jchampion in httpd

vulns page: replace obsolete <a> anchor with id

HTML5 browsers now complain about the anchor idiom (both the empty <a/>

tag and the use of the obsolete name attribute). Now that we have a

header element, give that an id instead.

CSS: apply dd paragraph margins to dd tables

This indents the vulnerability page tables appropriately.

httpdunit: merge CVE-2017-9788 regression tests from feature branch
    • ?
CVE-2017-9788: add unit tests for get_digest_rec()

Including the module source is a dirty hack, but maybe the direct way is

best for now. More functional tests are still TODO.

Propose. merge typo fix from test-integration branch fix MPM_MODULES typo (in check-conf) fix MPM_MODULES typo
CHANGES: note mod_lua compatibility break
mod_lua: revert apr_table compatibility test

Don't keep the code if we're not keeping apr_table; it's just cruft.

Vote/promote another.
mod_negotiation: add Accept variant tests

Also remove the duplicated config in the comments.

mod_lua: add apr_table compatibility test

We might back this out later, if we decide not to keep the

(undocumented) global variable.

Vote/promote one.
mod_lua: add some tests for the header table functionality
PR61202: add virtual_script note back to backport (un-revert)

Per ML discussion; thanks to Jim for pointing this out.

Propose showstopper.
proxy_fcgi: remove FPM-specific logic

Reverts r1780328, r1780329, and their associated followups, which

incorrectly manipulated SCRIPT_NAME by default. All proxy_fcgi.t

regression tests now pass.

PR: 61202

Vote, promote.
Vote, promote.

Added 2.2.x convenience patch.

proxy_fcgi.t: missing file; fix previous commit
proxy_fcgi.t: add Action regression test

Note that this is meant only as a compatibility regression test, to keep

some poor soul from accidentally forgetting about it and busting it. I'm

not able to find a backend yet that works with this config.

proxy_fcgi.t: fix comment

SCRIPT_FILENAME isn't part of the CGI spec; that's half the issue.

proxy_fcgi.t: add rewrite-PATH_INFO-to-script regression case

This the case that prompted reversion to 2.4.20 behavior.

proxy_fcgi: add GENERIC backend type regression tests

For PR59618 and the followup PR59815.

proxy_fcgi: add regression test for PR61202

Also refactor the FCGI backend daemon and envvar-echo request into a

callable subroutine.

CVE-2017-7659: add regression test
    • ?