diff --git a/Apache-apr2.dsw b/Apache-apr2.dsw index 2b659793001227bcb1ffdaca545c6571533a2c3c..1f4509ebcc1c67795e3e2499ce547b66d44f1d45 100644 --- a/Apache-apr2.dsw +++ b/Apache-apr2.dsw @@ -282,6 +282,9 @@ Package=<4> Project_Dep_Name mod_proxy_ftp End Project Dependency Begin Project Dependency + Project_Dep_Name mod_proxy_hcheck + End Project Dependency + Begin Project Dependency Project_Dep_Name mod_proxy_http End Project Dependency Begin Project Dependency @@ -2309,6 +2312,28 @@ Package=<4> ############################################################################### +Project: "mod_proxy_hcheck"=.\modules\proxy\mod_proxy_hcheck.dsp - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name libapr + End Project Dependency + Begin Project Dependency + Project_Dep_Name libhttpd + End Project Dependency + Begin Project Dependency + Project_Dep_Name mod_proxy + End Project Dependency +}}} + +############################################################################### +############################################################################### + Project: "mod_proxy_html"=.\modules\filters\mod_proxy_html.dsp - Package Owner=<4> Package=<5> diff --git a/Apache.dsw b/Apache.dsw index 20259d25b633f6eb25426870631c8b0716dbf21c..af13918322f3cf6366b6aab9c5e12ba8f19dc887 100644 --- a/Apache.dsw +++ b/Apache.dsw @@ -297,6 +297,9 @@ Package=<4> Project_Dep_Name mod_proxy_ftp End Project Dependency Begin Project Dependency + Project_Dep_Name mod_proxy_hcheck + End Project Dependency + Begin Project Dependency Project_Dep_Name mod_proxy_http End Project Dependency Begin Project Dependency @@ -2714,6 +2717,30 @@ Package=<4> ############################################################################### +Project: "mod_proxy_hcheck"=.\modules\proxy\mod_proxy_hcheck.dsp - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name libapr + End Project Dependency + Begin Project Dependency + Project_Dep_Name libaprutil + End Project Dependency + Begin Project Dependency + Project_Dep_Name libhttpd + End Project Dependency + Begin Project Dependency + Project_Dep_Name mod_proxy + End Project Dependency +}}} + +############################################################################### + Project: "mod_proxy_html"=.\modules\filters\mod_proxy_html.dsp - Package Owner=<4> Package=<5> diff --git a/CHANGES b/CHANGES index 9e502d0c1a452ea81946b1548c8e40463a6057b2..6b4382b3330217c42a49858d9e65f848542b5fd7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,9 +1,157 @@ -*- coding: utf-8 -*- -Changes with Apache 2.4.24 +Changes with Apache 2.4.26 *) mod_ssl: Add support for OpenSSL 1.1.0. [Rainer Jung] + *) mod_http2: regression fix on PR 59348, on graceful restart, ongoing + streams are finished normally before the final GOAWAY is sent. + [Stefan Eissing, ] + + *) mod_http2: fixes PR60599, sending proper response for conditional requests + answered by mod_cache. [Jeff Wheelhouse, Stefan Eissing] + + *) mod_http2: rework of stream resource cleanup to avoid a crash in a close + of a lingering connection. Prohibit special file bucket beaming for + shared buckets. Files sent in stream output now use the stream pool + as read buffer, reducing memory footprint of connections. + [Yann Ylavic, Stefan Eissing] + + *) mod_proxy_fcgi, mod_fcgid: Fix crashes in ap_fcgi_encoded_env_len() when + modules add empty environment variables to the request. PR60275. + [] + + *) mod_http2: fix for possible page fault when stream is resumed during + session shutdown. [sidney-j-r-m (github)] + + *) mod_http2: fix for h2 session ignoring new responses while already + open streams continue to have data available. [Stefan