Skip to content
  1. Feb 09, 2018
  2. Jan 18, 2018
  3. Jan 13, 2018
  4. Jan 10, 2018
    • Yann Ylavic's avatar
      Merge r1818040 from trunk: · 01a4e02e
      Yann Ylavic authored
      PR61891: looping over mostly full LDAP cache
      
        *) mod_ldap: Fix a case where a full LDAP cache would continually fail to
           purge old entries and log AH01323. PR61891.
      
      
      Submitted By: Hendrik Harms <hendrik.harms gmail.com>
      Committed By: covener
      Reviewed By: covener, jim, ylavic
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1820800 13f79535-47bb-0310-9956-ffa450edef68
      01a4e02e
    • Yann Ylavic's avatar
      Merge r1818804, r1818951, r1818958, r1818960, r1819027, r1819214, r1820035 from trunk: · 6e5b7f3d
      Yann Ylavic authored
      mpm_event: close connections not reported as handled by any module.
      
      This avoids losing track of them and leaking scoreboard entries.
      PR 61551.
      
      
      mpm_event: follow up to r1818804.
      
      Address corner case where connection is aborted due to ap_run_pre_connection()
      failure, and update comment about ap_run_process_connection() expected return
      status and state.
      
      
      mpm_event: follow up to r1818804 and r1818951.
      
      Align comment and fix typos.
      
      
      mpm_event: follow up to r1818804.
      
      Allow DONE as a successful ap_run_process_connection() return value, for
      instance h2_conn_run() and h2_task_process_conn() uses it, third-party
      modules may too...
      
      
      mpm_event: follow up to r1818804 and r1818951.
      
      Be more correct in comment about CONN_STATE_WRITE_COMPLETION.
      We currently have/need no state to simply wait for readability on a socket,
      so the previous comment was misleading. Write completion can't be used for
      a simple "wait for read event and come back to process_connection hooks".
      
      
      mpm_event: follow up to r1818804 and r1818960.
      
      Align mod_http2 with expected returned state from process_connection hooks in
      async MPMs.
      When the master connection is handled, enter CONN_STATE_LINGER in any case.
      
      
      Add missing APLOGNO
      
      
      Submitted by: ylavic, jailletc36
      Reviewed by: ylavic, icing, covener
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1820796 13f79535-47bb-0310-9956-ffa450edef68
      6e5b7f3d
    • Yann Ylavic's avatar
      Merge r1809881, r1809973, r1809976, r1812075 from trunk: · eb99f1c7
      Yann Ylavic authored
      core: deregister all hooks before leaving pconf, otherwise some late cleanup
      or function call (e.g. ap_log) may use one while DSOs are unloaded.
      
      See PR 61558 (double/second fault).
      
      
      core, MPMs unix: follow up to r1809881.
      
      Deregister all hooks first (in pre_cleanup), by doing it last we could still
      have had them run when DSOs were unloaded.
      
      Likewise, avoid double faults when handling fatal signals by restoring the
      default handler before pconf is cleared (we can't ap_log_error there).
      
      Finally, we need to ignore sig_term/restart (do nothing) when the main
      process is exiting (i.e. ap_pglobal is destroyed), since retained_data are
      freed.
      
      Aimed to fix all faults in PR 61558.
      
      
      MPMs unix: follow up to r1809881 and r1809973.
      
      unset_signals() is called when ap_pglobal is destroyed too.
      
      
      Follow up to r1809881: CHANGES entry.
      
      
      Reviewed by: ylavic, jim, covener
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1820794 13f79535-47bb-0310-9956-ffa450edef68
      eb99f1c7
  5. Jan 04, 2018
  6. Dec 22, 2017
  7. Dec 21, 2017
  8. Dec 03, 2017
  9. Dec 02, 2017
  10. Nov 13, 2017
    • Jim Jagielski's avatar
      Merge r1813643 from trunk: · 6440bc78
      Jim Jagielski authored
      mod_macro: fix usability of globally defined macros in .htaccess files.
      PR 57525.
      
      Reverts pre_config hook from r1656669 (happens too late for EXEC_ON_READ), and
      ensures ap_macros is reset on restart with a pconf cleanup.
      
      Proposed by: Jose Kahan <jose w3.org>
      Reviewed by: ylavic
      
      Submitted by: ylavic
      Reviewed by: ylavic, icing, jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1815101 13f79535-47bb-0310-9956-ffa450edef68
      6440bc78
    • Jim Jagielski's avatar
      Merge r1811744 from trunk: · 122dce01
      Jim Jagielski authored
      core, mod_rewrite: introduce the 'redirect-keeps-vary' note
                         to allow proper Vary header insertion when
                         dealing with a RewriteRule in a directory
                         context.
      
