Skip to content
  1. Mar 24, 2018
  3. Mar 23, 2018
  5. Mar 20, 2018
  7. Mar 17, 2018
  9. Mar 15, 2018
  11. Mar 10, 2018
  13. Mar 09, 2018
    • Joe Orton's avatar
      Merge r1617913 from trunk: · e4de5adb
      Joe Orton authored 
      * support/ab.c: Fix crash caused by integer overflow when printing stats with
lot of requests (for example -n 500000000).

Submitted by: jkaluza
Reviewed by: jorton, jim, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826310 13f79535-47bb-0310-9956-ffa450edef68
      e4de5adb
    • Joe Orton's avatar
      Merge r1667676, r1826207 from trunk: · cc6357f0
      Joe Orton authored 
      * mod_access_compat, mod_authz_host: Handle '#' character.
For mod_access_compat, disable '#' in hostname completely.
For mod_authz_host, treat '#' as a comment and ignore everything after that.
This allows better handling of admin errors like
'Require host localhost# Add example.com later'.

* modules/aaa/mod_authz_host.c (host_check_authorization): Simplify
  comment stripping in "Require host"; log a warning if a comment is
  used in 'Require host', or an error if the expression is empty with
  the comment stripped. (Currently in 2.4, #comment part is parsed)

Submitted by: jkaluza, jorton
Reviewed by: jorton, jim, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826309 13f79535-47bb-0310-9956-ffa450edef68
      cc6357f0
    • Joe Orton's avatar
      Merge r1532281, r1532289, r1537718 from trunk: · dba3b47d
      Joe Orton authored 
      * support/rotatelogs.c (get_now): Return the offset applied to the
  Unix time as a parameter.
  (doRotate): When exploding the time for strtfime formatting, iff in
  -l mode, subtract the offset and explode the real Unix time as a
  local time so %Z etc works correctly.

* support/rotatelogs.c (get_now): Fix the NULL ptr dereferences 
  added in r1532281.

* support/rotatelogs.c: Introduce an adjusted_time_t type to store the
  weird "adjusted time since epoch" type returned by get_now().
  Switch from int to long to fix an unnecessary Y2K38 issue.  Adjust
  use throughout and clean up other type issues.  No functional change
  intended apart from fixing Y2K38.

Submitted by: jorton
Reviewed by: jorton, jim, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826306 13f79535-47bb-0310-9956-ffa450edef68
      dba3b47d
    • Joe Orton's avatar
      Merge r1811976 from trunk: · 43f1c1f1
      Joe Orton authored 
      Add optional _RAW suffix to SSL_*_DN_xx attribute names, allowing
users to convert an attribute value without conversion to UTF-8.  (A
public CA has issued certs with attributes tagged as the wrong ASN.1
string types.)

* modules/ssl/ssl_util_ssl.c (asn1_string_convert): Rename from
  asn1_string_to_utf8; add raw argument. Reimplement _to_utf8 as
  macro.
  (modssl_X509_NAME_ENTRY_to_string): Add raw argument.

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): Use raw
  string conversion if _RAW suffix is present in DN component.

Submitted by: jorton
Reviewed by: jorton, jim, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826300 13f79535-47bb-0310-9956-ffa450edef68
      43f1c1f1
  15. Mar 04, 2018
  17. Mar 03, 2018
    • Daniel Ruggeri's avatar
      Post 2.4.31 tag updates · 27990eea
      Daniel Ruggeri authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1825777 13f79535-47bb-0310-9956-ffa450edef68
      27990eea
    • Yann Ylavic's avatar
      Merge r1802040, r1807876, r1808014, r1805490, r1823886 from trunk: · 7b22490b
      Yann Ylavic authored 
      mod_proxy_fcgi: Add the support for mod_proxy's
                flushpackets and flushwait params

This change was requested on the development mailing
list in order to fill another gap between mod_fcgi
and mod_proxy_fcgi, namely the -flush funtionality.