Eissing] + + *) mod_http2: adding support for MergeTrailers directive. [Stefan Eissing] + + *) mod_http2: limiting DATA frame sizes by TLS record sizes in use on the + connection. Flushing outgoing frames earlier. [Stefan Eissing] + + *) mod_http2: cleanup beamer registry on server reload, Fixes PR60510. + [Pavel Mateja , Stefan Eissing] + + *) mod_proxy_{ajp,fcgi}: Fix a possible crash when reusing an established + backend connection, happening with LogLevel trace2 or higher configured, + or at any log level with compilers not detected as C99 compliant (e.g. + MSVC on Windows). [Yann Ylavic] + + *) mod_ext_filter: Don't interfere with "error buckets" issued by other + modules. PR60375. [Eric Covener, Lubos Uhliarik] + + *) mod_http2: fixes https://github.com/icing/mod_h2/issues/126 e.g. beam + bucket lifetime handling when data is sent over temporary pools. + [Stefan Eissing] + +Changes with Apache 2.4.25 + + *) Fix some build issues related to various modules. + [Rainer Jung] + +Changes with Apache 2.4.24 (not released) + + *) SECURITY: CVE-2016-8740 (cve.mitre.org) + mod_http2: Mitigate DoS memory exhaustion via endless + CONTINUATION frames. + [Naveen Tiwari and CDF/SEFCOM at Arizona State + University, Stefan Eissing] + + *) SECURITY: CVE-2016-2161 (cve.mitre.org) + mod_auth_digest: Prevent segfaults during client entry allocation when + the shared memory space is exhausted. + [Maksim Malyutin , Eric Covener, Jacob Champion] + + *) SECURITY: CVE-2016-0736 (cve.mitre.org) + mod_session_crypto: Authenticate the session data/cookie with a + MAC (SipHash) to prevent deciphering or tampering with a padding + oracle attack. [Yann Ylavic, Colm MacCarthaigh] + + *) SECURITY: CVE-2016-8743 (cve.mitre.org) + Enforce HTTP request grammar corresponding to RFC7230 for request lines + and request headers, to prevent response splitting and cache pollution by + malicious clients or downstream proxies. [William Rowe, Stefan Fritsch] + + *) Validate HTTP response header grammar defined by RFC7230, resulting + in a 500 error in the event that invalid response header contents are + detected when serving the response, to avoid response splitting and cache + pollution by malicious clients, upstream servers or faulty modules. + [Stefan Fritsch, Eric Covener, Yann Ylavic] + + *) core: Mitigate [f]cgi CVE-2016-5387 "httpoxy" issues. + [Dominic Scheirlinck , Yann Ylavic] + + *) mod_rewrite: Limit runaway memory use by short circuiting some kinds of + looping RewriteRules when the local path significantly exceeds + LimitRequestLine. PR 60478. [Jeff Wheelhouse ] + + *) mod_ratelimit: Allow for initial "burst" amount at full speed before + throttling: PR 60145 [Andy Valencia , + Jim Jagielski] + + *) mod_socache_memcache: Provide memcache stats to mod_status. + [Jim Jagielski] + + *) http_filters: Fix potential looping in new check_headers() due to new + pattern of ap_die() from http header filter. Explicitly clear the + previous headers and body. + + *) core: Drop Content-Length header and message-body from HTTP 204 responses. + PR 51350 [Luca Toscano] + + *) mod_proxy: Honor a server scoped ProxyPass exception when ProxyPass is + configured in , like in 2.2. PR 60458. + [Eric Covener] + + *) mod_lua: Fix default value of LuaInherit directive. It should be + 'parent-first' instead of 'none', as per documentation. PR 60419 + [Christophe Jaillet] + + *) core: New directive HttpProtocolOptions to control httpd enforcement + of various RFC7230 requirements. [Stefan Fritsch, William Rowe] + + *) core: Permit unencoded ';' characters to appear in proxy requests and + Location: response headers. Corresponds to