Commits · 3805ede77f2ebc4a31c64423d9a10aa3ad47685c · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

Mar 12, 2019

*) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is · 3805ede7

Stefan Eissing authored Mar 12, 2019

in play, the proper HTTP/2 stream reset did not trigger with H2_ERR_HTTP_1_1_REQUIRED.
Fixed. [Michael Kaufmann]

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1855295 13f79535-47bb-0310-9956-ffa450edef68

3805ede7

Mar 09, 2019

fr doc rebuild. · 1a6e393d

Lucien Gentis authored Mar 09, 2019


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1855114 13f79535-47bb-0310-9956-ffa450edef68

1a6e393d

fr doc update. · c923ad25

Lucien Gentis authored Mar 09, 2019


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1855113 13f79535-47bb-0310-9956-ffa450edef68

c923ad25

Mar 07, 2019

Adding new H2Padding directive. · 0b18e40c

Stefan Eissing authored Mar 07, 2019


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1854964 13f79535-47bb-0310-9956-ffa450edef68

0b18e40c

*) mod_http2: new configuration directive: ```H2Padding numbits``` to control · 75bca236

Stefan Eissing authored Mar 07, 2019

     padding of HTTP/2 payload frames. 'numbits' is a number from 0-8,
     controlling the range of padding bytes added to a frame. The actual number
     added is chosen randomly per frame. This applies to HEADERS, DATA and PUSH_PROMISE
     frames equally. The default continues to be 0, e.g. no padding. [Stefan Eissing] 
  
  *) mod_http2: ripping out all the h2_req_engine internal features now that mod_proxy_http2
     has no more need for it. Optional functions are still declared but no longer implemented.
     While previous mod_proxy_http2 will work with this, it is recommeneded to run the matching
     versions of both modules. [Stefan Eissing]
  
  *) mod_proxy_http2: changed mod_proxy_http2 implementation and fixed several bugs which
     resolve PR63170. The proxy module does now a single h2 request on the (reused)
     connection and returns. [Stefan Eissing]



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1854963 13f79535-47bb-0310-9956-ffa450edef68

75bca236

Mar 03, 2019

Fix a parsing error when using Ant 1.9.13 without the external Xerces (2.9.0) and Xalan (2.7.1). · bc7b2b66

Christophe Jaillet authored Mar 03, 2019

The error is: "filter-expr(funcall(current, []), [pred(=(step("attribute", 39), literal-expr(section)))])'. Cause: Erreur lors de la vérification du type de l'expression 'filter-expr(funcall(current, []), [pred(=(step("attribute", 39), literal-expr(section)))])"

This takes us 1 step closer to use Ant 1.9+ and remove Xerces and Xalan from the build chain.

Patch tested with the current doc build chain (Ant 1.6.5 + Xerces + Xalan) on the 2.4.x branch.
Even if actually we don't have any "<Foo>" and "Foo" directives, I've checked that the doc is built correctly in such a case.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1854677 13f79535-47bb-0310-9956-ffa450edef68

bc7b2b66

Feb 26, 2019

Simplify charset handling · 94daae91

William A. Rowe Jr authored Feb 26, 2019

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1854409 13f79535-47bb-0310-9956-ffa450edef68

94daae91

update transformation · 9eda9d30

André Malo authored Feb 26, 2019


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1854379 13f79535-47bb-0310-9956-ffa450edef68

9eda9d30

*) mod_http2/mod_proxy_http2: proxy_http2 checks correct master connection aborted status · 2b45160d

Stefan Eissing authored Feb 26, 2019

     to trigger immediate shutdown of backend connections. This is now always signalled
     by mod_http2 when the the session is being released. 
     proxy_http2 now only sends a PING frame to the backend when there is not already one
     in flight. [Stefan Eissing]

  *) mod_proxy_http2: fixed an issue where a proxy_http2 handler entered an infinite 
     loop when encountering certain errors on the backend connection. 
     See <https://bz.apache.org/bugzilla/show_bug.cgi?id=63170>. [Stefan Eissing]



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1854365 13f79535-47bb-0310-9956-ffa450edef68

2b45160d

Feb 23, 2019

fr doc rebuild. · 23167945

Lucien Gentis authored Feb 23, 2019


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1854223 13f79535-47bb-0310-9956-ffa450edef68