The more evolved core trunk code would not need this
feature becuse of the non-blocking writes, but it
is be needed in 2.4.x.


mod_proxy_fcgi: limit the flush buckets inserted when flushpackets=on|auto

This commit is a follow up of r1802040 based on Jacob's
feedback, namely inserting the FLUSH buckets only when
really needed and useful, not always.


mod_proxy_fcgi: follow up to r1807876.
Fix mixed declarations and code [-Wdeclaration-after-statement].

Fix a compilation warning introduced by r1802040.
mod_proxy_fcgi.c:893:19: warning: ‘flushpoll’ may be used uninitialized in this function [-Wmaybe-uninitialized]

This warning is a false positive.


mod_proxy_fcgi: prioritize the check for mayflush when using flushpackets

The mayflush variable should be checked before the rest
to avoid polling when not needed.

Suggested by Yann Ylavic on the dev@ mailing list.


Submitted by: elukey, ylavic, jailletc36, elukey
Reviewed by: elukey, jim, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1825765 13f79535-47bb-0310-9956-ffa450edef68
      7b22490b
  19. Feb 20, 2018
    • Yann Ylavic's avatar
      Merge r1823047, r1824454, r1824463, r1824464, r1824497, r1824862, r1824877 from trunk: · f70828d2
      Yann Ylavic authored 
      mpm_event: move lingering close "sucker" from the listener to worker(s).

This was the last non-constant time action performed by the listener thread.

It's now handled by the worker thread directly after entering lingering close,
which should directly address the cases when the socket is already closed
remotely at that time, hence avoid more scheduling (it may be the common case
for some scenarios).

And it's only if the above would need blocking (i.e. more data to suck) that
the socket is added to the pollset for the listener to re-schedule a worker
later when ready. If no worker is available at that time then the socket is
forcibly closed (similarly to what's done for keepalive connections in this
case).

Also, since process_lingering_close() is now called by a worker thread and
with almost no depth in the call stack, we can grow the size of the "suck"
buffer from 2K to 32K to potentially call recv() up to sixteen times less.


mpm_event: follow up to r1823047.

Update clogged counter on read_request retry too.


mpm_event: follow up to r1823047: simplify "clogging" logic (reentrance).


mpm_event: follow up to r1823047: complete state validation after processing.


mpm_event: follow up to r1823047: CHANGES entry.


mpm_event: follow up to r1823047 and r1824464.

MMN bump for CONN_STATE_NUM, plus don't consider CONN_STATE_LINGER_* as valid
states returned process_connection (never have been).


mpm_event: follow up to r1823047 and r1824862.

Revert (broken) functional change from r1824862.


Submitted by: ylavic
Reviewed by: ylavic, minfrin, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824879 13f79535-47bb-0310-9956-ffa450edef68
      f70828d2
    • Yann Ylavic's avatar
      Revert r1824868 (and r1824869). · a35bb6eb
      Yann Ylavic authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824874 13f79535-47bb-0310-9956-ffa450edef68
      a35bb6eb
    • Yann Ylavic's avatar
      Merge r1824811 from trunk: · 39ae6cd6
      Yann Ylavic authored 
      10 years after r567503 , fix this properly.

The lock is created in post_config, so we can't copy it
around in a merge_server_config() callback.


Submitted by: covener
Reviewed by: covener, rpluem, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824872 13f79535-47bb-0310-9956-ffa450edef68
      39ae6cd6
    • Yann Ylavic's avatar
      Merge r1823047, r1824454, r1824463, r1824464, r1824497, r1824862 from trunk: · 566b629a
      Yann Ylavic authored 
      mpm_event: move lingering close "sucker" from the listener to worker(s).

This was the last non-constant time action performed by the listener thread.

It's now handled by the worker thread directly after entering lingering close,
which should directly address the cases when the socket is already closed
remotely at that time, hence avoid more scheduling (it may be the common case
for some scenarios).

And it's only if the above would need blocking (i.e. more data to suck) that
the socket is added to the pollset for the listener to re-schedule a worker
later when ready. If no worker is available at that time then the socket is
forcibly closed (similarly to what's done for keepalive connections in this
case).