modern browser behavior. + [William Rowe] + + *) core: ap_rgetline_core now pulls from r->proto_input_filters. + + *) core: Correctly parse an IPv6 literal host specification in an absolute + URL in the request line. [Stefan Fritsch] + + *) core: New directive RegisterHttpMethod for registering non-standard + HTTP methods. [Stefan Fritsch] + + *) mod_socache_memcache: Pass expiration time through to memcached. + [Faidon Liambotis , Joe Orton] + + *) mod_cache: Use the actual URI path and query-string for identifying the + cached entity (key), such that rewrites are taken into account when + running afterwards (CacheQuickHandler off). PR 21935. [Yann Ylavic] + + *) mod_http2: new directive 'H2EarlyHints' to enable sending of HTTP status + 103 interim responses. Disabled by default. [Stefan Eissing] + + *) mod_ssl: Fix quick renegotiation (OptRenegotiaton) with no intermediate + in the client certificate chain. PR 55786. [Yann Ylavic] + + *) event: Allow to use the whole allocated scoreboard (up to ServerLimit + slots) to avoid scoreboard full errors when some processes are finishing + gracefully. Also, make gracefully finishing processes close all + keep-alive connections. PR 53555. [Stefan Fritsch] + + *) mpm_event: Don't take over scoreboard slots from gracefully finishing + threads. [Stefan Fritsch] + + *) mpm_event: Free memory earlier when shutting down processes. + [Stefan Fritsch] + + *) mod_status: Display the process slot number in the async connection + overview. [Stefan Fritsch] + *) mod_dir: Responses that go through "FallbackResource" might appear to hang due to unterminated chunked encoding. PR58292. [Eric Covener] @@ -44,8 +192,8 @@ Changes with Apache 2.4.24 by resetting all ongoing streams against the backend. [Stefan Eissing] - *) mod_http2: allocators from slave connections are released earlier, resulting - in less overall memory use on busy, long lived connections. + *) mod_http2: allocators from slave connections are released earlier, + resulting in less overall memory use on busy, long lived connections. [Stefan Eissing] *) mod_remoteip: Pick up where we left off during a subrequest rather @@ -124,9 +272,6 @@ Changes with Apache 2.4.24 *) mod_http2: handling graceful shutdown gracefully, e.g. handling existing streams to the end. [Stefan Eissing] - *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues. - [Dominic Scheirlinck , Yann Ylavic] - *) mod_proxy_{http,ajp,fcgi}: don't reuse backend connections with data available before the request is sent. PR 57832. [Yann Ylavic] diff --git a/CMakeLists.txt b/CMakeLists.txt index 7646903ae3282980975ab57e6102da478cb244cf..c5edf60241bd6be29410fd9174739c8e3db29e3f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -318,6 +318,7 @@ SET(MODULE_LIST "modules/proxy/mod_proxy_fcgi+I+Apache proxy FastCGI module. Requires and is enabled by --enable-proxy." "modules/proxy/mod_proxy_ftp+I+Apache proxy FTP module. Requires and is enabled by --enable-proxy." "modules/proxy/mod_proxy_http+I+Apache proxy HTTP module. Requires and is enabled by --enable-proxy." + "modules/proxy/mod_proxy_hcheck+I+Apache proxy health check module. Requires and is enabled by --enable-proxy." "modules/proxy/mod_proxy_scgi+I+Apache proxy SCGI module. Requires and is enabled by --enable-proxy." "modules/proxy/mod_proxy_wstunnel+I+Apache proxy Websocket Tunnel module. Requires and is enabled by --enable-proxy." "modules/http2/mod_proxy_http2+i+Apache proxy HTTP/2 module. Requires --enable-proxy." @@ -381,7 +382,7 @@ SET(mod_http2_requires NGHTTP2_FOUND) SET(mod_http2_extra_defines ssize_t=long) SET(mod_http2_extra_libs ${NGHTTP2_LIBRARIES}) SET(mod_http2_extra_sources - modules/http2/h2_alt_svc.c modules/http2/h2_bucket_eoc.c + modules/http2/h2_alt_svc.c modules/http2/h2_bucket_eos.c modules/http2/h2_config.c modules/http2/h2_conn.c modules/http2/h2_conn_io.c modules/http2/h2_ctx.c modules/http2/h2_filter.c @@ -424,6 +425,7 @@ SET(mod_proxy_connect_extra_libs mod_proxy) SET(mod_proxy_express_extra_libs mod_proxy) SET(mod_proxy_fcgi_extra_libs mod_proxy) SET(mod_proxy_ftp_extra_libs mod_proxy) +SET(mod_proxy_hcheck_extra_libs mod_proxy) SET(mod_proxy_http_extra_libs mod_proxy) SET(mod_proxy_html_requires LIBXML2_FOUND) IF(LIBXML2_FOUND) diff --git a/Makefile.win b/Makefile.win index d3cb5c52f758cf54090ed20403272ae83b121c6f..9bdbb95089e3babba54f7a9115f10b45300605ed 100644 --- a/Makefile.win +++ b/Makefile.win @@ -553,6 +553,7 @@ _build: $(MAKE) $(MAKEOPT) -f mod_proxy_express.mak CFG="mod_proxy_express - Win32 $(LONG)" RECURSE=0 $(CTARGET) $(MAKE) $(MAKEOPT) -f mod_proxy_fcgi.mak CFG="mod_proxy_fcgi - Win32 $(LONG)" RECURSE=0 $(CTARGET) $(MAKE) $(MAKEOPT) -f mod_proxy_ftp.mak CFG="mod_proxy_ftp - Win32 $(LONG)" RECURSE=0 $(CTARGET) + $(MAKE) $(MAKEOPT) -f mod_proxy_hcheck.mak CFG="mod_proxy_hcheck - Win32 $(LONG)" RECURSE=0 $(CTARGET) $(MAKE) $(MAKEOPT) -f mod_proxy_http.mak CFG="mod_proxy_http - Win32 $(LONG)" RECURSE=0 $(CTARGET) $(MAKE) $(MAKEOPT) -f mod_proxy_scgi.mak CFG="mod_proxy_scgi - Win32 $(LONG)" RECURSE=0 $(CTARGET) $(MAKE) $(MAKEOPT) -f mod_proxy_wstunnel.mak CFG="mod_proxy_wstunnel - Win32 $(LONG)" RECURSE=0 $(CTARGET) @@ -831,6 +832,7 @@ _copybin: copy modules\proxy\$(LONG)\mod_proxy_express.$(src_so) "$(inst_so)" <.y copy modules\proxy\$(LONG)\mod_proxy_fcgi.$(src_so) "$(inst_so)" <.y copy modules\proxy\$(LONG)\mod_proxy_ftp.$(src_so) "$(inst_so)" <.y + copy modules\proxy\$(LONG)\mod_proxy_hcheck.$(src_so) "$(inst_so)" <.y copy modules\proxy\$(LONG)\mod_proxy_http.$(src_so) "$(inst_so)" <.y copy modules\proxy\$(LONG)\mod_proxy_scgi.$(src_so) "$(inst_so)" <.y copy modules\proxy\$(LONG)\mod_proxy_wstunnel.$(src_so) "$(inst_so)" <.y diff --git a/NOTICE b/NOTICE index 3e80c98a83b235a44f0f3678bead3f829d14ac2f..01a492b7b718afc94eaad7e06b2cf0b5611afa3d 100644 --- a/NOTICE +++ b/NOTICE @@ -1,5 +1,5 @@ Apache HTTP Server -Copyright 2016 The Apache Software Foundation. +Copyright 2017 The Apache Software Foundation. This product includes software developed at The Apache Software Foundation (http://www.apache.org/). diff --git a/STATUS b/STATUS index eb27c39a10f81f1d9aab253adabd2af38652706a..ea2f53d6f2bf55f60b68ce770ea49d7e39277255 100644 --- a/STATUS +++ b/STATUS @@ -34,7 +34,9 @@ Release history: [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases, while x.{even}.z versions are Stable/GA releases.] - 2.4.24 : In development. + 2.4.26 : In development. + 2.4.25 : Tagged on December 16, 2016. Released on December 21, 2016. + 2.4.24 : Tagged on December 16, 2016, not released. 2.4.23 : Tagged on June 30, 2016. Released on July 05, 2016. 2.4.22 : Tagged on June 20, 2016, not released. 2.4.21 : Tagged on June 16, 2016, not released. @@ -113,19 +115,92 @@ CURRENT RELEASE NOTES: RELEASE SHOWSTOPPERS: + *) PR 60576: 2.4.21 broke PHP-FPM with the patch to strip the bogus "proxy://" + prefix from SCRIPT_FILENAME. We need to revert to the previous behavior + ASAP to avoid any further hurdles with FCGI implementations while we figure + this out. + + *) PR 60071: Child httpd processes crash with Segmentation fault + trunk patch: http://svn.apache.org/r1779573 + http://svn.apache.org/r1779574 + http://svn.apache.org/r1779623 + 2.4.x patch: trunk works + +1: jim + + *) PR60458: Rip out this regression or fix (TBD) PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) Remove unnecessary apr_table_do() function casts. - trunk patch: http://svn.apache.org/r1769192 - 2.4.x patch: trunk works - +1: jchampion, rpluem, sf PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] + *) mod_proxy, mod_ssl: Handle SSLProxy* directives in sections, + allowing per backend TLS configuration. + trunk patch: http://svn.apache.org/r1740928 + http://svn.apache.org/r1740960 + http://svn.apache.org/r1740967 + http://svn.apache.org/r1740987 + http://svn.apache.org/r1740998 + http://svn.apache.org/r1742697 + http://svn.apache.org/r1756976 + 2.4.x patch: http://home.apache.org/~ylavic/patches/httpd-2.4.x-r1740928_and_co.patch + +1: ylavic + + *) event: close a race condition where we might re-enable listeners while they + are already or about to be closed. + trunk patch: http://svn.apache.org/r1774541 + 2.4.x patch: trunk works + +1: ylavic, jim + + *) mod_proxy_fcgi: Return HTTP 504 rather than 503 in case of proxy timeout. + trunk patch: http://svn.apache.org/r1775858 + 2.4 patch: trunk works (modulo CHANGES) + +1: elukey + + *) mod_remoteip: Add PROXY protocol support + trunk patch: http://svn.apache.org/r1776575 + http://svn.apache.org/r1776578 (doc fix) + http://svn.apache.org/r1776627 (shortened name + doc fix) + http://svn.apache.org/r1776674 (attribution moved to CHANGES) + http://svn.apache.org/r1776740 (attribution updated in mod_remotip.c) + 2.4 patch (includes CHANGES): + http://people.apache.org/~druggeri/patches/RemoteIPProxyProtocol.2.4.x.patch + +1: druggeri, jim + ±0: jorton, not reviewed but please include r1781030 too + + *) mod_filter: AddOutputFilterByType should use underlying filters type, not just + AP_FTYPE_CONTENT_SET. PR58856 + trunk patch: http://svn.apache.org/r1726705 + 2.4.x patch: trunk works + +1: covener, jim + + *) mod_watchdog: Use pconf as parent pool so mutexes get cleaned on restarts/reloads + and fix leaking sems (https://bugzilla.redhat.com/show_bug.cgi?id=1410883) + trunk patch: http://svn.apache.org/r1778319 + http://svn.apache.org/r1778331 + 2.4.x patch: trunk works + +1: jim, jorton, + + *) mod_brotli: Backport of mod_brotli filter + trunk patch: http://svn.apache.org/r1761714 + http://svn.apache.org/r1762512 + http://svn.apache.org/r1762515 + http://svn.apache.org/r1771791 + http://svn.apache.org/r1779077 + 2.4.x patch: http://home.apache.org/~jim/patches/brotli-2.4.patch + +1: jim, jorton, + + *) mod_auth_digest: Use anonymous shm by default, fall back on name-based + trunk patch: http://svn.apache.org/r1684636 + 2.4.x patch: trunk works (needs CHANGES, ref PR 54622) + +1: jorton, + +PATCHES/ISSUES THAT ARE BEING WORKED + [ New entried should be added at the START of the list ] + *) mod_ssl: Return 502 instead of 500 when SSL peer check or proxy_post_handshake hook fails. Trunk patch: r1645529 (works) @@ -156,118 +231,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: headers (GMT now, GMT now Europe/Paris, GMT tomorrow, GMT yesterday, PST now). +1: elukey - *) mod_ssl: Fix quick renegotiation (OptRenegotiaton) with no intermediate - in the client certificate chain. PR 55786. - trunk patch: http://svn.apache.org/r1756542 - 2.4.x patch: trunk works (modulo CHANGES) - +1: ylavic, icing (by inspectin) - - *) mod_proxy, mod_ssl: Handle SSLProxy* directives in sections, - allowing per backend TLS configuration. - trunk patch: http://svn.apache.org/r1740928 - http://svn.apache.org/r1740960 - http://svn.apache.org/r1740967 - http://svn.apache.org/r1740987 - http://svn.apache.org/r1740998 - http://svn.apache.org/r1742697 - http://svn.apache.org/r1756976 - 2.4.x patch: http://home.apache.org/~ylavic/patches/httpd-2.4.x-r1740928_and_co.patch - +1: ylavic - - *) Fix warnings with new compilers, warnings treated as error - in maintainer-mode, standard c-89 is enforced - trunk patch: http://svn.apache.org/r1702948 - http://svn.apache.org/r1759415 - 2.4.x patch: http://home.apache.org/~ylavic/patches/httpd-2.4.x-r1702948_and_co.patch - +1: ylavic, jorton, - jchampion: r1702948 doesn't quite work as advertised. -Werror is never - added to CFLAGS because when combined with -Wstrict-prototypes, - the AC_LANG_PROGRAM won't compile (it uses a bare main()). - ylavic: Maybe the -Werror case could be handled later, for now this series - avoids a lot of "warning: 'aplog_module_index' defined but not - used [-Wunused-const-variable=]" thanks to AP_MAYBE_UNUSED. - jchampion: Fine by me. I just think the dead code should be removed from - the backport in the meantime, so people don't have a false sense - of security. - - *) mod_cache: Bring up-to-date w/ trunk. - trunk patch: - try to use the key of a possible open but stale cache entry (PR 50317) - http://svn.apache.org/r1597533 - socache_mc_store: Pass through expiration time. - http://svn.apache.org/r1649491 - Preserve the Content-Type in case of 304 response - http://svn.apache.org/r1665216 - Use the actual URI path and query-string (PR 21935) - http://svn.apache.org/r1756553 - http://svn.apache.org/r1756631 - better s-maxage support - http://svn.apache.org/r1726675 - http://svn.apache.org/r1718496 - http://svn.apache.org/r1718476 - Rename ap_casecmpstr[n]() to ap_cstr_casecmp[n](), update with APR doxygen - http://svn.apache.org/r1747469 - 2.4.x patch: http://home.apache.org/~jim/patches/httpd-2.4-cache.patch.txt - +1: jim, ylavic - ylavic: r1756553 and r1649491 have a CHANGES entry. - - *) mod_socache_memcache: Provide memcache STATs to mod_status - trunk patch: http://svn.apache.org/r1768245 - 2.4.x patch: trunk works - +1: jim - - *) Propose default strict RFC7230 behavior, and HttpProtocolOptions directive - to relax or further constrain some behaviors. - trunk patches: too numerous to list, see - svn log --stop-on-copy http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-merge-http-strict/ - 2.4.x patch: see - svn diff -r1767912:HEAD http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-merge-http-strict/ - +1: wrowe - - *) ap_reclaim_child_processes(): Implement terminate immediately - trunk patches: - https://svn.apache.org/r1757061 - https://svn.apache.org/r1770750 - 2.4.x patch: https://people.apache.org/~sf/PR53555_1_ap_reclaim_child_processes.diff - +1: sf - - *) Improve mod_status view of async connections - trunk patches: - https://svn.apache.org/r1738628 - https://svn.apache.org/r1757009 - https://svn.apache.org/r1756848 - https://svn.apache.org/r1757029 - 2.4.x patch: https://people.apache.org/~sf/PR53555_2_mod_status.diff - +1: sf - - *) mpm_event: Free resources earlier during shutdown - trunk patches: - https://svn.apache.org/r1705922 - https://svn.apache.org/r1706523 - https://svn.apache.org/r1738464 - https://svn.apache.org/r1738466 - https://svn.apache.org/r1738486 - 2.4.x patch: https://people.apache.org/~sf/PR53555_3_free_early.diff - +1: sf - - *) mpm_event: Use all free scoreboard slots up to ServerLimit, but don't - re-use scoreboard slots of still running, gracefully finishing processes. - PR: 53555 - trunk patches: - https://svn.apache.org/r1738631 - https://svn.apache.org/r1738633 - https://svn.apache.org/r1738635 - https://svn.apache.org/r1757030 - https://svn.apache.org/r1757031 - https://svn.apache.org/r1770752 - https://svn.apache.org/r1770768 - 2.4.x patch: