updates

Apache24/ABOUT_APACHE.txt

+
+                     The Apache HTTP Server Project
+
+                        http://httpd.apache.org/
+
+The Apache HTTP Server Project is a collaborative software development effort
+aimed at creating a robust, commercial-grade, featureful, and freely-available
+source code implementation of an HTTP (Web) server. The project is jointly 
+managed by a group of volunteers located around the world, using the Internet
+and the Web to communicate, plan, and develop the server and its related 
+documentation. In addition, hundreds of users have contributed ideas, code, 
+and documentation to the project.
+
+This file is intended to briefly describe the history of the Apache Group (as 
+it was called in the early days), recognize the many contributors, and explain
+how you can join the fun too.
+
+In February of 1995, the most popular server software on the Web was the
+public domain HTTP daemon developed by Rob McCool at the National Center
+for Supercomputing Applications, University of Illinois, Urbana-Champaign.
+However, development of that httpd had stalled after Rob left NCSA in
+mid-1994, and many webmasters had developed their own extensions and bug
+fixes that were in need of a common distribution. A small group of these
+webmasters, contacted via private e-mail, gathered together for the purpose
+of coordinating their changes (in the form of "patches"). Brian Behlendorf
+and Cliff Skolnick put together a mailing list, shared information space,
+and logins for the core developers on a machine in the California Bay Area,
+with bandwidth and diskspace donated by HotWired and Organic Online.
+By the end of February, eight core contributors formed the foundation
+of the original Apache Group:
+
+   Brian Behlendorf        Roy T. Fielding          Rob Hartill
+   David Robinson          Cliff Skolnick           Randy Terbush
+   Robert S. Thau          Andrew Wilson
+
+with additional contributions from
+
+   Eric Hagberg            Frank Peters             Nicolas Pioch
+
+Using NCSA httpd 1.3 as a base, we added all of the published bug fixes
+and worthwhile enhancements we could find, tested the result on our own
+servers, and made the first official public release (0.6.2) of the Apache
+server in April 1995. By coincidence, NCSA restarted their own development
+during the same period, and Brandon Long and Beth Frank of the NCSA Server
+Development Team joined the list in March as honorary members so that the
+two projects could share ideas and fixes.
+
+The early Apache server was a big hit, but we all knew that the codebase
+needed a general overhaul and redesign. During May-June 1995, while
+Rob Hartill and the rest of the group focused on implementing new features
+for 0.7.x (like pre-forked child processes) and supporting the rapidly growing
+Apache user community, Robert Thau designed a new server architecture
+(code-named Shambhala) which included a modular structure and API for better
+extensibility, pool-based memory allocation, and an adaptive pre-forking
+process model. The group switched to this new server base in July and added
+the features from 0.7.x, resulting in Apache 0.8.8 (and its brethren)
+in August.
+
+After extensive beta testing, many ports to obscure platforms, a new set
+of documentation (by David Robinson), and the addition of many features
+in the form of our standard modules, Apache 1.0 was released on
+December 1, 1995.
+
+Less than a year after the group was formed, the Apache server passed
+NCSA's httpd as the #1 server on the Internet.
+
+The survey by Netcraft (http://www.netcraft.com/survey/) shows that Apache
+is today more widely used than all other web servers combined.
+
+ ============================================================================
+
+The current project management committe of the Apache HTTP Server
+project (as of March, 2011) is:
+
+    Aaron Bannert       André Malo              Astrid Stolper
+    Ben Laurie          Bojan Smojver           Brad Nicholes
+    Brian Havard        Brian McCallister       Chris Darroch
+    Chuck Murcko        Colm MacCárthaigh       Dan Poirier
+    Dirk-Willem van Gulik                       Doug MacEachern     
+    Eric Covener        Erik Abele              Graham Dumpleton    
+    Graham Leggett      Greg Ames               Greg Stein 
+    Gregory Trubetskoy  Guenter Knauf           Issac Goldstand     
+    Jeff Trawick        Jim Gallacher           Jim Jagielski      
+    Joe Orton           Joe Schaefer            Joshua Slive
+    Justin Erenkrantz   Ken Coar                Lars Eilebrecht
+    Manoj Kasichainula  Marc Slemko             Mark J. Cox
+    Martin Kraemer      Maxime Petazzoni        Nick Kew
+    Nicolas Lehuen      Noirin Shirley          Paul Querna
+    Philip M. Gollucci  Ralf S. Engelschall     Randy Kobes
+    Rasmus Lerdorf      Rich Bowen              Roy T. Fielding
+    Rüdiger Plüm        Sander Striker          Sander Temm
+    Stefan Fritsch      Tony Stevenson          Victor J. Orlikowski
+    Wilfredo Sanchez    William A. Rowe Jr.     Yoshiki Hayashi     
+
+Other major contributors
+
+   Howard Fear (mod_include), Florent Guillaume (language negotiation),
+   Koen Holtman (rewrite of mod_negotiation),
+   Kevin Hughes (creator of all those nifty icons),
+   Brandon Long and Beth Frank (NCSA Server Development Team, post-1.3),
+   Ambarish Malpani (Beginning of the NT port),
+   Rob McCool (original author of the NCSA httpd 1.3),
+   Paul Richards (convinced the group to use remote CVS after 1.0),
+   Garey Smiley (OS/2 port), Henry Spencer (author of the regex library).
