310-9956-
ffa450edef68 
Christophe Jaillet  [Tue, 19 Aug 2014 20:14:20 +0000  (20:14 +0000)]  
Fix typo noticed by GilDawson
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1618966  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Tue, 19 Aug 2014 12:45:51 +0000  (12:45 +0000)]  
propose simple authz_core fix
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1618852  13f79535 -47bb-0310-9956-
ffa450edef68 
Christophe Jaillet  [Mon, 18 Aug 2014 06:46:17 +0000  (06:46 +0000)]  
Propose
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1618547  13f79535 -47bb-0310-9956-
ffa450edef68 
Jeff Trawick  [Sat, 16 Aug 2014 19:18:34 +0000  (19:18 +0000)]  
simple mod_proxy_fcgi fix
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1618402  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Sun, 10 Aug 2014 00:45:02 +0000  (00:45  +0000)]  
propose silencing of ratelimit errors
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1617035  13f79535 -47bb-0310-9956-
ffa450edef68 
Lucien Gentis  [Sat, 9 Aug 2014 15:00:07 +0000  (15:00 +0000)]  
Rebuild.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1616962  13f79535 -47bb-0310-9956-
ffa450edef68 
Lucien Gentis  [Sat, 9 Aug 2014 14:58:51 +0000  (14:58 +0000)]  
XML update.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1616960  13f79535 -47bb-0310-9956-
ffa450edef68 
Mike Rumph  [Thu, 7 Aug 2014 01:05:23 +0000  (01:05  +0000)]  
Some doc changes for mod_authnz_fcgi.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1616382  13f79535 -47bb-0310-9956-
ffa450edef68 
Mike Rumph  [Thu, 7 Aug 2014 00:35:23 +0000  (00:35  +0000)]  
Generated doc changes.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1616380  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Sat, 2 Aug 2014 20:19:42 +0000  (20:19 +0000)]  
use /var/log instead of /var/logs in examples
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1615363  13f79535 -47bb-0310-9956-
ffa450edef68 
Rainer Jung  [Sat, 2 Aug 2014 18:46:14 +0000  (18:46 +0000)]  
Propose.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1615346  13f79535 -47bb-0310-9956-
ffa450edef68 
Christophe Jaillet  [Fri, 1 Aug 2014 04:29:31 +0000  (04:29  +0000)]  
Propose
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1615029  13f79535 -47bb-0310-9956-
ffa450edef68 
Christophe Jaillet  [Wed, 30 Jul 2014 04:25:54 +0000  (04:25  +0000)]  
Fix typo spotted in comment #2818
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1614541  13f79535 -47bb-0310-9956-
ffa450edef68 
Lucien Gentis  [Sat, 26 Jul 2014 18:49:32 +0000  (18:49 +0000)]  
Rebuild.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1613702  13f79535 -47bb-0310-9956-
ffa450edef68 
Lucien Gentis  [Sat, 26 Jul 2014 18:48:36 +0000  (18:48 +0000)]  
XML updates.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1613701  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Sat, 26 Jul 2014 17:02:01 +0000  (17:02 +0000)]  
fix a 2.4.10 regression in mod_ldap (noticed by me in a very obscure test case)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1613684  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Fri, 25 Jul 2014 22:24:33 +0000  (22:24 +0000)]  
Merge r1613526 from trunk:
no status during if_walk
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1613527  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Fri, 25 Jul 2014 22:21:01 +0000  (22:21 +0000)]  
Merge r1613524 from trunk:
call out some variables that aren't set during <if>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1613525  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Thu, 24 Jul 2014 22:46:12 +0000  (22:46 +0000)]  
Merge r1613318 from trunk:
two commenters were confused authnprovideralias
providing special config to authz providers
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1613319  13f79535 -47bb-0310-9956-
ffa450edef68 
Rainer Jung  [Mon, 21 Jul 2014 13:05:10 +0000  (13:05 +0000)]  
Applied in r1611758.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1612259  13f79535 -47bb-0310-9956-
ffa450edef68 
Lucien Gentis  [Sun, 20 Jul 2014 14:28:58 +0000  (14:28 +0000)]  
Rebuild.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1612095  13f79535 -47bb-0310-9956-
ffa450edef68 
Lucien Gentis  [Sun, 20 Jul 2014 14:27:06 +0000  (14:27 +0000)]  
XML updates.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1612093  13f79535 -47bb-0310-9956-
ffa450edef68 
Christophe Jaillet  [Sun, 20 Jul 2014 09:44:48 +0000  (09:44 +0000)]  
Propose
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1612069  13f79535 -47bb-0310-9956-
ffa450edef68 
Lucien Gentis  [Sat, 19 Jul 2014 17:47:34 +0000  (17:47 +0000)]  
Rebuild.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611933  13f79535 -47bb-0310-9956-
ffa450edef68 
Lucien Gentis  [Sat, 19 Jul 2014 17:46:23 +0000  (17:46 +0000)]  
XML Updates.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611931  13f79535 -47bb-0310-9956-
ffa450edef68 
Christophe Jaillet  [Sat, 19 Jul 2014 17:33:08 +0000  (17:33 +0000)]  
Propose
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611928  13f79535 -47bb-0310-9956-
ffa450edef68 
Christophe Jaillet  [Sat, 19 Jul 2014 17:22:30 +0000  (17:22 +0000)]  
Fix doxygen comments.
