Skip to content
  1. May 22, 2015
    • Jim Jagielski's avatar
      Merge r1663647, r1679181, r1679182 from trunk: · a4828c08
      Jim Jagielski authored 
      * mod_authn_dbd: apr_pstrdup dbd_password and dbd_hash to fix use-after-free
bug with postgresql


mod_authn_dbd, mod_authz_dbd, mod_session_dbd, mod_rewrite: Fix lifetime
of DB lookup entries independently of the selected DB engine.  PR 46421.

Suggested by: Michel Stam <michel reverze net>
Proposed by: Steven whitson <steven.whitson gmail com>
Reviewed/Extended/Committed by: ylavic


Follup up to r1679181: CHANGES entry.
Submitted by: jkaluza, ylavic, ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1681107 13f79535-47bb-0310-9956-ffa450edef68
      a4828c08
    • Jim Jagielski's avatar
      Merge r1680895, r1680900, r1680942 from trunk: · 2e253df5
      Jim Jagielski authored 
      mod_log_config: instead of using the new dedicated
pattern format "%M" for duration milliseconds,
overload the existing "%D" to choose the time precision
("%{s}D" for seconds, "%{ms}D" for milliseconds and
"%{us}D" for microseconds).

The existing %T and %D without precision are kept for
compatibility.

The previously introduced "%M" (r1677187) is removed,
it has not yet been released. Format pattern characters
are rare, so we should only use a new one if an
existing one isn't a good fit.


Fix syntax.


Follow-up to r1680895:

Let %T be the format character which accepts time resolution
arguments.

Submitted by: rjung, trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1681106 13f79535-47bb-0310-9956-ffa450edef68
      2e253df5
  3. May 18, 2015
  5. May 13, 2015
    • Jim Jagielski's avatar
      Merge r1674542, r1675410, r1676842 from trunk: · ddef530a
      Jim Jagielski authored 
      mod_ssl: Check for RAND_egd() at configure time and only use it if present.
Fixes the build with LibreSSL which does not provide this function.

Submitted by: Bernard Spil <pil.oss gmail com>, stsp
Committed by: stsp


mod_ssl: Make the config parser complain if SSLRandomSeed specifies
the Entropy Gathering Daemon (EGD) as source while the underlying
SSL library does not support EGD (e.g. in case of LibreSSL).

Suggested and reviewed by: kbrand


Follow up to r1674542 and r1675410: CHANGES entry.
Submitted by: stsp, ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1679199 13f79535-47bb-0310-9956-ffa450edef68
      ddef530a
  7. May 11, 2015
  9. May 07, 2015
  11. May 01, 2015
  13. Apr 26, 2015
    • Kaspar Brand's avatar
      Merge r1650047 from trunk: · 8a1c04de
      Kaspar Brand authored 
      Add support for extracting subjectAltName entries of type
rfc822Name and dNSName into SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n
variables.

* docs/manual/mod/mod_ssl.xml: add SSL_*_SAN_*_n entries to the
  environment variables table

* modules/ssl/ssl_engine_kernel.c: in ssl_hook_Fixup, add extraction
  of subjectAltName entries for the "StdEnvVars" case

* modules/ssl/ssl_engine_vars.c: add support for retrieving the
  SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n variables, either with
  individual on-demand lookup (ssl_var_lookup_ssl_cert_san),
  or with full-list extraction to the environment ("StdEnvVars")

* modules/ssl/ssl_private.h: add modssl_var_extract_san_entries prototype

* modules/ssl/ssl_util_ssl.c: implement SSL_X509_getSAN and
  SSL_ASN1_STRING_to_utf8 helper functions, with factoring out common
  code from SSL_X509_getIDs and SSL_X509_NAME_ENTRY_to_string where
  suitable. Limit SSL_X509_getSAN to the two most common subjectAltName
  entry types appearing in user or server certificates (i.e., rfc822Name
  and dNSName), for the time being.

* modules/ssl/ssl_util_ssl.h: add SSL_ASN1_STRING_to_utf8
  and SSL_X509_getSAN prototypes


Proposed by: kbrand
Reviewed by: ylavic, druggeri


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1676087 13f79535-47bb-0310-9956-ffa450edef68
      8a1c04de
  15. Apr 20, 2015
    • Jim Jagielski's avatar
      Merge r1666468, r1666618, r1674697 from trunk: · f89fe72a
      Jim Jagielski authored 
      mpm_event: Allow for timer events duplicates. 
Meanwhile ap[r]_skiplist_add()...


mpm_event: follow up to r1666468.
We only need one compare function for add semantic with apr_skiplist_insert()
and unique timers (pointers). It also should work with apr_skiplist_remove()
and apr_skiplist_find(), be they used some day.


mpm_event: follow up to r1666468 and r1666618.
We don't need to return 0 in the compare function, but for debugging purpose
which we could implement later if necessary (in a separate function).
For now, keep the function simple as in 2.4.x to ease backport, and add a
comment about why we never return 0 here.

