- Feb 13, 2018
-
-
Graham Leggett authored
allowing per backend TLS configuration. trunk patch: http://svn.apache.org/r1740928 http://svn.apache.org/r1740960 http://svn.apache.org/r1740967 http://svn.apache.org/r1740987 http://svn.apache.org/r1740998 http://svn.apache.org/r1742697 http://svn.apache.org/r1756976 http://svn.apache.org/r1781313 http://svn.apache.org/r1812193 2.4.x patch: https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/httpd-2.4.x-r1740928_and_co-v6.patch +1: ylavic, icing, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824187 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
trunk patch: http://svn.apache.org/r1810358 http://svn.apache.org/r1810362 http://svn.apache.org/r1810363 http://svn.apache.org/r1810365 http://svn.apache.org/r1810447 http://svn.apache.org/r1816919 http://svn.apache.org/r1816922 http://svn.apache.org/r1818013 http://svn.apache.org/r1818280 +1: jim, icing, minfrin icing: tested on ubuntu 16.04 with a simple uwsgi python app. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824184 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
depend on the number of restarts (non-Unix systems) and preserve shared names as much as possible on configuration changes for SHMs and persisted files. PR 62044. trunk patch: http://svn.apache.org/r1822509 http://svn.apache.org/r1822511 http://svn.apache.org/r1823412 http://svn.apache.org/r1823415 http://svn.apache.org/r1823416 http://svn.apache.org/r1823564 http://svn.apache.org/r1823572 http://svn.apache.org/r1823575 2.4.x patch: trunk works (modulo CHANGES) (or http://home.apache.org/~ylavic/patches/httpd-2.4.x-PR62044-slotmems_reuse.patch) +1: ylavic, jim, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824180 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 10, 2018
-
-
Stefan Eissing authored
Merged /httpd/httpd/trunk:r1821371,1822502-1822503,1822624 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1823781 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 09, 2018
-
-
Yann Ylavic authored
mod_event: Let the listener thread do its maintenance job on resources shortage. PR 61979. Follow up to r1821558: CHANGES typo. mpm_event: Follow up to r1821558. Don't crash (in listener) if we can't create the ptrans allocator. Submitted by: ylavic Reviewed by: ylavic, jim, icing git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1823644 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
mpm_event: wakeup the listener to re-enable listening sockets. When listening sockets are disabled (too many connections) and the number of workers / active connections comes back below the limit, we need to wake up the listener to re-enable them. Add a new connections_above_limit() helper to determine when this applies. Follow up to r1819855: CHANGES entry. Submitted by: ylavic Reviewed by: ylavic, jim, icing git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1823643 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1823636 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
Merge of r1605328,r1629576,r1643279,r1703241,r1802535,r1819847,r1819848,r1819852,r1819853,r1819855,r1821562,r1821558,r1821561,r1821595 from trunk *) event: staging changes (incremental patches) to sync 2.4.x with trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1823629 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLCompression): Fail if enabled *and* if OpenSSL does not make any compression methods available. Tweak wording for failure without SSL_OP_NO_COMPRESSION. Submitted by: jorton Reviewed by: jorton, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1823625 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 18, 2018
-
-
Yann Ylavic authored
mpm_{event,worker}: Mask signals for threads created by modules in child init. PR 62009, so that they don't receive (implicitely) the ones meant for the MPM. Inspired by: Armin Abfalterer <a.abfalterer gmail.com> Follow up to r1821504: same comment in event than in worker. Proposed by: ylavic Reviewed by: ylavic, icing, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1821517 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 13, 2018
-
-
Yann Ylavic authored
mod_proxy_html: skip documents < 4 bytes PR 56286 Micha Lenk follow up r1599012: C99 fix Fix some style mod_proxy_html: follow up to r1599012. To determine whether or not HTML data are lower than 4 bytes, use a retain buffer rather than assuming that all should be contained in a single bucket with the next one being EOS (if any). mod_proxy_html: don't depend on NUL terminated bucket data. ap_regexec() wants NUL terminated strings, so use ap_regexec_len() instead. Submitted by: niq, takashi, jailletc36, ylavic, ylavic Reviewed by: jim, ylavic, icing git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1821073 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