+
+Many 3rd-party modules, frequently used and recommended, are also
+freely-available and linked from the related projects page:
+<http://modules.apache.org/>, and their authors frequently
+contribute ideas, patches, and testing.
+
+Hundreds of people have made individual contributions to the Apache
+project. Patch contributors are listed in the CHANGES file.
+
+ ============================================================================
+
+How to become involved in the Apache project
+
+There are several levels of contributing. If you just want to send
+in an occasional suggestion/fix, then you can just use the bug reporting
+form at <http://httpd.apache.org/bug_report.html>. You can also subscribe
+to the announcements mailing list (announce-subscribe@httpd.apache.org) which
+we use to broadcast information about new releases, bugfixes, and upcoming
+events. There's a lot of information about the development process (much of
+it in serious need of updating) to be found at <http://httpd.apache.org/dev/>.
+
+If you'd like to become an active contributor to the Apache project (the
+group of volunteers who vote on changes to the distributed server), then
+you need to start by subscribing to the dev@httpd.apache.org mailing list.
+One warning though: traffic is high, 1000 to 1500 messages/month.
+To subscribe to the list, send an email to dev-subscribe@httpd.apache.org.
+We recommend reading the list for a while before trying to jump in to 
+development.
+
+   NOTE: The developer mailing list (dev@httpd.apache.org) is not
+   a user support forum; it is for people actively working on development
+   of the server code and documentation, and for planning future
+   directions. If you have user/configuration questions, send them
+   to users list <http://httpd.apache.org/userslist> or to the USENET
+   newsgroup "comp.infosystems.www.servers.unix".or for windows users,
+   the newsgroup "comp.infosystems.www.servers.ms-windows".
+
+There is a core group of contributors (informally called the "core")
+which was formed from the project founders and is augmented from time
+to time when core members nominate outstanding contributors and the
+rest of the core members agree. The core group focus is more on
+"business" issues and limited-circulation things like security problems
+than on mainstream code development. The term "The Apache Group"
+technically refers to this core of project contributors.
+
+The Apache project is a meritocracy--the more work you have done, the more
+you are allowed to do. The group founders set the original rules, but
+they can be changed by vote of the active members. There is a group
+of people who have logins on our server (apache.org) and access to the
+svn repository.  Everyone has access to the svn snapshots.  Changes to
+the code are proposed on the mailing list and usually voted on by active
+members--three +1 (yes votes) and no -1 (no votes, or vetoes) are needed
+to commit a code change during a release cycle; docs are usually committed
+first and then changed as needed, with conflicts resolved by majority vote.
+
+Our primary method of communication is our mailing list. Approximately 40
+messages a day flow over the list, and are typically very conversational in
+tone. We discuss new features to add, bug fixes, user problems, developments
+in the web server community, release dates, etc. The actual code development
+takes place on the developers' local machines, with proposed changes
+communicated using a patch (output of a unified "diff -u oldfile newfile"
+command), and committed to the source repository by one of the core
+developers using remote svn.  Anyone on the mailing list can vote on a
+particular issue, but we only count those made by active members or people
+who are known to be experts on that part of the server. Vetoes must be
+accompanied by a convincing explanation.
+
+New members of the Apache Group are added when a frequent contributor is
+nominated by one member and unanimously approved by the voting members.
+In most cases, this "new" member has been actively contributing to the
+group's work for over six months, so it's usually an easy decision.
+
+The above describes our past and current (as of July 2000) guidelines,
+which will probably change over time as the membership of the group
+changes and our development/coordination tools improve.