23167945

XML fr doc files updates. · 0ef96a13

Lucien Gentis authored Feb 23, 2019


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1854222 13f79535-47bb-0310-9956-ffa450edef68

0ef96a13

Feb 20, 2019

http: Fix possible empty response with mod_ratelimit for HEAD requests. · 122d7c1a

Yann Ylavic authored Feb 20, 2019

Don't eat the EOS in ap_http_header_filter() if it comes in single brigade
with a full response to a HEAD request, otherwise mod_ratelimit will never
flush its pending data.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1854004 13f79535-47bb-0310-9956-ffa450edef68

122d7c1a

Reviewed and corrected some spelling and typos · 04e06abc

Luis Gil authored Feb 20, 2019


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1854002 13f79535-47bb-0310-9956-ffa450edef68

04e06abc

changed typo on "This module relies on OpenSSL to provide the cryptography engine." to change · 89cec047
Luis Gil authored Feb 20, 2019
```
cryptographic 

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1854000 13f79535-47bb-0310-9956-ffa450edef68
```
89cec047

mod_proxy_hcheck: mute "run from watchdog" message. · 100de5f7

Yann Ylavic authored Feb 20, 2019

This is way too verbose (every 100ms) to be logged at any LogLevel.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853992 13f79535-47bb-0310-9956-ffa450edef68

100de5f7

Update a comment about the 'PATCH' HTTP command · a840abb0

Christophe Jaillet authored Feb 20, 2019

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853980 13f79535-47bb-0310-9956-ffa450edef68

a840abb0

mod_http2: fix for latest mod_reqtimeout change re handshake timeouts · 28dcf6bc
Stefan Eissing authored Feb 20, 2019
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853967 13f79535-47bb-0310-9956-ffa450edef68
```
28dcf6bc

mod_proxy_http: revert spurious comment from r1853953. · c855a340

Yann Ylavic authored Feb 20, 2019

No, if we read more bytes than the C-L there is really something wrong in
our (or some) HTTP input filter.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853956 13f79535-47bb-0310-9956-ffa450edef68

c855a340

mod_proxy_http: common function for stream_reqbody_{cl,chunked}() · 7db37186

Yann Ylavic authored Feb 20, 2019

Since stream_reqbody_cl() and stream_reqbody_chunked}() now have the same
structure, join them into a single stream_reqbody() function which is passed
the rb_method to handle only CL vs chunked cases differently.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853953 13f79535-47bb-0310-9956-ffa450edef68

7db37186

Follow up to r1853874: CHANGES entry. · 8546789d

Yann Ylavic authored Feb 20, 2019

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853938 13f79535-47bb-0310-9956-ffa450edef68

8546789d

mod_reqtimeout: follow up to r1853901: init stage name outside INIT_STAGE(). · 9c50eb47

Yann Ylavic authored Feb 20, 2019

It helps both code readability where stages are initilized and potential
logging in the output filter (even if the stage is disabled).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853935 13f79535-47bb-0310-9956-ffa450edef68

9c50eb47

mod_reqtimeout: follow up to r1853901: fix macro args. · 32035168

Yann Ylavic authored Feb 20, 2019


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853929 13f79535-47bb-0310-9956-ffa450edef68

32035168

Feb 19, 2019

mod_reqtimeout: follow up to r1853906: adjust hooks priorities comments. · fa21cfb2
Yann Ylavic authored Feb 19, 2019
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853908 13f79535-47bb-0310-9956-ffa450edef68
```
fa21cfb2

mod_reqtimeout: Allow to configure (TLS-)handshake timeouts. · 8aee6248

Yann Ylavic authored Feb 19, 2019

The timeouts apply between the process_connection and pre_read_request hooks.
They are disabled by default for compatibily reasons.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853906 13f79535-47bb-0310-9956-ffa450edef68

8aee6248

mod_reqtimeout: factorize structs and code. · 99f75669

Yann Ylavic authored Feb 19, 2019

With a bit of macro magic, this is to avoid more code duplication when adding
new stages (next commit will add TLS/handshake timeouts handling in addition to
existing header and body ones).