core, mpm_event: Add ap_update_sb_handle() to avoid a small memory leak of sizeof(ap_sb_handle_t) when re-entering event's process_socket(). Follow up to r1802618: CHANGES entry. Proposed by: ylavic Reviewed by: ylavic, icing, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1821069 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
event: update worker score keepalive status. Correct regressions introduced in r1137358 and r1740910. The conn_rec context may be passed only when setting up the initial connection, otherwise the request info is trashed. Follow up to r1740910: CHANGES entry. Submitted by: ylavic, wrowe, ylavic Reviewed by: ylavic, icing, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1821068 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 10, 2018
-
-
Yann Ylavic authored
PR61891: looping over mostly full LDAP cache *) mod_ldap: Fix a case where a full LDAP cache would continually fail to purge old entries and log AH01323. PR61891. Submitted By: Hendrik Harms <hendrik.harms gmail.com> Committed By: covener Reviewed By: covener, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1820800 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
mpm_event: close connections not reported as handled by any module. This avoids losing track of them and leaking scoreboard entries. PR 61551. mpm_event: follow up to r1818804. Address corner case where connection is aborted due to ap_run_pre_connection() failure, and update comment about ap_run_process_connection() expected return status and state. mpm_event: follow up to r1818804 and r1818951. Align comment and fix typos. mpm_event: follow up to r1818804. Allow DONE as a successful ap_run_process_connection() return value, for instance h2_conn_run() and h2_task_process_conn() uses it, third-party modules may too... mpm_event: follow up to r1818804 and r1818951. Be more correct in comment about CONN_STATE_WRITE_COMPLETION. We currently have/need no state to simply wait for readability on a socket, so the previous comment was misleading. Write completion can't be used for a simple "wait for read event and come back to process_connection hooks". mpm_event: follow up to r1818804 and r1818960. Align mod_http2 with expected returned state from process_connection hooks in async MPMs. When the master connection is handled, enter CONN_STATE_LINGER in any case. Add missing APLOGNO Submitted by: ylavic, jailletc36 Reviewed by: ylavic, icing, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1820796 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
core: deregister all hooks before leaving pconf, otherwise some late cleanup or function call (e.g. ap_log) may use one while DSOs are unloaded. See PR 61558 (double/second fault). core, MPMs unix: follow up to r1809881. Deregister all hooks first (in pre_cleanup), by doing it last we could still have had them run when DSOs were unloaded. Likewise, avoid double faults when handling fatal signals by restoring the default handler before pconf is cleared (we can't ap_log_error there). Finally, we need to ignore sig_term/restart (do nothing) when the main process is exiting (i.e. ap_pglobal is destroyed), since retained_data are freed. Aimed to fix all faults in PR 61558. MPMs unix: follow up to r1809881 and r1809973. unset_signals() is called when ap_pglobal is destroyed too. Follow up to r1809881: CHANGES entry. Reviewed by: ylavic, jim, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1820794 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 04, 2018
-
-
Stefan Eissing authored
merge of 1804530,1804531,1805186,1806939,1807232,1808122 from trunk. Backport of mod_md support in mod_ssl. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1820075 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 22, 2017
-
-
Nick Kew authored
PR#56457 included. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1819098 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 21, 2017
-
-
Jim Jagielski authored
core: silently ignore a not existent file path when IncludeOptional is used. In https://bz.apache.org/bugzilla/show_bug.cgi?id=57585 some use cases were reported in which IncludeOptional seems to be too strict in its sanity checks. This change is a proposal to relax IncludeOptional checks to silently fail when a file path is not existent rather than returning SyntaxError. Submitted by: elukey Reviewed by: elukey, jim, niq git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1818964 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
event: better apr_pollset_add() failure handling to avoid an (very unlikely) worker vs listener race condition. Follow up to r1809273: CHANGES entry. Submitted by: ylavic Reviewed by: ylavic, jim, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1818963 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 03, 2017
-
-
Luca Toscano authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1817020 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 02, 2017
-
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1817005 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 13, 2017
-
-
Jim Jagielski authored