+
+ ============================================================================
+
+The Apache Software Foundation (www.apache.org)
+
+The Apache Software Foundation exists to provide organizational, legal,
+and financial support for the Apache open-source software projects.
+Founded in June 1999 by the Apache Group, the Foundation has been
+incorporated as a membership-based, not-for-profit corporation in order
+to ensure that the Apache projects continue to exist beyond the participation
+of individual volunteers, to enable contributions of intellectual property
+and funds on a sound basis, and to provide a vehicle for limiting legal
+exposure while participating in open-source software projects. 
+
+You are invited to participate in The Apache Software Foundation. We welcome
+contributions in many forms. Our membership consists of those individuals
+who have demonstrated a commitment to collaborative open-source software
+development through sustained participation and contributions within the
+Foundation's projects. Many people and companies have contributed towards
+the success of the Apache projects. 
+
+ ============================================================================
+
+Why The Apache HTTP Server Is Free
+
+Apache HTTP Server exists to provide a robust and commercial-grade reference
+implementation of the HTTP protocol. It must remain a platform upon which
+individuals and institutions can build reliable systems, both for
+experimental purposes and for mission-critical purposes. We believe the
+tools of online publishing should be in the hands of everyone, and
+software companies should make their money providing value-added services
+such as specialized modules and support, amongst other things. We realize
+that it is often seen as an economic advantage for one company to "own" a
+market - in the software industry that means to control tightly a
+particular conduit such that all others must pay. This is typically done
+by "owning" the protocols through which companies conduct business, at the
+expense of all those other companies. To the extent that the protocols of
+the World Wide Web remain "unowned" by a single company, the Web will
+remain a level playing field for companies large and small. Thus,
+"ownership" of the protocol must be prevented, and the existence of a
+robust reference implementation of the protocol, available absolutely for
+free to all companies, is a tremendously good thing. 
+
+Furthermore, Apache httpd is an organic entity; those who benefit from it
+by using it often contribute back to it by providing feature enhancements,
+bug fixes, and support for others in public newsgroups. The amount of
+effort expended by any particular individual is usually fairly light, but
+the resulting product is made very strong. This kind of community can
+only happen with freeware--when someone pays for software, they usually
+aren't willing to fix its bugs. One can argue, then, that Apache's
+strength comes from the fact that it's free, and if it were made "not
+free" it would suffer tremendously, even if that money were spent on a
+real development team.
+
+We want to see Apache httpd used very widely--by large companies, small
+companies, research institutions, schools, individuals, in the intranet
+environment, everywhere--even though this may mean that companies who
+could afford commercial software, and would pay for it without blinking,
+might get a "free ride" by using Apache httpd. We would even be happy if 
+some commercial software companies completely dropped their own HTTP server
+development plans and used Apache httpd as a base, with the proper attributions
+as described in the LICENSE file.
+
+Thanks for using Apache HTTP Server!
+

Apache24/INSTALL.txt

+
+  APACHE INSTALLATION OVERVIEW
+
+  Quick Start - Unix
+  ------------------
+
+  For complete installation documentation, see [ht]docs/manual/install.html or
+  http://httpd.apache.org/docs/2.4/install.html
+
+     $ ./configure --prefix=PREFIX
+     $ make
+     $ make install
+     $ PREFIX/bin/apachectl start
+
+     NOTES: * Replace PREFIX with the filesystem path under which 
+              Apache should be installed.  A typical installation
+              might use "/usr/local/apache2" for PREFIX (without the
+              quotes).
+
+            * Consider if you want to use a previously installed APR and
+              APR-Util (such as those provided with many OSes) or if you
+              need to use the APR and APR-Util from the apr.apache.org
+              project. If the latter, download the latest versions and
+              unpack them to ./srclib/apr and ./srclib/apr-util (no
+              version numbers in the directory names) and use
+              ./configure's --with-included-apr option. This is required
+              if you don't have the compiler which the system APR was
+              built with.  It can also be advantageous if you are a
+              developer who will be linking your code with Apache or using
+              a debugger to step through server code, as it removes the
+              possibility of version or compile-option mismatches with APR
+              and APR-Util code. As a convenience, prepackaged source-code
+              bundles of APR and APR-Util are occasionally also provided
+              as a httpd-2.X.X-deps.tar.gz download.
+
+            * If you are a developer building Apache directly from
+              Subversion, you will need to run ./buildconf before running
+              configure. This script bootstraps the build environment and
+              requires Python as well as GNU autoconf and libtool. If you
+              build Apache from a release tarball, you don't have to run
+              buildconf.