In trunk: r1611210 , r1611252, r1611481, r1611919
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611925  13f79535 -47bb-0310-9956-
ffa450edef68 
Christophe Jaillet  [Sat, 19 Jul 2014 09:40:42 +0000  (09:40 +0000)]  
Propose
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611867  13f79535 -47bb-0310-9956-
ffa450edef68 
André Malo  [Fri, 18 Jul 2014 21:42:08 +0000  (21:42 +0000)]  
fix latex build
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611814  13f79535 -47bb-0310-9956-
ffa450edef68 
André Malo  [Fri, 18 Jul 2014 20:11:11 +0000  (20:11 +0000)]  
update transformation
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611788  13f79535 -47bb-0310-9956-
ffa450edef68 
Rainer Jung  [Fri, 18 Jul 2014 18:33:46 +0000  (18:33 +0000)]  
Merge r1611600 from trunk:
Silence compiler warning:
mod_authnz_fcgi.c:580:44: warning: 'orspbuflen'
may be used uninitialized in this function.
Not true but annoying.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611758  13f79535 -47bb-0310-9956-
ffa450edef68 
Daniel Gruno  [Fri, 18 Jul 2014 18:15:42 +0000  (18:15 +0000)]  
backport for mod_lua: Don't quote values in cookies; Make IE happy again [#56734]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611744  13f79535 -47bb-0310-9956-
ffa450edef68 
William A. Rowe Jr  [Fri, 18 Jul 2014 17:05:03 +0000  (17:05 +0000)]  
Yes
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611715  13f79535 -47bb-0310-9956-
ffa450edef68 
Jeff Trawick  [Fri, 18 Jul 2014 16:43:10 +0000  (16:43 +0000)]  
just make it shut up
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611707  13f79535 -47bb-0310-9956-
ffa450edef68 
William A. Rowe Jr  [Fri, 18 Jul 2014 15:42:31 +0000  (15:42 +0000)]  
Vote up, note patch (non-2.2) for defect identified by Yann
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611677  13f79535 -47bb-0310-9956-
ffa450edef68 
Rainer Jung  [Fri, 18 Jul 2014 11:46:00 +0000  (11:46 +0000)]  
Propose.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611603  13f79535 -47bb-0310-9956-
ffa450edef68 
Rainer Jung  [Fri, 18 Jul 2014 11:29:17 +0000  (11:29 +0000)]  
Fix typo.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611595  13f79535 -47bb-0310-9956-
ffa450edef68 
Christophe Jaillet  [Fri, 18 Jul 2014 05:54:17 +0000  (05:54  +0000)]  
Backport r1513461 to fix some Doxygen warnings/comments, except for the following files which rely on other patches which have not been backported yet:
   - ap_mpm.h: r1493741
   - http_log.h: r1512819
   - httpd.h: r1426877
   - mpm_common.h: which is already in synch with 2.4
So only mpm_var_buf.h remains. This is however needed in order to backport other doxygen clean-up.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611541  13f79535 -47bb-0310-9956-
ffa450edef68 
Christophe Jaillet  [Wed, 16 Jul 2014 22:11:33 +0000  (22:11 +0000)]  
Improve doxygen comment.