https://people.apache.org/~sf/PR53555_4_use_all_slots.diff - docs: https://svn.apache.org/r1770771 (in addition to the above) - +1: sf - - -PATCHES/ISSUES THAT ARE BEING WORKED - *) http: Don't remove the Content-Length of zero from a HEAD response if it comes from an origin server, module or script. Allow the previous behaviour (for legacy/buggy modules only, not origin) by also backporting @@ -326,15 +289,26 @@ PATCHES/ISSUES THAT ARE BEING WORKED (& also, making the structure change with apr-util version means it breaks binary compat across an apr-util upgrade?) - * mod_auth_digest: Reduce severity from NOTICE to DEBUG this - once-per-restart msg (I guess the concern was that the RNG - could block after this message) - - AH01757: generating secret for digest authentication ... + * Support PCRE2 (10.x) in place of PCRE (8.x). + Submitted by: wrowe, Petr Pisar [ppisar redhat.com] + trunk patches: + http://svn.apache.org/r1773454 + http://svn.apache.org/r1773741 + http://svn.apache.org/r1773742 + http://svn.apache.org/r1773839 + http://svn.apache.org/r1773870 + http://svn.apache.org/r1773882 + wrowe notes that the current code is too inefficient, owing to the fact + that the ovector is a required allocation and is no longer allocated on + the stack, by design. The correct fix is an apr userdata allocation on + the appropriate pool, which would be thread-safe, but the actual API of + ap_regexec[_len]() offers us no pool. We cannot associate that pool with + the ap_regex_t, because a single regex may be used by many threads in + parallel and is not thread-safe beyond initialization. + So the only fix allowing us to use PCRE 10 in httpd 2.4 would be to write + this as a thread safe storage buffer for the majority of cases (<10 $args) + and we don't have a portable tls mechanism to do so. - trunk patch: This was fixed in trunk as a trivial part of http://svn.apache.org/r1492395 - 2.4.x patch: Just change the loglevel to DEBUG. - +1 covener PATCHES/ISSUES THAT ARE STALLED diff --git a/acinclude.m4 b/acinclude.m4 index f1da2c9c3cedf2defcf2e7dfeaa3606cbacfb202..0fdf1d48e495b1419336f75dfd1e17abed5fa7d0 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -734,7 +734,7 @@ AC_DEFUN([APACHE_ADD_GCC_CFLAG], [ AC_CACHE_CHECK([whether gcc accepts $1], ap_gcc_ckvar, [ save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $1" - AC_COMPILE_IFELSE([AC_LANG_SOURCE([int foo() { return 0; }])], + AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], [ap_gcc_ckvar=yes], [ap_gcc_ckvar=no]) CFLAGS="$save_CFLAGS" ]) diff --git a/build/installwinconf.awk b/build/installwinconf.awk index 29ab0945802e4cccc855405ea2a54b9373db78cd..8f8b9b2491c77afe7a1ab18287faafbd4d0bbcad 100644 --- a/build/installwinconf.awk +++ b/build/installwinconf.awk @@ -166,6 +166,7 @@ BEGIN { print "#LoadModule proxy_express_module modules/mod_proxy_express.so" > dstfl; print "#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so" > dstfl; print "#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so" > dstfl; + print "#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so" > dstfl; print "#LoadModule proxy_html_module modules/mod_proxy_html.so" > dstfl; print "#LoadModule proxy_http_module modules/mod_proxy_http.so" > dstfl; print "#LoadModule proxy_http2_module modules/mod_proxy_http2.so" > dstfl; diff --git a/configure.in b/configure.in index c59c54257cf4969611f39e1f6c869c9044db54a5..7ae20b83d031054d914e3da2886c3d76aabd96dc 100644 --- a/configure.in +++ b/configure.in @@ -596,11 +596,12 @@ AC_ARG_ENABLE(maintainer-mode,APACHE_HELP_STRING(--enable-maintainer-mode,Turn o APR_ADDTO(CPPFLAGS, -DAP_DEBUG) if test "$GCC" = "yes"; then