+
+            * If you want to build a threaded MPM (for instance worker)
+              on  FreeBSD, be aware that threads do not work well with
+              Apache on FreeBSD versions before 5.4-RELEASE. If you wish
+              to try a threaded Apache on an earlier version of FreeBSD,
+              use the --enable-threads parameter to ./configure in
+              addition to the --with-mpm parameter.
+
+            * If you are building directly from Subversion on Mac OS X
+              (Darwin), make sure to use GNU Libtool 1.4.2 or newer. All
+              recent versions of the developer tools on this platform
+              include a sufficiently recent version of GNU Libtool (named
+              glibtool, but buildconf knows where to find it).
+
+  For a short impression of what possibilities you have, here is a
+  typical example which configures Apache for the installation tree
+  /sw/pkg/apache with a particular compiler and flags plus the two
+  additional modules mod_rewrite and mod_speling for later loading
+  through the DSO mechanism:
+
+     $ CC="pgcc" CFLAGS="-O2" \
+     ./configure --prefix=/sw/pkg/apache \
+     --enable-rewrite=shared \
+     --enable-speling=shared 
+
+  The easiest way to find all of the configuration flags for Apache 2.4
+  is to run ./configure --help.
+
+
+  Quick Start - Windows
+  ---------------------
+
+  For complete documentation, see manual/platform/windows.html.en or
+  <http://httpd.apache.org/docs/2.4/platform/windows.html>
+
+
+  Postscript
+  ----------
+
+  To obtain help with installation problems, please see the resources at
+  <http://httpd.apache.org/support.html>
+
+  Thanks for using the Apache HTTP Server, version 2.4.
+
+                                     The Apache Software Foundation
+                                     http://www.apache.org/

Apache24/NOTICE.txt

+Apache HTTP Server
+Copyright 2018 The Apache Software Foundation.
+
+This product includes software developed at
+The Apache Software Foundation (http://www.apache.org/).
+
+Portions of this software were developed at the National Center
+for Supercomputing Applications (NCSA) at the University of
+Illinois at Urbana-Champaign.
+
+This software contains code derived from the RSA Data Security
+Inc. MD5 Message-Digest Algorithm, including various
+modifications by Spyglass Inc., Carnegie Mellon University, and
+Bell Communications Research, Inc (Bellcore).
+
+This software contains code derived from the PCRE library pcreposix.c
+source code, written by Philip Hazel, Copyright 1997-2004
+by the University of Cambridge, England.
+
+Regular expression support is provided by the PCRE library package,
+which is open source software, written by Philip Hazel, and copyright
+by the University of Cambridge, England. The original software is
+available from
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
+
+This binary distribution includes cryptographic software written by
+Eric Young (eay@cryptsoft.com), software written by Tim Hudson 
+(tjh@cryptsoft.com), and software developed by the OpenSSL Project 
+for use in the OpenSSL Toolkit <http://www.openssl.org/>.
+
+This binary distribution of mod_deflate.so includes zlib compression code
+<http://www.gzip.org/zlib/> written by Jean-loup Gailly (jloup@gzip.org)
+and Mark Adler (madler@alumni.caltech.edu) .
+
+This binary distribution of mod_lua.so includes the Lua language, 
+developed at Lua.org, a laboratory of the Department of Computer Science 
+of PUC-Rio (the Pontifical Catholic University of Rio de Janeiro in Brazil).
+For complete information, visit Lua's web site at http://www.lua.org/
+
+This binary distributions of mod_proxy_html.so and mod_xml2enc.so include the
+libxml2 C library written by Daniel Veillard (daniel veillard.com), Bjorn 
+Reese (breese users.sourceforge.net) and Gary Pennington (Gary.Pennington 
+uk.sun.com). For complete information, visit LibXML2's web site at 
+https://http://www.xmlsoft.org/
+
+This binary distribution of mod_http2.so includes nghttp2 C library written 
+by Tatsuhiro Tsujikawa. For complete information, visit nghttp2's web site 
+at https://nghttp2.org/
+
+This binary distribution of mod_brotli.so includes Brotli C library written 
+by the Brotli Authors. For complete information, visit Brotli's web site 
+at https://github.com/google/brotli
+
+This binary distribution of mod_md.so includes Curl C library written by 
+Daniel Stenberg and many contributors. For complete information, 
+visit curl's web site at https://curl.haxx.se/
+
+This binary distribution of mod_md.so includes Jansson C library written 
+by the  Petri Lehtinen. For complete information, visit Jansson's web site 
+at http://www.digip.org/jansson/

Apache24/OPENSSL-README.txt

+
+ Apache HTTP Server 2.4 Limited OpenSSL Distribution
+
+ This binary installation of OpenSSL is a limited distribution of the
+ files derived from the OpenSSL project:
+
+   LICENSE.txt (includes openssl LICENSE)
+   OPENSSL-NEWS.txt
+   OPENSSL-README.txt
+   conf\openssl.cnf
+   bin\libeay32.dll
+   bin\ssleay32.dll
+   bin\openssl.exe
+
+ These are the minimal libraries and tools required to use mod_ssl as 
+ distributed with Apache HTTP Server version 2.4.  No library link files, 
+ headers or sources are distributed with this binary distribution.  Please 
+ refer to the <http://www.openssl.org/> site for complete source or binary 
+ distributions.