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1674921 13f79535-47bb-0310-9956-ffa450edef68
      f89fe72a
  17. Apr 19, 2015
  19. Apr 16, 2015
  21. Apr 15, 2015
  23. Apr 07, 2015
  25. Apr 05, 2015
  27. Mar 31, 2015
    • Jim Jagielski's avatar
      Merge r1669289, r1669292 from trunk: · 28603f7f
      Jim Jagielski authored 
      core_filters: restore/disable TCP_NOPUSH option after non-blocking sendfile.

CHANGES: follow up to r1669289.
Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670328 13f79535-47bb-0310-9956-ffa450edef68
      28603f7f
    • Jim Jagielski's avatar
      Merge r1664071, r1664299 from trunk: · dcbe9564
      Jim Jagielski authored 
      core: If explicitly configured, use the KeepaliveTimeout value of the
virtual host which handled the latest request on the connection, or by
default the one of the first virtual host bound to the same IP:port.

For non-async MPMs, use either r->server's or c->base_server's value in
ap_process_http_sync_connection() depending on a new server_rec's flag
called keep_alive_timeout_set and determined at config time.

For event MPM, use a queue per timeout value, chaining the queues per
type (keepalive wrt KeepAliveTimeout, write completion wrt to Timeout)
so that maintenance can be done on all the queues from the head, and such
that insertions/maintenance remain in O(1).
A server config is created and pointing to the queue of each vhost at
post_config time, hence the config can be associated to the connection
state (cs) at post_read_request time (keep_alive_timeout_set is used to
determine r->server vs c->base_server here), and we can simply insert
with TO_QUEUE_INSERT(cs->sc->q, cs).  PR56226.

While at it, since each queue now embeds it own timeout and hence the
expiration_time of the cs has changed to a queue_timestamp (the time it
was queued), we can detect clock skews and expire entries immediatly if
the system is set (eg. far) in the past during runtime and we want to
avoid waiting for (eg.) centuries before the current logic kills them.
Any entry which is registered above now + q->timeout is concerned, and
is now cleaned from the queue when encountered.  PR57374.


core: Follow up to r1664071: comments on new keep_alive_timeout_set flag.
Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670326 13f79535-47bb-0310-9956-ffa450edef68
      dcbe9564
    • Jim Jagielski's avatar
      Merge r1668532, r1668535, r1668553 from trunk: · 39136793
      Jim Jagielski authored 
      core: Initialize scoreboard's used optional functions on graceful restarts to
avoid a crash when relocation occurs.  PR 57177.


core: follow up to r1668532: CHANGES entry.

core: follow up to r1668532: always initialize optional_fn pointers in ap_create_scoreboard().
Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670325 13f79535-47bb-0310-9956-ffa450edef68
      39136793
    • Jim Jagielski's avatar
      Merge r1657636, r1657638, r1669130 from trunk: · 2d5c6f78
      Jim Jagielski authored 
      mod_proxy_connect/wstunnel: If both client and backend sides get readable
at the same time, don't lose errors occuring while forwarding on the first
side when none occurs next on the other side, and abort.


CHANGES: Follow up to r1657636, clarify message.


mod_proxy_{connect,wstunnel}: follow up to r1657636.
Since rv is not used as an apr_status_t in the loop (it's logging is done by
proxy_{connect,wstunnel}_transfer() when necessary/relevent), use a boolean
instead to avoid the ugly ORs between APR error codes.

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670324 13f79535-47bb-0310-9956-ffa450edef68
      2d5c6f78
    • Jim Jagielski's avatar
      Merge r1661448 from trunk: · 241d0adc
      Jim Jagielski authored 
      core: Add expression support to ErrorDocument. Switch from a fixed
sized 664 byte array per merge to a hash table.

Submitted by: minfrin
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670320 13f79535-47bb-0310-9956-ffa450edef68
      241d0adc
    • Jim Jagielski's avatar
      Merge r1666361 from trunk: · 4ab0b8cf
      Jim Jagielski authored 
      Avoid a potential integer underflow in the lock timeout value sent back to a client. The answer to a LOCK request could be an extremly large integer if the time needed to lock the resource was longer that the requested timeout given in the LOCK request. In such a case, we now answer "Second-0".  PR55420
Submitted by: jailletc36
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670319 13f79535-47bb-0310-9956-ffa450edef68
      4ab0b8cf
  29. Mar 27, 2015
  31. Mar 24, 2015