Checkout Tools
  • last updated 5 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Merge from trunk:

*) SECURITY: CVE-2017-3167 (

Use of the ap_get_basic_auth_pw() by third-party modules outside of the

authentication phase may lead to authentication requirements being


[Emmanuel Dreyfus <manu>, Jacob Champion, Eric Covener]

Submitted By: Emmanuel Dreyfus <manu>, Jacob Champion, Eric Covener

Reviewed By: covener, ylavic, wrowe

  1. … 5 more files in changeset.
* core: add filesystem paths to some common error messages.

Backports: r1301504

Submitted by: covener

Reviewed by: rjung, trawick, wrowe

  1. … 2 more files in changeset.
Comment spelling fix.


Backport of r1368131 from trunk resp.

r1371935 from 2.4.x.

  1. … 1 more file in changeset.
restore ABI break in r1082630, changed signature of ap_unescape_url_keep2f().

Reviewed By: covener, wrowe, trawick

  1. … 3 more files in changeset.
Backport r1082196 from trunk:

core: AllowEncodedSlashes new option NoDecode to allow encoded slashes

in request URL path info but not decode them.

PR: 35256, 46830

Reviewed by: jim, covener

  1. … 10 more files in changeset.
Merge r632947, r633174 from trunk:

core: fix SymlinksIfOwnerMatch checking:

(1) Fix Origin checking (PR 36783 - Robert L Mathews)

(2) Check ownership if both FollowSymlinks and SymlinksIfOwnerMatch are set

* lfi is already a pointer in contrast fi which was used before.

Reviewed/backported by: jim

  1. … 2 more files in changeset.
* Remove stray '"' that was introduced in r962991 by accident and caused

the compiler to fail.

Improve misleading error message.

PR 38322

  1. … 1 more file in changeset.
PR 45959

  1. … 1 more file in changeset.
Merge r579664 from trunk:

Reinstate location walk for subrequests

PR 41960 (Jose Kahan)

Submitted by: niq

Reviewed by: jim

  1. … 1 more file in changeset.
Backport trivial cleanups

  1. … 7 more files in changeset.
merge from trunk:

core: Correct a regression since 2.0.x in the handling of AllowOverride


PR: 41829

Submitted by: Torsten Förtsch <torsten.foertsch>

Reviewed by: niq, rpluem, trawick

  1. … 2 more files in changeset.
update license header text
  1. … 339 more files in changeset.
Revert r395231 from the 2.2.x branch. This gets us back to the old place with regard to the copyright statements.

  1. … 828 more files in changeset.
Update the last year of copyright for the 2.2.x branch

  1. … 828 more files in changeset.
No functional change: remove trailing whitespace. This also means

that "blank" lines, which had consisted of just spaces

and/or tabs are now truly blank lines

  1. … 175 more files in changeset.
No functional change: detab all indenting to be consistent

with our formatting standards.

  1. … 69 more files in changeset.
Backport 295141

Pay close attention to core_create_req() ... and note

that not one other member of the r->vars is initialized

herein. Move this initialization elsewhere.

(If this is the 'default' - it really aught to be the

zero value, for that matter).

  1. … 2 more files in changeset.
Merge r293364 from trunk.

Backport the Doxygen changes to the 2.2.x branch. No functional changes,

however backporting these doxygen fixes makes it significantly easier to diff

trunk and the 2.2.x branch, to sort out what's what. And we might as well

release with nicer doxygen markup.

Submitted by: Neale Ranns <neale>

Reviewed by: Ian Holsman

  1. … 102 more files in changeset.
Merge r291588, r291672 and r291914 from trunk; make mod_dir and mod_cache

play nice together.

  1. … 4 more files in changeset.
Merge r291120 from trunk:

* server/request.c (core_opts_merge): When AllowOverride is specified

for the directory, ignore the inherited override_opts field.

PR: 35330

Submitted by: kabe <kabe>

Reviewed by: jorton

  1. … 1 more file in changeset.
Merge r280018 from trunk:

Any failure in apr_stat on a symlink currently gives

"Symbolic link not allowed", which results in much head-scratching

if the actual problem is a broken link of some sort. The real

fix would be to propogate the correct apr_stat error into the

error log, but that would require more refactoring than I'm

prepared to do. This change simply expands the error message

to include both possibilities. It improves the situation for

PR28515 but does not solve it.