+
+ These OpenSSL binaries were built for distribution from the U.S. without 
+ support for the patented encryption methods IDEA, MDC-2 or RC5.
+
+ The Apache HTTP Project only supports the binary distribution of these files
+ and development of the mod_ssl module.  We cannot provide support assistance
+ for using or configuring the OpenSSL package or these modules.  Please refer
+ all installation and configuration questions to the appropriate forum,
+ such as the user supported lists, <http://httpd.apache.org/userslist.html> 
+ the Apache HTTP Server user's list or <http://www.openssl.org/support/> the
+ OpenSSL support page.
+
+--------------------------------------------------------------------------------
+
+
+ OpenSSL 1.1.0h 27 Mar 2018
+
+ Copyright (c) 1998-2016 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
+
+ DESCRIPTION
+ -----------
+
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, fully featured, and Open Source toolkit implementing the
+ Transport Layer Security (TLS) protocols (including SSLv3) as well as a
+ full-strength general purpose cryptographic library.
+
+ OpenSSL is descended from the SSLeay library developed by Eric A. Young
+ and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
+ OpenSSL license plus the SSLeay license), which means that you are free to
+ get and use it for commercial and non-commercial purposes as long as you
+ fulfill the conditions of both licenses.
+
+ OVERVIEW
+ --------
+
+ The OpenSSL toolkit includes:
+
+ libssl (with platform specific naming):
+     Provides the client and server-side implementations for SSLv3 and TLS.
+
+ libcrypto (with platform specific naming):
+     Provides general cryptographic and X.509 support needed by SSL/TLS but
+     not logically part of it.
+
+ openssl:
+     A command line tool that can be used for:
+        Creation of key parameters
+        Creation of X.509 certificates, CSRs and CRLs
+        Calculation of message digests
+        Encryption and decryption
+        SSL/TLS client and server tests
+        Handling of S/MIME signed or encrypted mail
+        And more...
+
+ INSTALLATION
+ ------------
+
+ See the appropriate file:
+        INSTALL         Linux, Unix, Windows, OpenVMS, ...
+        NOTES.*         INSTALL addendums for different platforms
+
+ SUPPORT
+ -------
+
+ See the OpenSSL website www.openssl.org for details on how to obtain
+ commercial technical support. Free community support is available through the
+ openssl-users email list (see
+ https://www.openssl.org/community/mailinglists.html for further details).
+
+ If you have any problems with OpenSSL then please take the following steps
+ first:
+
+    - Download the latest version from the repository
+      to see if the problem has already been addressed
+    - Configure with no-asm
+    - Remove compiler optimisation flags
+
+ If you wish to report a bug then please include the following information
+ and create an issue on GitHub:
+
+    - OpenSSL version: output of 'openssl version -a'
+    - Any "Configure" options that you selected during compilation of the
+      library if applicable (see INSTALL)
+    - OS Name, Version, Hardware platform
+    - Compiler Details (name, version)
+    - Application Details (name, version)
+    - Problem Description (steps that will reproduce the problem, if known)
+    - Stack Traceback (if the application dumps core)
+
+ Just because something doesn't work the way you expect does not mean it
+ is necessarily a bug in OpenSSL. Use the openssl-users email list for this type
+ of query.
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ See CONTRIBUTING
+
+ LEGALITIES
+ ----------
+
+ A number of nations restrict the use or export of cryptography. If you
+ are potentially subject to such restrictions you should seek competent
+ professional legal advice before attempting to develop or distribute
+ cryptographic code.
