Skip to content
GitLab
  1. 05 Jan, 2014 7 commits
  3. 26 Dec, 2013 1 commit
  5. 18 Dec, 2013 1 commit
  7. 29 Nov, 2013 1 commit
  9. 22 Nov, 2013 1 commit
  11. 19 Nov, 2013 2 commits
  13. 17 Nov, 2013 1 commit
  15. 16 Nov, 2013 3 commits
  17. 15 Nov, 2013 2 commits
    • Jim Jagielski's avatar
      Merge r1523281, r1524368, r1525276, r1525280, r1525281 from trunk: · 675e9c8f
      Jim Jagielski authored 
      Switch from private FastCGI protocol handling to util_fcgi API.


Use apr_socket_timeout_get instead of hard-coded 30 seconds timeout.


Bring some envvar flexibility from mod_authnz_fcgi to mod_proxy_fcgi:

mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
An individual envvar with an encoded length of more than 16K will be
omitted.


Borrow a fix from mod_authnz_fcgi:

mod_proxy_fcgi: Handle reading protocol data that is split between
packets.


Use ap_log_rdata() to dump the FastCGI header, axing a bunch
of custom data dumping code.

Submitted by: trawick, jkaluza, trawick, trawick, trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1542330 13f79535-47bb-0310-9956-ffa450edef68
      675e9c8f
    • Jim Jagielski's avatar
      Merge r1526168, r1527291, r1527294, r1527295, r1527926 from trunk: · 3a14aba1
      Jim Jagielski authored 
      Streamline ephemeral key handling:

- drop support for ephemeral RSA keys (only allowed/needed
  for export ciphers)

- drop pTmpKeys from the per-process SSLModConfigRec, and remove
  the temp key generation at startup (unnecessary for DHE/ECDHE)

- unconditionally disable null and export-grade ciphers by always
  prepending "!aNULL:!eNULL:!EXP:" to any cipher suite string

- do not configure per-connection SSL_tmp_*_callbacks, as it is
  sufficient to set them for the SSL_CTX

- set default curve for ECDHE at startup, obviating the need
  for a per-handshake callback, for the time being (and also
  configure SSL_OP_SINGLE_ECDH_USE, previously left out)

For additional background, see
https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C52358ED1.2070704@velox.ch%3E


Follow-up fixes for r1526168:

- drop SSL_TMP_KEY_* constants from ssl_private.h, too

- make sure we also disable aNULL, eNULL and EXP ciphers
  for per-direct...
      3a14aba1
  19. 14 Nov, 2013 1 commit
  21. 13 Nov, 2013 5 commits
  23. 09 Nov, 2013 2 commits
  25. 28 Oct, 2013 2 commits
  27. 18 Oct, 2013 2 commits
    • Jim Jagielski's avatar
      Merge r1529559, r1531505 from trunk: · 484255f2
      Jim Jagielski authored 
      Fix PR 55397: dav_resource->uri treated as an unparsed uri.

The change made for PR 54611 caused this field to be treated as
unescaped.  mod_dav_svn however, provided escaped URIs.  Essentially
breaking support for paths with non-URI safe characters in SVN.

Adjust the code so that dav_resource->uri is assumed to be escaped and
adjust mod_dav_fs so that it uses escaped URIs in this field.

* modules/dav/fs/repos.c
  (dav_fs_get_resource): Use the unparsed_uri to contruct the resource uri.

* modules/dav/main/mod_dav.c
  (dav_xml_escape_uri): Do not uri escape, just handle xml escaping.
  (dav_created): Assume that locn if provided is escaped.
  (dav_method_copymove, dav_method_bind): Use the unparsed_uri on the request
    when calling dav_created() to adjust to locn assuming it is escaped.

* modules/dav/main/mod_dav.h
  (dav_resource): Document that uri is escaped.


Followup to r1529559: mod_dav_fs: Fix encoding of hrefs in PROPFIND response.

Previous commit missed encoding the names of the children of the PROPFIND
request when the depth wasn't 0.

* modules/dav/fs/repos.c
  (dav_fs_append_uri): New function
  (dav_fs_walker): Use dav_fs_append_uri() and adjust length calculations to
    use the encoded length.


Submitted by: breser
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1533448 13f79535-47bb-0310-9956-ffa450edef68
      484255f2
    • Jim Jagielski's avatar
      Merge r1528718 from trunk: · da9cdf04
      Jim Jagielski authored 
      mod_dav: Fix PR 55306.

Makes mod_dav no longer require that the lock token be provided when the
source of a COPY is locked.  The prior behavior was in violating of
RFC 4918 which says that the lock token is only required on resources
that may be modified by the method.

* modules/dav/main/mod_dav.h
  (DAV_VALIDATE_NO_MODIFY): New flag to be passed to dav_validate_* functions.

* modules/dav/main/mod_dav.c
  (dav_method_copymove): Use the new flag when calling dav_validate_request()
    on the COPY source.

* modules/dav/main/util.c
  (dav_validate_resource_state): Use the flag to decide to ignore if the lock
    token is not provided.

Submitted by: breser
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1533447 13f79535-47bb-0310-9956-ffa450edef68
      da9cdf04
  29. 14 Oct, 2013 1 commit
  31. 10 Oct, 2013 2 commits
    • Jim Jagielski's avatar
      Merge r1526666, r1527220 from trunk: · 37b01e35
      Jim Jagielski authored 
      WinNT MPM: Exit the child if the parent process crashes or is terminated.

Submitted by: Oracle, via trawick

The original modification was made some years ago for Oracle HTTP Server
by an Oracle employee.  trawick made additional changes for style and
for trunk/2.4.x changes.


Follow up to r1526666:

Use SYNCHRONIZE instead of PROCESS_ALL_ACCESS because

a. it is sufficient
b. it avoids an issue where PROCESS_ALL_ACCESS is larger on
   newer SDKs, resulting in a run-time error when running on
   older Windows

Close the handle.

Submitted by: Ivan Zhakov <ivan visualsvn.com>

Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1531000 13f79535-47bb-0310-9956-ffa450edef68
      37b01e35
    • Jim Jagielski's avatar
      Merge r1530793 from trunk: · 55337b30
      Jim Jagielski authored 
      core: Don't truncate output when sending is interrupted by a signal,
      such as from an exiting CGI process.

PR: 55643

Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1530999 13f79535-47bb-0310-9956-ffa450edef68
      55337b30
  33. 08 Oct, 2013 3 commits
  35. 07 Oct, 2013 1 commit
  37. 03 Oct, 2013 2 commits