Also, since process_lingering_close() is now called by a worker thread and
with almost no depth in the call stack, we can grow the size of the "suck"
buffer from 2K to 32K to potentially call recv() up to sixteen times less.


mpm_event: follow up to r1823047.

Update clogged counter on read_request retry too.


mpm_event: follow up to r1823047: simplify "clogging" logic (reentrance).


mpm_event: follow up to r1823047: complete state validation after processing.


mpm_event: follow up to r1823047: CHANGES entry.


mpm_event: follow up to r1823047 and r1824464.

MMN bump for CONN_STATE_NUM, plus don't consider CONN_STATE_LINGER_* as valid
states returned process_connection (never have been).


Submitted by: ylavic
Reviewed by: ylavic, minfrin, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824868 13f79535-47bb-0310-9956-ffa450edef68
      566b629a
  21. Feb 19, 2018
  23. Feb 16, 2018
  25. Feb 15, 2018
  27. Feb 14, 2018
    • Christophe Jaillet's avatar
      Add CHANGES entry · c89dd542
      Christophe Jaillet authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824271 13f79535-47bb-0310-9956-ffa450edef68
      c89dd542
    • Yann Ylavic's avatar
      Merge r1776575, r1776578, r1776624, r1776627, r1776674, r1776734, r1776740,... · d986c37f
      Yann Ylavic authored 
      Merge r1776575, r1776578, r1776624, r1776627, r1776674, r1776734, r1776740, r1778268, r1780725, r1781030, r1781031, r1781701, r1788674, r1789800, r1790169, r1790457, r1790691, r1806985, r1812332, r1818279 from trunk:

Merge new PROXY protocol code into mod_remoteip

Fix typo in mod_remoteip's doc

Shorten RemoteIPProxyProtocolEnable to RemoteIPProxyProtocol and correct references in docs

Move attribution for mod_remoteip RemoteIPProxyProtocol from file to CHANGES

On the trunk:

* mod_remoteip: added cast to fix clang compiler error



Reinsert attribution to mod_remoteip.c for PROXY protocol

* Silence compiler warning

Set all read buckets aside in case we need to restore all during optional header processing

* modules/metadata/mod_remoteip.c: Fix GCC strict-aliasing warning
  by moving deference of header array via a different pointer type 
  ("type-punning") out of line.


* modules/metadata/mod_remoteip.c (register_hooks,
  remoteip_hook_pre_connection): Reference the filter by handle rather
  than name (avoiding tree lookup by name on use).


Change tactic for PROXY processing in Optional case

Finally include feedback from Ruediger Pluem. Add slave "backoff" verified by Sander Hoentjen

Update PROXY handling by removing Optional processing

Rename RemoteIPProxyProtocolDisableHosts to RemoteIPProxyProtocolExceptions

Fix directive name in 
(s/RemoteIPProxyProtocolDisableNetworks/RemoteIPProxyProtocolExceptions/)

Use cmd->cmd->name instead to be future proof.

XML update plus typo in mod_remoteip.xml.


PROXY protocol proposal corrections

Fix format pattern (%lu => %APR_SIZE_T_FMT).

Detected by maintainer mode compilation and GCC error:

.../modules/metadata/mod_remoteip.c:
In function 'remoteip_input_filter':
.../include/http_log.h:117:33:
error: format '%lu' expects argument of type
'long unsigned int', but argument 8 has type
'apr_size_t {aka unsigned int}' [-Werror=format=]


APR-ize uint types


Submitted by: druggeri, elukey, druggeri, druggeri, druggeri, icing, druggeri, rpluem, druggeri, jorton, jorton, druggeri, druggeri, druggeri, druggeri, jailletc36, lgentis, mrumph, rjung, jim
Reviewed by: druggeri, jim, minfrin


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824248 13f79535-47bb-0310-9956-ffa450edef68
      d986c37f
    • Yann Ylavic's avatar
      Revert r1824221: wrong backport. · 708c0a08
      Yann Ylavic authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824246 13f79535-47bb-0310-9956-ffa450edef68
      708c0a08