+
\ No newline at end of file

Apache24/README.txt

+
+                          Apache HTTP Server
+
+  What is it?
+  -----------
+
+  The Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant
+  web server.  Originally designed as a replacement for the NCSA HTTP
+  Server, it has grown to be the most popular web server on the
+  Internet.  As a project of the Apache Software Foundation, the
+  developers aim to collaboratively develop and maintain a robust,
+  commercial-grade, standards-based server with freely available
+  source code.
+
+  The Latest Version
+  ------------------
+
+  Details of the latest version can be found on the Apache HTTP
+  server project page under http://httpd.apache.org/.
+
+  Documentation
+  -------------
+
+  The documentation available as of the date of this release is
+  included in HTML format in the docs/manual/ directory.  The most
+  up-to-date documentation can be found at
+  http://httpd.apache.org/docs/2.4/.
+
+  Installation
+  ------------
+
+  Please see the file called INSTALL.  Platform specific notes can be
+  found in README.platforms.
+
+  Licensing
+  ---------
+
+  Please see the file called LICENSE.
+
+  Cryptographic Software Notice
+  -----------------------------
+
+  This distribution may include software that has been designed for use
+  with cryptographic software.  The country in which you currently reside
+  may have restrictions on the import, possession, use, and/or re-export
+  to another country, of encryption software.  BEFORE using any encryption
+  software, please check your country's laws, regulations and policies
+  concerning the import, possession, or use, and re-export of encryption
+  software, to see if this is permitted.  See <http://www.wassenaar.org/>
+  for more information.
+
+  The U.S. Government Department of Commerce, Bureau of Industry and
+  Security (BIS), has classified this software as Export Commodity 
+  Control Number (ECCN) 5D002.C.1, which includes information security
+  software using or performing cryptographic functions with asymmetric
+  algorithms.  The form and manner of this Apache Software Foundation
+  distribution makes it eligible for export under the License Exception
+  ENC Technology Software Unrestricted (TSU) exception (see the BIS 
+  Export Administration Regulations, Section 740.13) for both object 
+  code and source code.
+
+  The following provides more details on the included files that
+  may be subject to export controls on cryptographic software:
+
+    Apache httpd 2.0 and later versions include the mod_ssl module under
+       modules/ssl/
+    for configuring and listening to connections over SSL encrypted
+    network sockets by performing calls to a general-purpose encryption
+    library, such as OpenSSL or the operating system's platform-specific
+    SSL facilities.
+
+    In addition, some versions of apr-util provide an abstract interface
+    for symmetrical cryptographic functions that make use of a
+    general-purpose encryption library, such as OpenSSL, NSS, or the
+    operating system's platform-specific facilities. This interface is
+    known as the apr_crypto interface, with implementation beneath the
+    /crypto directory. The apr_crypto interface is used by the
+    mod_session_crypto module available under
+      modules/session
+    for optional encryption of session information.
+
+    Some object code distributions of Apache httpd, indicated with the
+    word "crypto" in the package name, may include object code for the
+    OpenSSL encryption library as distributed in open source form from
+    <http://www.openssl.org/source/>.
+
+  The above files are optional and may be removed if the cryptographic
+  functionality is not desired or needs to be excluded from redistribution.
+  Distribution packages of Apache httpd that include the word "nossl"
+  in the package name have been created without the above files and are
+  therefore not subject to this notice.
