- Mar 15, 2018
-
-
Yann Ylavic authored
Fix timeout logging in ap_process_request(). We can't use 'r' after ap_process_request_after_handler(), the core output filter might have cleaned up its deferred bucket brigade on error, including the EOR bucket. Reported by: steffenal Closes SpiderLabs/ModSecurity#1542 Follow up to r1826556: CHANGES entry. Submitted by: ylavic Reviewed by: ylavic, covener, rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826899 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
mod_slotmem_shm: SHMs need to be attached in MPM winnt children processes. We can't (re-)create them since they exist already and are owned by the parent process. Submitted by: ylavic Reviewed by: ylavic, covener, rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826897 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
htpasswd/htdigest: Disable support for bcrypt on EBCDIC platforms. apr-util's bcrypt implementation doesn't tolerate EBCDIC. Submitted by: rjung Reviewed by: rjung, covener, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826892 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
ab: try all destination socket addresses returned by apr_sockaddr_info_get instead of failing on first one when not available. Needed for instance if localhost resolves to both ::1 and 127.0.0.1 e.g. if both are in /etc/hosts. ab: Use only one connection to determine working destination socket address. Submitted by: rjung Reviewed by: rjung, covener, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826891 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
htpasswd/htdbm: report the right limit when get_password() overflows. Submitted by: rjung Reviewed by: rjung, covener, jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826888 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
htpasswd: Don't fail in -v mode if password file is unwritable. PR 61631. Submitted by: rjung Reviewed by: rjung, ylavic, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826887 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
htpasswd: don't point to (unused) stack memory on output to make static analysers happy. PR 60634. Submitted by: rjung Reviewed by: rjung, ylavic, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826886 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
LibreSSL doesn't have or require applink.c Submitted by: rjung Reviewed by: rjung, ylavic, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826885 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 10, 2018
-
-
Daniel Ruggeri authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826391 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 09, 2018
-
-
Joe Orton authored
* support/ab.c: Fix crash caused by integer overflow when printing stats with lot of requests (for example -n 500000000). Submitted by: jkaluza Reviewed by: jorton, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826310 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
* mod_access_compat, mod_authz_host: Handle '#' character. For mod_access_compat, disable '#' in hostname completely. For mod_authz_host, treat '#' as a comment and ignore everything after that. This allows better handling of admin errors like 'Require host localhost# Add example.com later'. * modules/aaa/mod_authz_host.c (host_check_authorization): Simplify comment stripping in "Require host"; log a warning if a comment is used in 'Require host', or an error if the expression is empty with the comment stripped. (Currently in 2.4, #comment part is parsed) Submitted by: jkaluza, jorton Reviewed by: jorton, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826309 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
* support/rotatelogs.c (get_now): Return the offset applied to the Unix time as a parameter. (doRotate): When exploding the time for strtfime formatting, iff in -l mode, subtract the offset and explode the real Unix time as a local time so %Z etc works correctly. * support/rotatelogs.c (get_now): Fix the NULL ptr dereferences added in r1532281. * support/rotatelogs.c: Introduce an adjusted_time_t type to store the weird "adjusted time since epoch" type returned by get_now(). Switch from int to long to fix an unnecessary Y2K38 issue. Adjust use throughout and clean up other type issues. No functional change intended apart from fixing Y2K38. Submitted by: jorton Reviewed by: jorton, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826306 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
Add optional _RAW suffix to SSL_*_DN_xx attribute names, allowing users to convert an attribute value without conversion to UTF-8. (A public CA has issued certs with attributes tagged as the wrong ASN.1 string types.) * modules/ssl/ssl_util_ssl.c (asn1_string_convert): Rename from asn1_string_to_utf8; add raw argument. Reimplement _to_utf8 as macro. (modssl_X509_NAME_ENTRY_to_string): Add raw argument. * modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): Use raw string conversion if _RAW suffix is present in DN component. Submitted by: jorton Reviewed by: jorton, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826300 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 04, 2018
-
-
Eric Covener authored
... for the non-blocking connect case introduced in 2.4.30. Submitted By: jorton Reviewed By: ylavic, druggeri, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1825839 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 03, 2018
-
-
Daniel Ruggeri authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1825777 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
mod_proxy_fcgi: Add the support for mod_proxy's flushpackets and flushwait params This change was requested on the development mailing list in order to fill another gap between mod_fcgi and mod_proxy_fcgi, namely the -flush funtionality. The more evolved core trunk code would not need this feature becuse of the non-blocking writes, but it is be needed in 2.4.x. mod_proxy_fcgi: limit the flush buckets inserted when flushpackets=on|auto This commit is a follow up of r1802040 based on Jacob's feedback, namely inserting the FLUSH buckets only when really needed and useful, not always. mod_proxy_fcgi: follow up to r1807876. Fix mixed declarations and code [-Wdeclaration-after-statement]. Fix a compilation warning introduced by r1802040. mod_proxy_fcgi.c:893:19: warning: ‘flushpoll’ may be used uninitialized in this function [-Wmaybe-uninitialized] This warning is a false positive. mod_proxy_fcgi: prioritize the check for mayflush when using flushpackets The mayflush variable should be checked before the rest to avoid polling when not needed. Suggested by Yann Ylavic on the dev@ mailing list. Submitted by: elukey, ylavic, jailletc36, elukey Reviewed by: elukey, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1825765 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 20, 2018
-
-
Yann Ylavic authored
