Skip to content
  1. Nov 19, 2013
  2. Nov 17, 2013
  3. Nov 16, 2013
  4. Nov 15, 2013
    • Jim Jagielski's avatar
      Merge r1523281, r1524368, r1525276, r1525280, r1525281 from trunk: · 675e9c8f
      Jim Jagielski authored
      Switch from private FastCGI protocol handling to util_fcgi API.
      
      
      Use apr_socket_timeout_get instead of hard-coded 30 seconds timeout.
      
      
      Bring some envvar flexibility from mod_authnz_fcgi to mod_proxy_fcgi:
      
      mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
      An individual envvar with an encoded length of more than 16K will be
      omitted.
      
      
      Borrow a fix from mod_authnz_fcgi:
      
      mod_proxy_fcgi: Handle reading protocol data that is split between
      packets.
      
      
      Use ap_log_rdata() to dump the FastCGI header, axing a bunch
      of custom data dumping code.
      
      Submitted by: trawick, jkaluza, trawick, trawick, trawick
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1542330 13f79535-47bb-0310-9956-ffa450edef68
      675e9c8f
    • Jim Jagielski's avatar
      Merge r1526168, r1527291, r1527294, r1527295, r1527926 from trunk: · 3a14aba1
      Jim Jagielski authored
      Streamline ephemeral key handling:
      
      - drop support for ephemeral RSA keys (only allowed/needed
        for export ciphers)
      
      - drop pTmpKeys from the per-process SSLModConfigRec, and remove
        the temp key generation at startup (unnecessary for DHE/ECDHE)
      
      - unconditionally disable null and export-grade ciphers by always
        prepending "!aNULL:!eNULL:!EXP:" to any cipher suite string
      
      - do not configure per-connection SSL_tmp_*_callbacks, as it is
        sufficient to set them for the SSL_CTX
      
      - set default curve for ECDHE at startup, obviating the need
        for a per-handshake callback, for the time being (and also
        configure SSL_OP_SINGLE_ECDH_USE, previously left out)
      
      For additional background, see
      https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C52358ED1.2070704@velox.ch%3E
      
      
      Follow-up fixes for r1526168:
      
      - drop SSL_TMP_KEY_* constants from ssl_private.h, too
      
      - make sure we also disable aNULL, eNULL and EXP ciphers
        for per-directory SSLCipherSuite directives
      
      - apply the same treatment to SSLProxyCipherSuite
      
      
      Increase minimum required OpenSSL version to 0.9.8a (in preparation
      for the next mod_ssl commit, which will rely on the get_rfcX_prime_Y
      functions added in that release):
      
      - remove obsolete #defines / macros
      
      - in ssl_private.h, regroup definitions based on whether
        they depend on TLS extension support or not
      
      - for ECC and SRP support, set HAVE_X and change the rather awkward
        #ifndef OPENSSL_NO_X lines accordingly
      
      For the discussion prior to taking this step, see
      https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C524275C7.9060408%40velox.ch%3E
      
      
      Improve ephemeral key handling (companion to r1526168):
      
      - allow to configure custom DHE or ECDHE parameters via the
        SSLCertificateFile directive, and adapt its documentation
        accordingly (addresses PR 49559)
      
      - add standardized DH parameters from RFCs 2409 and 3526,
        use them based on the length of the certificate's RSA/DSA key,
        and add a FAQ entry for clients which limit DH support
        to 1024 bits (such as Java 7 and earlier)
      
      - move ssl_dh_GetParamFromFile() from ssl_engine_dh.c to
        ssl_util_ssl.c, and add ssl_ec_GetParamFromFile()
      
      - drop ssl_engine_dh.c from mod_ssl
      
      For the standardized DH parameters, OpenSSL version 0.9.8a
      or later is required, which was therefore made a new minimum
      requirement in r1527294.
      
      
      PR 55616 (add missing APLOGNO), part 2
      Submitted by: kbrand
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1542327 13f79535-47bb-0310-9956-ffa450edef68
      3a14aba1
  5. Nov 14, 2013
  6. Nov 13, 2013
  7. Nov 09, 2013
  8. Oct 28, 2013
  9. Oct 18, 2013
    • Jim Jagielski's avatar
      Merge r1529559, r1531505 from trunk: · 484255f2
      Jim Jagielski authored
      Fix PR 55397: dav_resource->uri treated as an unparsed uri.
      