Improve layout, add trailing '.' in function description, remove unneeded @fn.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611203  13f79535 -47bb-0310-9956-
ffa450edef68 
William A. Rowe Jr  [Wed, 16 Jul 2014 21:18:39 +0000  (21:18 +0000)]  
Repaginate some short/long entries
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611194  13f79535 -47bb-0310-9956-
ffa450edef68 
William A. Rowe Jr  [Wed, 16 Jul 2014 20:26:20 +0000  (20:26 +0000)]  
Propose utf-8 service names for winnt
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1611178  13f79535 -47bb-0310-9956-
ffa450edef68 
Rainer Jung  [Wed, 16 Jul 2014 06:06:01 +0000  (06:06 +0000)]  
Add compatibility note.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610915  13f79535 -47bb-0310-9956-
ffa450edef68 
Christophe Jaillet  [Tue, 15 Jul 2014 20:11:14 +0000  (20:11 +0000)]  
Propose
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610834  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Tue, 15 Jul 2014 19:15:14 +0000  (19:15 +0000)]  
propose trailers fix, didn't make the cut for 2.4.10 because I had backpor troubles.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610816  13f79535 -47bb-0310-9956-
ffa450edef68 
Jim Jagielski  [Tue, 15 Jul 2014 17:14:08 +0000  (17:14 +0000)]  
And we are at 2.4.11-dev
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610760  13f79535 -47bb-0310-9956-
ffa450edef68 
Jim Jagielski  [Tue, 15 Jul 2014 17:12:30 +0000  (17:12 +0000)]  
Get ready to tag 2.4.10
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610757  13f79535 -47bb-0310-9956-
ffa450edef68 
Jim Jagielski  [Tue, 15 Jul 2014 16:47:19 +0000  (16:47 +0000)]  
xforms
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610749  13f79535 -47bb-0310-9956-
ffa450edef68 
Jim Jagielski  [Tue, 15 Jul 2014 16:41:48 +0000  (16:41 +0000)]  
We know this will happen today :)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610748  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Tue, 15 Jul 2014 16:36:11 +0000  (16:36 +0000)]  
change attribution to Ben
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610745  13f79535 -47bb-0310-9956-
ffa450edef68 
Joe Orton  [Tue, 15 Jul 2014 16:20:10 +0000  (16:20 +0000)]  
CVE-2014-0117 done, the simple/dumb way.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610741  13f79535 -47bb-0310-9956-
ffa450edef68 
Joe Orton  [Tue, 15 Jul 2014 16:12:46 +0000  (16:12 +0000)]  
Expand -0117 text a bit and credit Eric who wrote the
one-liner down first ;)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610738  13f79535 -47bb-0310-9956-
ffa450edef68 
Jim Jagielski  [Tue, 15 Jul 2014 16:11:04 +0000  (16:11 +0000)]  
mod_proxy Connection handling crasher, CVE-2014-0117
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610737  13f79535 -47bb-0310-9956-
ffa450edef68 
Jim Jagielski  [Tue, 15 Jul 2014 16:07:44 +0000  (16:07 +0000)]  
promote
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610736  13f79535 -47bb-0310-9956-
ffa450edef68 
Jeff Trawick  [Tue, 15 Jul 2014 16:03:02 +0000  (16:03 +0000)]  
+1, Joe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610733  13f79535 -47bb-0310-9956-
ffa450edef68 
Jim Jagielski  [Tue, 15 Jul 2014 14:13:36 +0000  (14:13 +0000)]  
Really really think "rushing" this is not wise...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610704  13f79535 -47bb-0310-9956-
ffa450edef68 
Yann Ylavic  [Tue, 15 Jul 2014 14:04:16 +0000  (14:04 +0000)]  
Vote for Connection header's RFC compliance.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610701  13f79535 -47bb-0310-9956-
ffa450edef68 
Joe Orton  [Tue, 15 Jul 2014 13:33:37 +0000  (13:33 +0000)]  
Collect -0117 patches... can I make conditional votes?
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610691  13f79535 -47bb-0310-9956-
ffa450edef68 
Yann Ylavic  [Tue, 15 Jul 2014 12:14:07 +0000  (12:14 +0000)]  
Fix CHANGES entry from r1587201.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610670  13f79535 -47bb-0310-9956-
ffa450edef68 
Jeff Trawick  [Tue, 15 Jul 2014 11:41:28 +0000  (11:41 +0000)]  
Fix CVE number for WinNT MPM issue (Thanks Joe)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610661  13f79535 -47bb-0310-9956-
ffa450edef68 
Jeff Trawick  [Tue, 15 Jul 2014 11:17:49 +0000  (11:17 +0000)]  
Merge r1610652 from trunk:
SECURITY (CVE-2014-3523): Fix a memory consumption denial of
service in the WinNT MPM used in all Windows installations.
Workaround: AcceptFilter <protocol> {none|connect}
Submitted by: trawick
Reviewed by: jorton, covener, jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610653  13f79535 -47bb-0310-9956-
ffa450edef68 
Jeff Trawick  [Tue, 15 Jul 2014 10:52:07 +0000  (10:52 +0000)]  
clarify new use of Timeout for scripts
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610641  13f79535 -47bb-0310-9956-
ffa450edef68 
Christophe Jaillet  [Mon, 14 Jul 2014 20:48:32 +0000  (20:48 +0000)]  
Add missing APLOGNO + fix a typo in a comment
r1610518 in trunk
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610522  13f79535 -47bb-0310-9956-
ffa450edef68 
Jeff Trawick  [Mon, 14 Jul 2014 20:42:54 +0000  (20:42 +0000)]  
"CGIDScriptTimeout", not "CGIDRequestTimeout"
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610517  13f79535 -47bb-0310-9956-
ffa450edef68 
Joe Orton  [Mon, 14 Jul 2014 20:35:27 +0000  (20:35 +0000)]  
Credit/blame where it's due.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610516  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Mon, 14 Jul 2014 20:23:27 +0000  (20:23 +0000)]  
add CGIDRequestTimeout to CHANGES
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610514  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Mon, 14 Jul 2014 20:18:26 +0000  (20:18 +0000)]  
merge r1535125 and r1610509 from trunk:
    *) SECURITY: CVE-2014-0231 (cve.mitre.org)
       mod_cgid: Fix a denial of service against CGI scripts that do
       not consume stdin that could lead to lingering HTTPD child processes
       filling up the scoreboard and eventually hanging the server.