mod_macro: fix usability of globally defined macros in .htaccess files. PR 57525. Reverts pre_config hook from r1656669 (happens too late for EXEC_ON_READ), and ensures ap_macros is reset on restart with a pconf cleanup. Proposed by: Jose Kahan <jose w3.org> Reviewed by: ylavic Submitted by: ylavic Reviewed by: ylavic, icing, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1815101 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
core, mod_rewrite: introduce the 'redirect-keeps-vary' note to allow proper Vary header insertion when dealing with a RewriteRule in a directory context. This change is an attempt to fix a long standing problem, brought up while working on PR 58231. Our documentation clearly states the following: "If a HTTP header is used in a condition this header is added to the Vary header of the response in case the condition evaluates to true for the request." This is currently not true for RewriteCond/Rules working in a directory context, since when an internal redirect happens all the outstanding response headers get dropped. There might be a better solution so I am looking forward to hear more opinions and comments. My goal for a delicate change like this one would be to affect the least amount of configurations possible, without triggering unwanted side effects. If the solution is good for everybody tests will be written in the suite asap. Submitted by: elukey Reviewed by: elukey, icing, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1815100 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 07, 2017
-
-
Stefan Eissing authored
Merged /httpd/httpd/trunk:r1811649,1811664,1814118 *) ab: Make the TLS layer aware that the underlying socket is nonblocking, and use/handle POLLOUT where needed to avoid busy IOs and recover write errors when appropriate. [Yann Ylavic] *) ab: Keep reading nonblocking to exhaust TCP or SSL buffers when previous read was incomplete (the SSL case can cause the next poll() to timeout since data are buffered already). PR 61301 [Luca Toscano, Yann Ylavic] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1814468 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 06, 2017
-
-
Stefan Eissing authored
Merge of r1813767 from trunk. mod_http2: avoid unnecessary data retrieval for a trace log. Allow certain information retrievals on null bucket beams where it makes sense. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1814420 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 03, 2017
-
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1814136 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 01, 2017
-
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1813980 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 17, 2017
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1812442 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 16, 2017
-
-
Joe Orton authored
* modules/metadata/mod_unique_id.c: Replace use of hostname + pid with PRNG output. Submitted by: jkaluza Reviewed by: jorton, wrowe, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1812267 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 13, 2017
-
-
Yann Ylavic authored
mod_rewrite/core: avoid the 'Vary: Host' header In PR 58231 is was brought up that httpd adds the Vary: Host header whenever a condition is set to true in mod_rewrite or in an <If> block. The https://tools.ietf.org/html/rfc7231#section-7.1.4 section seems to disallow this use case: "The "Vary" header field in a response describes " "what parts of a request message, " "aside from the method, Host header field, [...]" I had a chat with the folks in #traffic-server and they don't see much point in having a Vary: Host header, plus it was reported that Varnish doesn't like it very much (namely it does not cache the response when it sees the header, links of the report in the PR). I don't see much value in this behavior of httpd so I am inclined to remove this response header value, but I'd be glad to get a more experienced opinion. mod_rewrite,core: avoid Vary:Host (part 2) This is a follow up of r1808746 after a chat with Yann on dev@: - the HTTP:Host variable suffers from the same problem - the strcasecmp should be used to allow case-sensitive comparisons. - in mod_rewrite is less cumbersome and more clean to just make the Host header check in lookup_header, so it will be automatically picked up by every part of the code that uses it. It shouldn't be a relevant overhead for mod_rewrite. Submitted by: elukey Reviewed by: elukey, ylavic, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1812083 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
bumping version, removing some unused code, fixes in base64url from mod_md On the trunk: *) mod_http2: DoS flow control protection is less agressive as long as active tasks stay below worker capacity. Intended to fix problems with media streaming. On the trunk: mod_http2: v0.10.12, removed optimization for mutex handling in bucket beams that could lead to assertion failure in edge cases. reverting r1807238 bc not addressing the issue https://github.com/icing/mod_h2/issues/120 mod_http2: non-dev 1.10.12 for backport Submitted by: icing Reviewed by: icing, steffenal, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1812081 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