+
+  Contacts
+  --------
+
+     o If you want to be informed about new code releases, bug fixes,
+       security fixes, general news and information about the Apache server
+       subscribe to the apache-announce mailing list as described under
+       <http://httpd.apache.org/lists.html#http-announce>
+
+     o If you want freely available support for running Apache please see the
+       resources at <http://httpd.apache.org/support.html>
+
+     o If you have a concrete bug report for Apache please see the instructions
+       for bug reporting at <http://httpd.apache.org/bug_report.html>
+
+     o If you want to participate in actively developing Apache please
+       subscribe to the `dev@httpd.apache.org' mailing list as described at
+       <http://httpd.apache.org/lists.html#http-dev>
+

Apache24/bin/dbmmanage.pl

+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#for more functionality see the HTTPD::UserAdmin module:
+# http://www.perl.com/CPAN/modules/by-module/HTTPD/HTTPD-Tools-x.xx.tar.gz
+#
+# usage: dbmmanage <DBMfile> <command> <user> <password> <groups> <comment>
+
+package dbmmanage;
+#                               -ldb    -lndbm    -lgdbm    -lsdbm
+BEGIN { @AnyDBM_File::ISA = qw(SDBM_File) }
+use strict;
+use Fcntl;
+use AnyDBM_File ();
+
+sub usage {
+    my $cmds = join "|", sort keys %dbmc::;
+    die <<SYNTAX;
+Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]
+
+    where enc is  -d for crypt encryption (default except on Win32, Netware)
+                  -m for MD5 encryption (default on Win32, Netware)
+                  -s for SHA1 encryption
+                  -p for plaintext
+
+    command is one of: $cmds
+
+    pw of . for update command retains the old password
+    pw of - (or blank) for update command prompts for the password
+
+    groups or comment of . (or blank) for update command retains old values
+    groups or comment of - for update command clears the existing value
+    groups or comment of - for add and adduser commands is the empty value
+SYNTAX
+}
+
+sub need_sha1_crypt {
+    if (!eval ('require "Digest/SHA1.pm";')) {
+        print STDERR <<SHAERR;
+dbmmanage SHA1 passwords require the interface or the module Digest::SHA1
+available from CPAN:
+
+    http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz
+
+Please install Digest::SHA1 and try again, or use a different crypt option:
+
+SHAERR
+        usage();
+    }
+}
+
+sub need_md5_crypt {
+    if (!eval ('require "Crypt/PasswdMD5.pm";')) {
+        print STDERR <<MD5ERR;
+dbmmanage MD5 passwords require the module Crypt::PasswdMD5 available from CPAN
+
+    http://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.1.tar.gz
+
+Please install Crypt::PasswdMD5 and try again, or use a different crypt option:
+
+MD5ERR
+        usage();
+    }
+}
+
+# if your osname is in $newstyle_salt, then use new style salt (starts with '_' and contains
+# four bytes of iteration count and four bytes of salt).  Otherwise, just use
+# the traditional two-byte salt.
+# see the man page on your system to decide if you have a newer crypt() lib.
+# I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does).
+# The new style crypt() allows up to 20 characters of the password to be
+# significant rather than only 8.
+#
+my $newstyle_salt_platforms = join '|', qw{bsdos}; #others?
+my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/;
+
+# Some platforms just can't crypt() for Apache
+#
+my $crypt_not_supported_platforms = join '|', qw{MSWin32 NetWare}; #others?
+my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/;
+
+my $crypt_method = "crypt";
+
+if ($crypt_not_supported) {
+    $crypt_method = "md5";
+}
+
+# Some platforms won't jump through our favorite hoops
+#
+my $not_unix_platforms = join '|', qw{MSWin32 NetWare}; #others?
+my $not_unix = $^O =~ /(?:$not_unix_platforms)/;
+
+if ($crypt_not_supported) {
+    $crypt_method = "md5";
+}
+
+if (@ARGV[0] eq "-d") {
+    shift @ARGV;
+    if ($crypt_not_supported) {
+        print STDERR
+              "Warning: Apache/$^O does not support crypt()ed passwords!\n\n";
+    }
+    $crypt_method = "crypt";
+}
+
+if (@ARGV[0] eq "-m") {
+    shift @ARGV;
+    $crypt_method = "md5";
+}
+
+if (@ARGV[0] eq "-p") {
+    shift @ARGV;
+    if (!$crypt_not_supported) {
+        print STDERR
+              "Warning: Apache/$^O does not support plaintext passwords!\n\n";
+    }
+    $crypt_method = "plain";
+}
+
+if (@ARGV[0] eq "-s") {
+    shift @ARGV;
+    need_sha1_crypt();
+    $crypt_method = "sha1";
+}
+
+if ($crypt_method eq "md5") {
+    need_md5_crypt();
+}
+
+my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV;
+
+usage() unless $file and $command and defined &{$dbmc::{$command}};
+
+# remove extension if any
+my $chop = join '|', qw{db.? pag dir};
+$file =~ s/\.($chop)$//;
+
+my $is_update = $command eq "update";
+my %DB = ();
+my @range = ();
+my($mode, $flags) = $command =~
+    /^(?:view|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR|O_CREAT);
+
+tie (%DB, "AnyDBM_File", $file, $flags, $mode) || die "Can't tie $file: $!";
+dbmc->$command();
+untie %DB;
+
+
+my $x;
+sub genseed {
+    my $psf;
+    if ($not_unix) {
+        srand (time ^ $$ or time ^ ($$ + ($$ << 15)));
+    }
+    else {
+        for (qw(-xlwwa -le)) {
+            `ps $_ 2>/dev/null`;
+            $psf = $_, last unless $?;
+        }
+        srand (time ^ $$ ^ unpack("%L*", `ps $psf | gzip -f`));
+    }
+    @range = (qw(. /), '0'..'9','a'..'z','A'..'Z');
+    $x = int scalar @range;
+}
+
+sub randchar {
+    join '', map $range[rand $x], 1..shift||1;
+}
+
+sub saltpw_crypt {
+    genseed() unless @range;
+    return $newstyle_salt ?