No functional change here.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853901 13f79535-47bb-0310-9956-ffa450edef68

99f75669

mod_cache_socache: avoid pool to heap reallocation. · eefe9a1e

Yann Ylavic authored Feb 19, 2019

Below some threshold, the previous code tried free (sub-)pooled memory ASAP by
moving small buffers (< capacity / 2) to a heap bucket. But this is not really
an optimization because first it requires at some point to allocate more than
the configured capacity, and second since this happens during response handling
the pool is about to be destroyed soon anymay.

This commit simply keeps the data in the subpool and uses a pool bucket for the
output brigade to take care of the lifetime until it's consumed (or not).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853874 13f79535-47bb-0310-9956-ffa450edef68

eefe9a1e

Feb 17, 2019
- This is harmless, but this really should be an 'echo_do *' · f8450023
  Christophe Jaillet authored Feb 17, 2019
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853757 13f79535-47bb-0310-9956-ffa450edef68
```
  f8450023
Feb 15, 2019

- Be consistent with the case used for uniqueMember. · 0a6aadfb

Christophe Jaillet authored Feb 15, 2019

- Be consistent with the case used for AuthLDAPURL. Use uppercase URL, as in the code in order to fix syntax highlight issues.
- Fix the case of AuthLDAPSubGroupAttribute in <default>, so that quickreference.xsl works as expected

Fix some other small layout issues.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853664 13f79535-47bb-0310-9956-ffa450edef68

0a6aadfb

Fix compatibility note, 'SSLPolicy' is not in 2.4.x yet. · 6f19b20b

Christophe Jaillet authored Feb 15, 2019

+ remove a trailing space to synch with 2.4.x

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853644 13f79535-47bb-0310-9956-ffa450edef68

6f19b20b

Add directive name, so that quickreference.xsl can extract default value correctly. · e5af849c

Christophe Jaillet authored Feb 15, 2019

Always align on the left code in <highlight> block in order to be consistent and fix a layout issue.

Add some links between directives.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853637 13f79535-47bb-0310-9956-ffa450edef68

e5af849c

* modules/md/mod_md_config.c (md_mod_conf_get): Use state-dir-relative · 4b5a45c8

Joe Orton authored Feb 15, 2019

  default base_dir.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853631 13f79535-47bb-0310-9956-ffa450edef68

4b5a45c8

Add directive name, so that quickreference.xsl can extract default value correctly. · ec42ca1b
Christophe Jaillet authored Feb 15, 2019
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853624 13f79535-47bb-0310-9956-ffa450edef68
```
ec42ca1b
Fix the directive name used in <default> syntax for DefaultRuntimeDir. · c6b41c4c
Christophe Jaillet authored Feb 15, 2019
```
Add some links.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853623 13f79535-47bb-0310-9956-ffa450edef68
```
c6b41c4c

Fix typo added in r1838958 · 4ef998e0

Christophe Jaillet authored Feb 15, 2019

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853618 13f79535-47bb-0310-9956-ffa450edef68

4ef998e0

Fix case in directive name, so that quickreference.xsl can extract default value correctly. · 856b6caf
Christophe Jaillet authored Feb 15, 2019
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853617 13f79535-47bb-0310-9956-ffa450edef68
```
856b6caf

Fix typo · 1d7d7b8c

Christophe Jaillet authored Feb 15, 2019

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853616 13f79535-47bb-0310-9956-ffa450edef68

1d7d7b8c

Add some additional tests to report badly formatted synopsis. · 6f3f4be4

Christophe Jaillet authored Feb 15, 2019

Comment-out these tests because of the noise it generates, but leave it there, if useful for s.o.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853615 13f79535-47bb-0310-9956-ffa450edef68

6f3f4be4

Feb 14, 2019

mod_proxy_http: follow up to r1853561. · 20731b85

ylavic authored Feb 14, 2019

Handle "proxy-sendextracrlf" within the loop too.

Btw, this extra CRLF heresy should go (at least in trunk)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853566 13f79535-47bb-0310-9956-ffa450edef68

20731b85

Revert r1853564. · efd97d1e

ylavic authored Feb 14, 2019


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853565 13f79535-47bb-0310-9956-ffa450edef68

efd97d1e

mod_proxy_http: follow up to r1853409: no need to double flush on EOS. · 3bd4c3b7
ylavic authored Feb 14, 2019
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853564 13f79535-47bb-0310-9956-ffa450edef68
```
3bd4c3b7