- Jan 12, 2015
-
-
Jim Jagielski authored
split-logfile: Fix perl error: 'Can't use string ("example.org:80") as a symbol ref while "strict refs"'. PR 56329. Submitted By: Holger Mauermann <mauermann gmail.com> Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651095 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
PR 56603: Inappropiate ProxyPassReverse match when interpolated URL is empty string Submitted By: <ajprout hotmail.com> Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651094 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
* core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts. PR 57328. Submitted-by: Armin Abfalterer <a.abfalterer gmail.com> Reviewed/Committed-by: ylavic Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651084 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
* core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts. PR 57328. Submitted-by: Armin Abfalterer <a.abfalterer gmail.com> Reviewed/Committed-by: ylavic Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651083 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy: Preserve original request headers even if they differ from the ones to be forwarded to the backend. PR 45387. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651082 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Fix computation of the size of 'struct sockaddr_un' when passed to 'connect()'. Use the same logic as the one in ' in 'proxy_util.c'. mod_proxy: Don't limit the size of the connectable Unix Domain Socket paths. Since connect() to UDS path is used at several places, introduce ap_proxy_connect_uds() in proxy_util. Submitted by: jailletc36, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651081 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy: Shutdown (eg. SSL close notify) the backend connection before closing. mod_proxy: follow up to r1601291. Since deferred_write_pool is needed by the core_output_filter and is a subpool of the connection, shutdown in a pre_cleanup of the connection's pool to avoid a freed memory access (SEGV). Reported By: takashi Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651080 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_ssl: dump SSL IO/state for the write side of the connection(s), like reads. mod_ssl: follow up to r1601919. Likewise when set from SNI callback. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651078 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_ssl: Ensure that the SSL close notify alert is flushed to the client. PR54998. Submitted By: Tim Kosse <tim.kosse filezilla-project.org>, ylavic Committed By: ylavic mod_ssl: SSL_smart_shutdown(): follow up to r1601184. Use SSL_get_wbio() to comply with OPENSSL_NO_SSL_INTERN. Stop SSL shutdown loop when flush fails. mpm_event[opt]: Send the SSL close notify alert when the KeepAliveTimeout expires. PR54998. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651077 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 09, 2015
-
-
Christophe Jaillet authored
* mod_proxy_fcgi: Ignore body data from backend for 304 responses. PR 57198. Submitted by: jkaluza Reviewed by: jkaluza, ylavic, covener Backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1650677 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
* mod_ssl: Check if we are having an SSL connection before looking up SSL related variables during expression evaluation to avoid a crash. If not return NULL as ssl_var_lookup_ssl does by default. PR 57070 Submitted by: rpluem Reviewed by: jailletc36, ylavic, covener Backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1650659 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
* mod_proxy_ajp: Fix handling of the default port (8009) in the ProxyPass and <Proxy> configurations. PR 57259. Submitted by: ylavic Reviewed by: ylavic, jim, covener Backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1650655 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 17, 2014
-
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1646179 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 16, 2014
-
-
Jim Jagielski authored
mod_ssl: Fix recognition of OCSP stapling responses that are encoded improperly or too large. The one byte "ok" flag stored with the response was accounted for in the wrong condition. follow up to r1641077: one bug was traded for another in r1641077; track the response length and the cached object length separately to avoid such confusion Submitted by: trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1645935 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 14, 2014
-
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1645423 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 05, 2014
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1643256 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 02, 2014
-
-
Jim Jagielski authored
*) SECURITY: CVE-2014-8109 (cve.mitre.org) mod_lua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments. PR57204 [Edward Lu <Chaosed0 gmail.com>] Submitted By: Edward Lu Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1642861 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy_connect: Don't issue AH02447 on sockets hangups, let the read determine whether it is a normal close or a real error. PR 57168. Abort the client or backend connection on polling errors, but don't forcibly abort the client side at the end (the core filters will do that otherwise when necessary), so that lingering close and SSL shutdown can occur on normal close. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1642857 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy_wstunnel: abort backend connection on polling error to avoid further processing (lingering close, SSL shutdown). Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1642856 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an error when parsing or forwarding the response fails. Follow up to r1640040: CHANGES entry. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1642855 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 29, 2014
-
-
Christophe Jaillet authored
* mod_ssl: call ERR_free_strings() with OpenSSL >= 0.9.8e. Fixes memory leak in mod_ssl on graceful restart. PR 53435. Submitted by: jkaluza Reviewed by: jkaluza, ylavic, covener Backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1642404 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 25, 2014