Update offsets Entry for 2.4.28 regression (r1808855 missing r1805195). Submitted by: jim, ylavic Reviewed/backported by: ylavic (RTC per miss in the original merge) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1812074 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 10, 2017
-
-
Joe Orton authored
Fix a segmentation fault if AuthzDBDQuery is not set. PR: 61546 Submitted by: Lubos Uhliarik <luhliari redhat.com> Reviewed by: jailletc36, ylavic, elukey git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1811749 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
*) mod_rewrite: Add support for starting External Rewriting Programs as non-root user on UNIX systems by specifying username and group name as third argument of RewriteMap directive. Submitted by: jkaluza Reviewed by: jorton, wrowe, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1811748 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
* server/protocol.c (ap_content_length_filter): Rewrite the content length filter to avoid arbitrary memory consumption for streaming responses (e.g. large CGI script output). Ensures C-L is still generated in common cases (static content, small CGI script output), but this DOES change behaviour and some responses will end up chunked rather than C-L computed. PR: 61222 Submitted by: jorton, rpluem Reviewed by: jorton, wrowe, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1811746 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
mod_ssl: return non ambiguous value in ssl_callback_SessionTicket() for encryption mode (we used to return 0, OpenSSL documents returning 1 instead). Practically this does not change anything since OpenSSL will only check for >= 0 return value (non error) for encryption mode (the other possible return values are only relevant for decryption mode). However the OpenSSL documentation for SSL_CTX_set_tlsext_ticket_key_cb() states: " The return value of the cb function is used by OpenSSL to determine what further processing will occur. The following return values have meaning: 2 This indicates that the ctx and hctx have been set and the session can continue on those parameters. Additionally it indicates that the session ticket is in a renewal period and should be replaced. The OpenSSL library will call cb again with an enc argument of 1 to set the new ticket (see RFC5077 3.3 paragraph 2). 1 This indicates that the ctx and hctx have been set and the session can continue on those parameters. 0 This indicates that it was not possible to set/retrieve a session ticket and the SSL/TLS session will continue by by negotiating a set of cryptographic parameters or using the alternate SSL/TLS resumption mechanism, session ids. If called with enc equal to 0 the library will call the cb again to get a new set of parameters. less than 0 This indicates an error. " So 0 is not appropriate in our code, 1 is what we really want (and it won't break if OpenSSL later changes its checks on the callback return value). Reported/Proposed by: oknet on github, pull request #18. Reviewed by: jorton, ylavic, wrowe [Closes #18] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1811742 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 25, 2017
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1809610 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 22, 2017
-
-
Yann Ylavic authored
event: Avoid possible blocking in the listener thread when shutting down connections. PR 60956. start_lingering_close_nonblocking() now puts connections in defer_linger_chain which is emptied by any worker thread (all atomically) after its usual work, hence any possibly blocking flush and lingering close run outside the listener. The listener may create a dedicated worker if it fills defer_linger_chain or while it's not empty, calling push2worker with a NULL cs. The state machine in process_socket() is slighly modified to be able to enter with CONN_STATE_LINGER directly w/o clogging_input_filters to interfer. New abort_socket_nonblocking() allows to reset connections when nonblocking is required and we can't do much about the connection anymore, nor we want the system to linger on its own after close(). Many thanks to Stefan Priebe for his heavy testing on many event's changes! Submitted by: ylavic Reviewed by: ylavic, jim, icing git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1809299 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 19, 2017
-
-
Jim Jagielski authored
mod_speling/PR 38923: don't embed Referer in link in error page. Submitted by: niq Reviewed by: niq, ylavic, elukey git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1808856 13f79535-47bb-0310-9956-ffa450edef68
-