      This change is an attempt to fix a long standing problem,
      brought up while working on PR 58231. Our documentation clearly
      states the following:
      
      "If a HTTP header is used in a condition this header is added
      to the Vary header of the response in case the condition
      evaluates to true for the request."
      
      This is currently not true for RewriteCond/Rules working in
      a directory context, since when an internal redirect happens
      all the outstanding response headers get dropped.
      
      There might be a better solution so I am looking forward to
      hear more opinions and comments. My goal for a delicate change
      like this one would be to affect the least amount of configurations
      possible, without triggering unwanted side effects.
      
      If the solution is good for everybody tests will be written
      in the suite asap.
      
      
      Submitted by: elukey
      Reviewed by: elukey, icing, ylavic
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1815100 13f79535-47bb-0310-9956-ffa450edef68
      122dce01
  11. Nov 07, 2017
    • Stefan Eissing's avatar
      On the 2.4.x branch: · acc35ca6
      Stefan Eissing authored
      Merged /httpd/httpd/trunk:r1811649,1811664,1814118
      
        *) ab: Make the TLS layer aware that the underlying socket is nonblocking,
           and use/handle POLLOUT where needed to avoid busy IOs and recover write
           errors when appropriate.  [Yann Ylavic]
      
        *) ab: Keep reading nonblocking to exhaust TCP or SSL buffers when previous
           read was incomplete (the SSL case can cause the next poll() to timeout
           since data are buffered already).  PR 61301 [Luca Toscano, Yann Ylavic]
      
      
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1814468 13f79535-47bb-0310-9956-ffa450edef68
      acc35ca6
  12. Nov 06, 2017
  13. Nov 03, 2017
  14. Nov 01, 2017
  15. Oct 17, 2017
  16. Oct 16, 2017
  17. Oct 13, 2017
    • Yann Ylavic's avatar
      Merge r1808746, r1809028 from trunk: · 1339bb53
      Yann Ylavic authored
      mod_rewrite/core: avoid the 'Vary: Host' header
      
      In PR 58231 is was brought up that httpd adds the
      Vary: Host header whenever a condition is set to true
      in mod_rewrite or in an <If> block.
      
      The https://tools.ietf.org/html/rfc7231#section-7.1.4
      section seems to disallow this use case:
      
      "The "Vary" header field in a response describes "
      "what parts of a request message, "
      "aside from the method, Host header field, [...]"
      
      I had a chat with the folks in #traffic-server and
      they don't see much point in having a Vary: Host header,
      plus it was reported that Varnish doesn't like it very
      much (namely it does not cache the response when
      it sees the header, links of the report in the PR).
      
      I don't see much value in this behavior of httpd so
      I am inclined to remove this response header value,
      but I'd be glad to get a more experienced opinion.
      
      
      
      mod_rewrite,core: avoid Vary:Host (part 2)
      
      This is a follow up of r1808746 after a chat
      with Yann on dev@:
      
      - the HTTP:Host variable suffers from the same problem
      - the strcasecmp should be used to allow case-sensitive
        comparisons.
      - in mod_rewrite is less cumbersome and more clean to just
        make the Host header check in lookup_header, so it will
        be automatically picked up by every part of the code
        that uses it. It shouldn't be a relevant overhead for
        mod_rewrite.
      
      
      Submitted by: elukey
      Reviewed by: elukey, ylavic, wrowe
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1812083 13f79535-47bb-0310-9956-ffa450edef68
      1339bb53
    • Yann Ylavic's avatar
      Merge r1804096, r1807238, r1809981, r1810088, r1810089 from trunk: · 9889a8bf
      Yann Ylavic authored
      bumping version, removing some unused code, fixes in base64url from mod_md
      
      On the trunk:
      
        *) mod_http2: DoS flow control protection is less agressive as long as active tasks stay
           below worker capacity. Intended to fix problems with media streaming. 
      
      
      On the trunk:
      mod_http2: v0.10.12, removed optimization for mutex handling in bucket beams that could lead to assertion failure in edge cases.
      
      
      reverting r1807238 bc not addressing the issue https://github.com/icing/mod_h2/issues/120
      
      mod_http2: non-dev 1.10.12 for backport
      
      
      Submitted by: icing
      Reviewed by: icing, steffenal, ylavic
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1812081 13f79535-47bb-0310-9956-ffa450edef68
      9889a8bf
    • Yann Ylavic's avatar
      Merge r1805195, r1812004 from trunk: · 82ef1467
      Yann Ylavic authored
      Update offsets
      
      Entry for 2.4.28 regression (r1808855 missing r1805195).
      