      The change made for PR 54611 caused this field to be treated as
      unescaped.  mod_dav_svn however, provided escaped URIs.  Essentially
      breaking support for paths with non-URI safe characters in SVN.
      
      Adjust the code so that dav_resource->uri is assumed to be escaped and
      adjust mod_dav_fs so that it uses escaped URIs in this field.
      
      * modules/dav/fs/repos.c
        (dav_fs_get_resource): Use the unparsed_uri to contruct the resource uri.
      
      * modules/dav/main/mod_dav.c
        (dav_xml_escape_uri): Do not uri escape, just handle xml escaping.
        (dav_created): Assume that locn if provided is escaped.
        (dav_method_copymove, dav_method_bind): Use the unparsed_uri on the request
          when calling dav_created() to adjust to locn assuming it is escaped.
      
      * modules/dav/main/mod_dav.h
        (dav_resource): Document that uri is escaped.
      
      
      Followup to r1529559: mod_dav_fs: Fix encoding of hrefs in PROPFIND response.
      
      Previous commit missed encoding the names of the children of the PROPFIND
      request when the depth wasn't 0.
      
      * modules/dav/fs/repos.c
        (dav_fs_append_uri): New function
        (dav_fs_walker): Use dav_fs_append_uri() and adjust length calculations to
          use the encoded length.
      
      
      Submitted by: breser
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1533448 13f79535-47bb-0310-9956-ffa450edef68
      484255f2
    • Jim Jagielski's avatar
      Merge r1528718 from trunk: · da9cdf04
      Jim Jagielski authored
      mod_dav: Fix PR 55306.
      
      Makes mod_dav no longer require that the lock token be provided when the
      source of a COPY is locked.  The prior behavior was in violating of
      RFC 4918 which says that the lock token is only required on resources
      that may be modified by the method.
      
      * modules/dav/main/mod_dav.h
        (DAV_VALIDATE_NO_MODIFY): New flag to be passed to dav_validate_* functions.
      
      * modules/dav/main/mod_dav.c
        (dav_method_copymove): Use the new flag when calling dav_validate_request()
          on the COPY source.
      
      * modules/dav/main/util.c
        (dav_validate_resource_state): Use the flag to decide to ignore if the lock
          token is not provided.
      
      Submitted by: breser
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1533447 13f79535-47bb-0310-9956-ffa450edef68
      da9cdf04
  10. Oct 14, 2013
  11. Oct 10, 2013
    • Jim Jagielski's avatar
      Merge r1526666, r1527220 from trunk: · 37b01e35
      Jim Jagielski authored
      WinNT MPM: Exit the child if the parent process crashes or is terminated.
      
      Submitted by: Oracle, via trawick
      
      The original modification was made some years ago for Oracle HTTP Server
      by an Oracle employee.  trawick made additional changes for style and
      for trunk/2.4.x changes.
      
      
      Follow up to r1526666:
      
      Use SYNCHRONIZE instead of PROCESS_ALL_ACCESS because
      
      a. it is sufficient
      b. it avoids an issue where PROCESS_ALL_ACCESS is larger on
         newer SDKs, resulting in a run-time error when running on
         older Windows
      
      Close the handle.
      
      Submitted by: Ivan Zhakov <ivan visualsvn.com>
      
      Submitted by: trawick
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1531000 13f79535-47bb-0310-9956-ffa450edef68
      37b01e35
    • Jim Jagielski's avatar
      Merge r1530793 from trunk: · 55337b30
      Jim Jagielski authored
      core: Don't truncate output when sending is interrupted by a signal,
            such as from an exiting CGI process.
      
      PR: 55643
      
      Submitted by: trawick
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1530999 13f79535-47bb-0310-9956-ffa450edef68
      55337b30
  12. Oct 08, 2013
  13. Oct 07, 2013
  14. Oct 03, 2013
  15. Oct 02, 2013
  16. Oct 01, 2013
  17. Sep 26, 2013
  18. Sep 17, 2013