- Mar 31, 2015
-
-
Jim Jagielski authored
mod_proxy_connect/wstunnel: If both client and backend sides get readable at the same time, don't lose errors occuring while forwarding on the first side when none occurs next on the other side, and abort. CHANGES: Follow up to r1657636, clarify message. mod_proxy_{connect,wstunnel}: follow up to r1657636. Since rv is not used as an apr_status_t in the loop (it's logging is done by proxy_{connect,wstunnel}_transfer() when necessary/relevent), use a boolean instead to avoid the ugly ORs between APR error codes. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670324 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
core: Add expression support to ErrorDocument. Switch from a fixed sized 664 byte array per merge to a hash table. Submitted by: minfrin Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670320 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Avoid a potential integer underflow in the lock timeout value sent back to a client. The answer to a LOCK request could be an extremly large integer if the time needed to lock the resource was longer that the requested timeout given in the LOCK request. In such a case, we now answer "Second-0". PR55420 Submitted by: jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670319 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 27, 2015
-
-
Jim Jagielski authored
Retry ENOENT like ECONNREFUSED, but only near a server restart. PR57685 Submitted By: Edward Lu Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1669559 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy_http: Don't expect the backend to ack the "Connection: close" to finally close those not meant to be kept alive by SetEnv proxy-nokeepalive or force-proxy-request-1.0, and respond with 502 instead of 400 if its Connection header is invalid. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1669558 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy: use the original (non absolute) form of the request-line's URI for requests embedded in CONNECT payloads used to connect SSL backends via a ProxyRemote forward-proxy. PR 55892. Submitted by: Hendrik Harms <hendrik.harms gmail com> Reviewed by: wrowe, ylavic Committed by: ylavic mod_proxy: follow up to r1665215: CHANGES entry. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1669556 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
A misplaced check for inflation limits prevented limiting relatively small inputs. PR56872 Submitted By: Edward Lu Committed By: covener mod_deflate: follow up to r1619383. deflate_in_filter(): - use inflated bytes per inflate() call to compute the total output bytes, - check zlib errors before limits, - add missing check_ratio() when asked to flush. deflate_out_filter(): - check ratio after each inflate() call. mod_deflate: follow up to r1619383 and r1619444: CHANGES entry. CHANGES: follow up to r1662245: Add PR number. Submitted by: covener, ylavic, ylavic, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1669555 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 24, 2015
-
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1668880 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
*) SECURITY: CVE-2015-0253 (cve.mitre.org) core: Fix a crash introduced in with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in 2.4.11. PR 57531. [Yann Ylavic] Submitted By: ylavic Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1668879 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
Remove some instances where a RewriteBase must be specified Previously, any time you used a relative substitution in per-directory/htaccess context, you needed to specify a RewriteBase. But in case where the context document root and context prefix are known via e.g. mod_userdir or mod_alias, and the substitution is under the context document root, we can determine the replacement automatically. This makes htaccess files or config snippets a bit more portable. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1668870 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 05, 2015
-
-
Jim Jagielski authored
mpm_event: follow up to r1538490, r1545736, r1604350, r1639614 and r1642868. Clear and restore sbh in notify_suspend() and notify_resume() respectively. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1664365 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_ssl: Add the SSL_CLIENT_CERT_RFC4523_CEA variable, which provides a combination of certificate serialNumber and issuer as defined by CertificateExactMatch in RFC4523. Submitted by: minfrin Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1664363 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 04, 2015
-
-
Eric Covener authored
*) SECURITY: CVE-2015-0228 (cve.mitre.org) mod_lua: A maliciously crafted websockets PING after a script calls r:wsupgrade() can cause a child process crash. [Edward Lu <Chaosed0 gmail.com>] Discovered by Guido Vranken <guidovranken gmail.com> Submitted by: Edward Lu Committed by: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1664118 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
Fix bit-shifting of websockets frame fields that would yield wrong opcodes when the FIN bit was set. Results in PING not being recognized by mod_lua. PR57524 Submitted By: Edward Lu Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1664117 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 02, 2015
-
-
http://svn.apache.org/r1661913Graham Leggett authored