       [Rainer Jung, Eric Covener, Yann Ylavic]
Submitted By: rjung, covener, ylavic
Reviewed By: trawick, jorton, covener, jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610512  13f79535 -47bb-0310-9956-
ffa450edef68 
Eric Covener  [Mon, 14 Jul 2014 20:01:30 +0000  (20:01 +0000)]  
backport r1610501 from trunk:
      *) SECURITY: CVE-2014-0118 (cve.mitre.org)
         mod_deflate: The DEFLATE input filter (inflates request bodies) now
         limits the length and compression ratio of inflated request bodies to avoid
         denial of sevice via highly compressed bodies.  See directives
         DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
         and DeflateInflateRatioBurst.
    Thanks to Giancarlo Pellegrino and Davide Balzarotti for reporting the issue.
Submitted By: ylavic, covener
Reviewed By: jorton, covener, jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610503  13f79535 -47bb-0310-9956-
ffa450edef68 
Joe Orton  [Mon, 14 Jul 2014 19:55:04 +0000  (19:55 +0000)]  
Merge 
1610491  from trunk:
SECURITY (CVE-2014-0226): Fix a race condition in scoreboard handling,
which could lead to a heap buffer overflow.  Thanks to Marek Kroemeke
working with HP's Zero Day Initiative for reporting this.
* include/scoreboard.h: Add ap_copy_scoreboard_worker.
* server/scoreboard.c (ap_copy_scoreboard_worker): New function.
* modules/generators/mod_status.c (status_handler): Use it.
* modules/lua/lua_request.c (lua_ap_scoreboard_worker): Likewise.
Reviewed by: trawick, jorton, covener, jim
Submitted by: jorton, covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610499  13f79535 -47bb-0310-9956-
ffa450edef68 
Joe Orton  [Mon, 14 Jul 2014 19:36:38 +0000  (19:36 +0000)]  
Note CVE name for mod_cache crasher fixed in 2.4.7.
This issue affected httpd versions 2.4.5 and 2.4.6 only.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610495  13f79535 -47bb-0310-9956-
ffa450edef68 
Joe Orton  [Mon, 14 Jul 2014 12:29:51 +0000  (12:29 +0000)]  
Done.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610400  13f79535 -47bb-0310-9956-
ffa450edef68 
Joe Orton  [Mon, 14 Jul 2014 12:29:22 +0000  (12:29 +0000)]  
Merge 
1610311  from trunk:
Extend the scope of SSLSessionCacheTimeout to sessions
resumed by TLS session resumption (RFC 5077).
Submitted by: rjung
Reviewed by: rjung, ylavic, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610399  13f79535 -47bb-0310-9956-
ffa450edef68 
Joe Orton  [Mon, 14 Jul 2014 12:27:53 +0000  (12:27 +0000)]  
Vote, promote.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610398  13f79535 -47bb-0310-9956-
ffa450edef68 
Jim Jagielski  [Mon, 14 Jul 2014 12:09:21 +0000  (12:09 +0000)]  
Merge r1572896, r1572911 from trunk:
mod_deflate:
Don't fail when asked to flush inflated data to the user-agent and that
coincides with the end of stream ("Zlib error flushing inflate buffer").
PR 56196.
Submitted By: [Christoph Fausak <christoph.fausak glueckkanja com>]
Committed By: ylavic
mod_deflate: follows up r1572896.
Be safe from successive or post end-of-stream flush buckets.
Submitted by: ylavic
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610397  13f79535 -47bb-0310-9956-
ffa450edef68 
Jim Jagielski  [Mon, 14 Jul 2014 12:07:55 +0000  (12:07 +0000)]  
Merge r1452551, r1607960 from trunk:
PR54587: LDAP connections used for authn were not respecting
LDAPConnectionPoolTimeout due to confusion over what "bound" means.
Added some LDAP trace at TRACE5 to track how LDAP connections are
reused and rebound.
make LDAPConnectionPoolTTL more conservative, use r->request_time rather than
end-of-request time, and only update it after a round-trip with the LDAP
server rather than every time we check back into the pool.
Submitted by: covener
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610396  13f79535 -47bb-0310-9956-
ffa450edef68