+        join '', "_", randchar, "a..", randchar(4) :
+        randchar(2);
+}
+
+sub cryptpw_crypt {
+    my ($pw, $salt) = @_;
+    $salt = saltpw_crypt unless $salt;
+    crypt $pw, $salt;
+}
+
+sub saltpw_md5 {
+    genseed() unless @range;
+    randchar(8);
+}
+
+sub cryptpw_md5 {
+    my($pw, $salt) = @_;
+    $salt = saltpw_md5 unless $salt;
+    Crypt::PasswdMD5::apache_md5_crypt($pw, $salt);
+}
+
+sub cryptpw_sha1 {
+    my($pw, $salt) = @_;
+    '{SHA}' . Digest::SHA1::sha1_base64($pw) . "=";
+}
+
+sub cryptpw {
+    if ($crypt_method eq "md5") {
+        return cryptpw_md5(@_);
+    } elsif ($crypt_method eq "sha1") {
+        return cryptpw_sha1(@_);
+    } elsif ($crypt_method eq "crypt") {
+        return cryptpw_crypt(@_);
+    }
+    @_[0]; # otherwise return plaintext
+}
+
+sub getpass {
+    my $prompt = shift || "Enter password:";
+
+    unless($not_unix) {
+        open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n";
+        system "stty -echo;";
+    }
+
+    my($c,$pwd);
+    print STDERR $prompt;
+    while (($c = getc(STDIN)) ne '' and $c ne "\n" and $c ne "\r") {
+        $pwd .= $c;
+    }
+
+    system "stty echo" unless $not_unix;
+    print STDERR "\n";
+    die "Can't use empty password!\n" unless length $pwd;
+    return $pwd;
+}
+
+sub dbmc::update {
+    die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
+    $crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.';
+    $groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.';
+    $comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.';
+    if (!$crypted_pwd || $crypted_pwd eq '-') {
+        dbmc->adduser;
+    }
+    else {
+        dbmc->add;
+    }
+}
+
+sub dbmc::add {
+    die "Can't use empty password!\n" unless $crypted_pwd;
+    unless($is_update) {
+        die "Sorry, user `$key' already exists!\n" if $DB{$key};
+    }
+    $groups = '' if $groups eq '-';
+    $comment = '' if $comment eq '-';
+    $groups .= ":" . $comment if $comment;
+    $crypted_pwd .= ":" . $groups if $groups;
+    $DB{$key} = $crypted_pwd;
+    my $action = $is_update ? "updated" : "added";
+    print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n";
+}
+
+sub dbmc::adduser {
+    my $value = getpass "New password:";
+    die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value;
+    $crypted_pwd = cryptpw $value;
+    dbmc->add;
+}
+
+sub dbmc::delete {
+    die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
+    delete $DB{$key}, print "`$key' deleted\n";
+}
+
+sub dbmc::view {
+    print $key ? "$key:$DB{$key}\n" : map { "$_:$DB{$_}\n" if $DB{$_} } keys %DB;
+}
+
+sub dbmc::check {
+    die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
+    my $chkpass = (split /:/, $DB{$key}, 3)[0];
+    my $testpass = getpass();
+    if (substr($chkpass, 0, 6) eq '$apr1$') {
+        need_md5_crypt;
+        $crypt_method = "md5";
+    } elsif (substr($chkpass, 0, 5) eq '{SHA}') {
+        need_sha1_crypt;
+        $crypt_method = "sha1";
+    } elsif (length($chkpass) == 13 && $chkpass ne $testpass) {
+        $crypt_method = "crypt";
+    } else {
+        $crypt_method = "plain";
+    }
+    print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass
+                           ? " password ok\n" : " password mismatch\n");
+}
+
+sub dbmc::import {
+    while(defined($_ = <STDIN>) and chomp) {
+        ($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4;
+        dbmc->add;
+    }
+}
+