APR_ADDTO(CFLAGS,[-Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wpointer-arith]) + APACHE_ADD_GCC_CFLAG([-std=c89]) + APACHE_ADD_GCC_CFLAG([-Werror]) APACHE_ADD_GCC_CFLAG([-Wdeclaration-after-statement]) - APACHE_ADD_GCC_CFLAG([-Werror=declaration-after-statement]) APACHE_ADD_GCC_CFLAG([-Wformat]) APACHE_ADD_GCC_CFLAG([-Wformat-security]) - APACHE_ADD_GCC_CFLAG([-Werror=format-security]) + APACHE_ADD_GCC_CFLAG([-Wunused]) elif test "$AIX_XLC" = "yes"; then APR_ADDTO(CFLAGS,-qfullpath -qinitauto=FE -qcheck=all -qinfo=pro) fi @@ -808,6 +809,13 @@ AC_MSG_NOTICE([]) AC_MSG_NOTICE([Restore user-defined environment settings...]) AC_MSG_NOTICE([]) +APACHE_CONF_SEL_CC=${CC} +APACHE_CONF_SEL_CFLAGS=${CFLAGS} +APACHE_CONF_SEL_LDFLAGS=${LDFLAGS} +APACHE_CONF_SEL_LIBS=${LIBS} +APACHE_CONF_SEL_CPPFLAGS=${CPPFLAGS} +APACHE_CONF_SEL_CPP=${CPP} + APR_RESTORE_THE_ENVIRONMENT(CPPFLAGS, EXTRA_) APR_RESTORE_THE_ENVIRONMENT(CFLAGS, EXTRA_) APR_RESTORE_THE_ENVIRONMENT(CXXFLAGS, EXTRA_) @@ -865,3 +873,14 @@ test -d docs/conf||$mkdir_p docs/conf AC_CONFIG_FILES(docs/conf/httpd.conf docs/conf/extra/httpd-autoindex.conf docs/conf/extra/httpd-dav.conf docs/conf/extra/httpd-default.conf docs/conf/extra/httpd-info.conf docs/conf/extra/httpd-languages.conf docs/conf/extra/httpd-manual.conf docs/conf/extra/httpd-mpm.conf docs/conf/extra/httpd-multilang-errordoc.conf docs/conf/extra/httpd-ssl.conf docs/conf/extra/httpd-userdir.conf docs/conf/extra/httpd-vhosts.conf docs/conf/extra/proxy-html.conf include/ap_config_layout.h support/apxs support/apachectl support/dbmmanage support/envvars-std support/log_server_status support/logresolve.pl support/phf_abuse_log.cgi support/split-logfile build/rules.mk build/pkg/pkginfo build/config_vars.sh) AC_CONFIG_COMMANDS([default], [true], [APACHE_GEN_MAKEFILES]) AC_OUTPUT +AC_MSG_NOTICE([summary of build options: + + Server Version: ${HTTPD_VERSION} + Install prefix: ${prefix} + C compiler: ${APACHE_CONF_SEL_CC} + CFLAGS: ${APACHE_CONF_SEL_CFLAGS} + LDFLAGS: ${APACHE_CONF_SEL_LDFLAGS} + LIBS: ${APACHE_CONF_SEL_LIBS} + CPPFLAGS: ${APACHE_CONF_SEL_CPPFLAGS} + C preprocessor: ${APACHE_CONF_SEL_CPP} +]) diff --git a/docs/man/httpd.8 b/docs/man/httpd.8 index 5c529a6872f25a57b6ff412a3b65ebe420846a34..f0055ed8dc42f123d711e5ecac09d96aff282ec4 100644 --- a/docs/man/httpd.8 +++ b/docs/man/httpd.8 @@ -27,7 +27,7 @@ httpd \- Apache Hypertext Transfer Protocol Server .SH "SYNOPSIS" .PP -\fBhttpd\fR [ -\fBd\fR \fIserverroot\fR ] [ -\fBf\fR \fIconfig\fR ] [ -\fBC\fR \fIdirective\fR ] [ -\fBc\fR \fIdirective\fR ] [ -\fBD\fR \fIparameter\fR ] [ -\fBe\fR \fIlevel\fR ] [ -\fBE\fR \fIfile\fR ] [ \fB-k\fR start|restart|graceful|stop|graceful-stop ] [ -\fBR\fR \fIdirectory\fR ] [ -\fBh\fR ] [ -\fBl\fR ] [ -\fBL\fR ] [ -\fBS\fR ] [ -\fBt\fR ] [ -\fBv\fR ] [ -\fBV\fR ] [ -\fBX\fR ] [ -\fBM\fR ] [ -\fBT\fR ] +\fBhttpd\fR [ -\fBd\fR \fIserverroot\fR ] [ -\fBf\fR \fIconfig\fR ] [ -\fBC\fR \fIdirective\fR ] [ -\fBc\fR \fIdirective\fR ] [ -\fBD\fR \fIparameter\fR ] [ -\fBe\fR \fIlevel\fR ] [ -\fBE\fR \fIfile\fR ] [ \fB-k\fR start|restart|graceful|stop|graceful-stop ] [ -\fBh\fR ] [ -\fBl\fR ] [ -\fBL\fR ] [ -\fBS\fR ] [ -\fBt\fR ] [ -\fBv\fR ] [ -\fBV\fR ] [ -\fBX\fR ] [ -\fBM\fR ] [ -\fBT\fR ] .PP On Windows systems, the following additional arguments are available: diff --git a/docs/manual/bind.html.de b/docs/manual/bind.html.de index 5851d02d0d26e657b925ee4c992fe326aab6ba81..80e2c66ef45f5dfa9516a9f45f07c481bd1000aa 100644 --- a/docs/manual/bind.html.de +++ b/docs/manual/bind.html.de @@ -217,7 +217,7 @@ var comments_identifier = 'http://httpd.apache.org/docs/2.4/bind.html'; } })(window, document); //-->