ab: Add missing longest request (100%) to CSV export. PR57614. Submitted by: ylavic Reviewed by: covener, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1663405 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_macro: Clear macros before initialization to avoid use-after-free on startup or restart when the module is linked statically. PR 57525 Submitted by: apache.org tech.futurequest.net Committed by: Yann Ylavic Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1663260 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_alias: Introduce expression parser support for Alias, ScriptAlias and Redirect. Use unsigned bit fields. mod_alias: follow up to r1653941. Fill empty APLOGNO(). Submitted by: minfrin, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1663259 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_ssl: Fix merge problem with SSLProtocol that made SSLProtocol ALL ignored in virtualhost context (new version of r1653906 reverted by r1653993). Submitted By: Michael Kaufmann <apache-bugzilla michael-kaufmann.ch> Committed/modified By: ylavic Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1663258 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 27, 2015
-
-
Christophe Jaillet authored
* mod_ssl: Fix renegotiation failures redirected to an ErrorDocument. (segfault flaw) PR 57334. Submitted by: ylavic Reviewed by: ylavic, wrowe, minfrin Backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1662640 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 24, 2015
-
-
Rainer Jung authored
mod_proxy_ajp: Forward SSL protocol name (SSLv3, TLSv1.1 etc.) as a request attribute to the backend. The name is taken from the SSL_PROTOCOL env var. Recent Tomcat versions will extract it and provide it as a servlet request attribute named "org.apache.tomcat.util.net.secure_protocol_version". The change is compatible with existing AJP13, because we forward the protocol name as a normal named attribute, not with a new byte abbreviated attribute name. Submitted by: rjung Reviewed by: rjung, ylavic, covener Backported by: rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1662076 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
core: Optimize string concatenation in expression parser when evaluating a string expression. We have a relatively small recursion limit of about 10 operations. This is a compilation limit (a define). It can be hit if many expr vars or function calls are concatenated in an expression that is evaluated as a string not as a boolean. The new optimization uses iteration instead of recursion and is very similar to the existing one, which optimizes consecutive concatenations in node2 of the tree. The new one optimizes consecutive concatenations in node 1. Submitted by: rjung Reviewed by: rjung, ylavic, covener Backported by: rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1662075 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
* acinclude.m4: Generate #LoadModule directive in default httpd.conf for every --enable-mpms-shared. PR 53882. Submitted by: olli hauer <ohauer gmx.de>, Yann Ylavic Reviewed by: ylavic, rjung, jailletc36 Backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1661848 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 23, 2015
-
-
Mike Rumph authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1661754 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
as in r1517366, drop the severity in authz_groupfile when a require didn't match but no real error was encountered. This individual 'require group' may not really dictate who gets in. PR55523 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1661749 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 22, 2015
-
-
Christophe Jaillet authored
* mod_authn_dbd: Precedence issue. Fix the error message logged in case of error while querying the database. Submitted by: jailletc36 Reviewed by: jailletc36, mrumph, minfrin Backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1661456 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 28, 2015
-
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1655495 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1655493 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 22, 2015
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1654002 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Fix --enable-v4-mapped configuration on *BSD. PR 53824. Submitted by: olli hauer <ohauer gmx.de> Committed by: ylavic Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1653962 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 19, 2015
-
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652936 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652935 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652933 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652931 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 15, 2015
-
-
wrowe authored
internationalization. Backports: r1611169 Reviewed by: wrowe, gsmith git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652266 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652260 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
mod_ssl: Add SSLSessionTickets (on|off). It controls the use of TLS session tickets (RFC 5077). Default is unchanged (on). Using session tickets without restarting the web server with an appropriate frequency (e.g. daily) compromises perfect forward secrecy. As long as we do not have a nice key management there needs to be a way to deactivate the use of session tickets. Submitted by: rjung Reviewed by: rjung, covener, ylavic Backported by: rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652074 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 14, 2015
-
-
Eric Covener authored
remove bad merge from CHANGES in r1651656 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651856 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
provide alternative PATH_INFO calculation options for proxy_fcgi. PR 55329 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651663 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
trunk patch: http://svn.apache.org/r1588544 (rewrite+UDS) http://svn.apache.org/r1641636 ('using default worker' msg tweak) http://svn.apache.org/r1647005 (tcp reuse) http://svn.apache.org/r1647009 (uds reuse) http://svn.apache.org/r1647334 (uds reuse fix) + 1 additional de_socketfy call in mod_proxy git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651662 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651660 13f79535-47bb-0310-9956-ffa450edef68
-