-
-
Joe Orton authored
mod_proxy_fcgi: SECURITY: CVE-2014-3583 (cve.mitre.org) Fix a potential crash with response headers' size above 8K. The code changes to mod_authnz_fcgi keep the handle_headers() function in sync between the two modules. mod_authnz_fcgi does not have this issue because it allocated a separate byte for terminating '\0'. Submitted by: ylavic, trawick Reviewed by: ylavic, trawick, mrumph git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1641551 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 11, 2014
-
-
Jim Jagielski authored
Support custom ErrorDocuments for HTTP 501 and 414 status codes. PR 57167 [Edward Lu <Chaosed0 gmail.com>] Submitted By: Edward Lu <Chaosed0 gmail.com> Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1638071 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_cache: avoid unlikely access to freed memory. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1638070 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 01, 2014
-
-
Eric Covener authored
restore SECURITY to top git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1636006 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
When using EBCDIC encoding, HTTPS through ProxyPass and ProxyRemote doesn't work correctly. PR 57092 Submitted By: Edward Lu Reviewed By: covener, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1636002 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
fix another case of 304 response sent to an unconditional request Submitted By: covener Reviewed By: covener, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1636001 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 29, 2014
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1635105 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 27, 2014
-
-
Jim Jagielski authored
Move OCSP stapling information from a per-certificate store (ex_data attached to an X509 *) to a per-server hash which is allocated from the pconf pool. Fixes PR 54357, PR 56919 and a leak with the certinfo_free cleanup function (missing OCSP_CERTID_free). * modules/ssl/ssl_util_stapling.c: drop certinfo_free, and add ssl_stapling_certid_free (used with apr_pool_cleanup_register). Switch to a stapling_certinfo hash which is keyed by the SHA-1 digest of the certificate's DER encoding, rework ssl_stapling_init_cert to only store info once per certificate (allocated from the pconf to the extent possible) and extend the logging. * modules/ssl/ssl_private.h: adjust prototype for ssl_stapling_init_cert, replace ssl_stapling_ex_init with ssl_stapling_certinfo_hash_init * modules/ssl/ssl_engine_init.c: adjust ssl_stapling_* calls Based on initial work by Alex Bligh <alex alex.org.uk> Follow up to r1629372: ensure compatibily with OpenSSL < 1.0 (sk_OPENSSL_STRING_value). Follow up to r1629372 and r1629485: ensure compatibily with OpenSSL < 1.0 (sk_OPENSSL_STRING_[num|value|pop] macros). Submitted by: kbrand, ylavic, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634529 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_cache_socache: Change average object size hint from 32 bytes to 2048 bytes. Submitted by: rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634528 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_cache_socache: Add cache status to server-status. The status_hook simply calls the status function of socache, very much like mod_ssl does for the ssl session cache. Silence build warning about missing prototype. Followup to r1629507. Submitted by: rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634527 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
event: Fix worker-listener deadlock in graceful restart caused by get_worker() allocating new worker after ap_queue_info_term(), but not setting the have_idle_worker variable. PR 56960. Submitted By: Zin UDA Committed By: jkaluza Submitted by: jkaluza Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634526 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Concat string at compile time when possible. Doing so, sometimes also give the opportunity to turn a 'ap_fputstrs' into a 'ap_fputs'. PR 53741 Submitted by: jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634525 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_substitute: Restrict configuration in .htaccess to FileInfo as documented. Submitted by: rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634524 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_substitute: Make maximum line length configurable. Add docs for new directive SubstituteMaxLineLength in mod_substitute. Submitted by: rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634523 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_substitute: Fix memory limitation in case of regexp plus flatten. The maxlen argument of ap_varbuf_regsub() is unsigned. Passing in "AP_SUBST_MAX_LINE_LENGTH - vb.strlen" in case vb.strlen got to big didn't result in the expected error but instead was handled as a very big maxlen. Add CHANGES for r1628104. (mod_substitue: Fix memory limitation in case of regexp plus flatten.) Submitted by: rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634522 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
PR53218 Allow for longer worker names and make truncation a non-fatal error... Correct loglevel. oops... prepend 0 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634520 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_dav: set r->status_line in dav_error_response. It's used as argument in next ap_rvputs call. PR 55426. Submitted by: jkaluza Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634519 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 18, 2014
-
-
Christophe Jaillet authored
mod_proxy_http: Avoid (unlikely) access to freed memory. Submitted by: ylavic Reviewed by: ylavic, jorton, rjung Backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1632736 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 16, 2014
-
-
Christophe Jaillet authored
http_protocol: fix logic in ap_method_list_(add|remove) in order: - to correctly reset bits - not to modify the 'method_mask' bitfield unnecessarily Submitted by: jailletc36 Reviewed by: jailletc36, ylavic, rjung Backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1632440 13f79535-47bb-0310-9956-ffa450edef68
-