      Submitted by: jim, ylavic
      Reviewed/backported by: ylavic (RTC per miss in the original merge)
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1812074 13f79535-47bb-0310-9956-ffa450edef68
      82ef1467
  18. Oct 10, 2017
    • Joe Orton's avatar
      Merge r1809209 from trunk: · fdd7b66f
      Joe Orton authored
      Fix a segmentation fault if AuthzDBDQuery is not set.
      
      PR: 61546
      Submitted by: Lubos Uhliarik <luhliari redhat.com>
      Reviewed by: jailletc36, ylavic, elukey
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1811749 13f79535-47bb-0310-9956-ffa450edef68
      fdd7b66f
    • Joe Orton's avatar
      Merge r1664565 from trunk: · 542a8ecb
      Joe Orton authored
      *) mod_rewrite: Add support for starting External Rewriting Programs
         as non-root user on UNIX systems by specifying username and group name
         as third argument of RewriteMap directive.
      
      Submitted by: jkaluza
      Reviewed by: jorton, wrowe, ylavic
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1811748 13f79535-47bb-0310-9956-ffa450edef68
      542a8ecb
    • Joe Orton's avatar
      Merge r1808230 from trunk: · 85189e49
      Joe Orton authored
      * server/protocol.c (ap_content_length_filter): Rewrite the content
        length filter to avoid arbitrary memory consumption for streaming
        responses (e.g. large CGI script output).  Ensures C-L is still
        generated in common cases (static content, small CGI script output),
        but this DOES change behaviour and some responses will end up
        chunked rather than C-L computed.
      
      PR: 61222
      Submitted by: jorton, rpluem
      Reviewed by: jorton, wrowe, ylavic
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1811746 13f79535-47bb-0310-9956-ffa450edef68
      85189e49
    • Yann Ylavic's avatar
      Merge r1736186 from trunk: · 10732433
      Yann Ylavic authored
      mod_ssl: return non ambiguous value in ssl_callback_SessionTicket() for
      encryption mode (we used to return 0, OpenSSL documents returning 1 instead).
      
      Practically this does not change anything since OpenSSL will only check for
      >= 0 return value (non error) for encryption mode (the other possible return
      values are only relevant for decryption mode).
      
      However the OpenSSL documentation for SSL_CTX_set_tlsext_ticket_key_cb()
      states:
      "
      The return value of the cb function is used by OpenSSL to determine what
      further processing will occur. The following return values have meaning:
      
      2
          This indicates that the ctx and hctx have been set and the session can
          continue on those parameters. Additionally it indicates that the session
          ticket is in a renewal period and should be replaced. The OpenSSL library
          will call cb again with an enc argument of 1 to set the new ticket (see
          RFC5077 3.3 paragraph 2).
      
      1
          This indicates that the ctx and hctx have been set and the session can
          continue on those parameters.
      
      0
          This indicates that it was not possible to set/retrieve a session ticket
          and the SSL/TLS session will continue by by negotiating a set of
          cryptographic parameters or using the alternate SSL/TLS resumption
          mechanism, session ids.
          If called with enc equal to 0 the library will call the cb again to get a
          new set of parameters.
      
      less than 0
          This indicates an error.
      "
      
      So 0 is not appropriate in our code, 1 is what we really want (and it won't
      break if OpenSSL later changes its checks on the callback return value).
      
      Reported/Proposed by: oknet on github, pull request #18.
      Reviewed by: jorton, ylavic, wrowe
      [Closes #18]
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1811742 13f79535-47bb-0310-9956-ffa450edef68
      10732433
  19. Sep 25, 2017
  20. Sep 22, 2017
    • Yann Ylavic's avatar
      Merge r1802875 from trunk: · d688a489
      Yann Ylavic authored
      event: Avoid possible blocking in the listener thread when shutting down
      connections. PR 60956.
      
      start_lingering_close_nonblocking() now puts connections in defer_linger_chain
      which is emptied by any worker thread (all atomically) after its usual work,
      hence any possibly blocking flush and lingering close run outside the listener.
      
      The listener may create a dedicated worker if it fills defer_linger_chain or
      while it's not empty, calling push2worker with a NULL cs.
      
      The state machine in process_socket() is slighly modified to be able to enter
      with CONN_STATE_LINGER directly w/o clogging_input_filters to interfer.
      
      New abort_socket_nonblocking() allows to reset connections when nonblocking is
      required and we can't do much about the connection anymore, nor we want the
      system to linger on its own after close().
      
      Many thanks to Stefan Priebe for his heavy testing on many event's changes!
      
      
      Submitted by: ylavic
      Reviewed by: ylavic, jim, icing
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1809299 13f79535-47bb-0310-9956-ffa450edef68
      d688a489
  21. Sep 19, 2017
  22. Sep 18, 2017