mpm_event: move lingering close "sucker" from the listener to worker(s). This was the last non-constant time action performed by the listener thread. It's now handled by the worker thread directly after entering lingering close, which should directly address the cases when the socket is already closed remotely at that time, hence avoid more scheduling (it may be the common case for some scenarios). And it's only if the above would need blocking (i.e. more data to suck) that the socket is added to the pollset for the listener to re-schedule a worker later when ready. If no worker is available at that time then the socket is forcibly closed (similarly to what's done for keepalive connections in this case). Also, since process_lingering_close() is now called by a worker thread and with almost no depth in the call stack, we can grow the size of the "suck" buffer from 2K to 32K to potentially call recv() up to sixteen times less. mpm_event: follow up to r1823047. Update clogged counter on read_request retry too. mpm_event: follow up to r1823047: simplify "clogging" logic (reentrance). mpm_event: follow up to r1823047: complete state validation after processing. mpm_event: follow up to r1823047: CHANGES entry. mpm_event: follow up to r1823047 and r1824464. MMN bump for CONN_STATE_NUM, plus don't consider CONN_STATE_LINGER_* as valid states returned process_connection (never have been). mpm_event: follow up to r1823047 and r1824862. Revert (broken) functional change from r1824862. Submitted by: ylavic Reviewed by: ylavic, minfrin, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824879 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824874 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
10 years after r567503 , fix this properly. The lock is created in post_config, so we can't copy it around in a merge_server_config() callback. Submitted by: covener Reviewed by: covener, rpluem, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824872 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
mpm_event: move lingering close "sucker" from the listener to worker(s). This was the last non-constant time action performed by the listener thread. It's now handled by the worker thread directly after entering lingering close, which should directly address the cases when the socket is already closed remotely at that time, hence avoid more scheduling (it may be the common case for some scenarios). And it's only if the above would need blocking (i.e. more data to suck) that the socket is added to the pollset for the listener to re-schedule a worker later when ready. If no worker is available at that time then the socket is forcibly closed (similarly to what's done for keepalive connections in this case). Also, since process_lingering_close() is now called by a worker thread and with almost no depth in the call stack, we can grow the size of the "suck" buffer from 2K to 32K to potentially call recv() up to sixteen times less. mpm_event: follow up to r1823047. Update clogged counter on read_request retry too. mpm_event: follow up to r1823047: simplify "clogging" logic (reentrance). mpm_event: follow up to r1823047: complete state validation after processing. mpm_event: follow up to r1823047: CHANGES entry. mpm_event: follow up to r1823047 and r1824464. MMN bump for CONN_STATE_NUM, plus don't consider CONN_STATE_LINGER_* as valid states returned process_connection (never have been). Submitted by: ylavic Reviewed by: ylavic, minfrin, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824868 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 19, 2018
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824798 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Ruggeri authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824751 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 16, 2018
-
-
Yann Ylavic authored
mod_proxy: Provide an RFC1035 compliant version of the hostname in the proxy_worker_shared structure. PR62085 Tone down the message that worker hostname is too long noting it only affects legacy modules not yet using hostname_ex. Set the notice when hostname is too long for legacy proxy modules to info level. Submitted by: minfrin Reviewed by: minfrin, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824504 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
trunk patch: http://svn.apache.org/r1463049 http://svn.apache.org/r1492395 http://svn.apache.org/r1493257 http://svn.apache.org/r1494532 2.4.x patch: http://people.apache.org/~jorton/mad_pr54637.diff +1: jorton, ylavic, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824481 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
trunk patch: http://svn.apache.org/r1824390 2.4.x patch: trunk works (modulo CHANGES) +1: ylavic, rpluem, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824477 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
trunk patch: http://svn.apache.org/r1824343 2.4.x patch: trunk works (modulo CHANGES) +1: ylavic, rpluem, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824475 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
caseless matching or extended format. trunk patch: http://svn.apache.org/r1824339 http://svn.apache.org/r1824439 +1: ylavic, rpluem, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824472 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
error, not only on buffer full. trunk patch: http://svn.apache.org/r1824303 +1: ylavic, rpluem, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824469 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
trunk patch: http://svn.apache.org/r1824336 +1: ylavic, elukey, rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824456 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
no longer automatically fatal errors but are instead logged and truncated, at which point the admin can determine if that is OK or not. trunk patch: http://svn.apache.org/r1823482 +1: jim, minfrin, rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824455 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
Merge r1821624, r1821625, r1821626, r1821627, r1821629, r1821632, r1821635, r1821639, r1821644, r1821647, r1821648, r1821649, r1821650, r1821651, r1821659, r1821660, r1822366, r1822367, r1824381 from trunk: Shared fdqueue code between MPMs event and worker into mpm_fdqueue. This first step moves the files server/mpm/event/fdqueue.[ch] to server/mpm_fdqueue.[ch] (untouched for now, simple svn move). Will follow up with the necessary changes to mpm_unix.* for common code. mpm_fdqueue: follow up to r1821624. And now it's mpm_fdqueue, with minimal #includes. mpm_fdqueue: follow up to r1821624. Opacify fdqueue types. mpm_fdqueue: follow up to r1821624. Style, no functional change. mpm_fdqueue: follow up to r1821624. Rename ap_queue_info_get_idlers() to ap_queue_info_num_idlers(). mpm_fdqueue: follow up to r1821624. Clear recycled_pools_count in ap_free_idle_pools(). mpm_fdqueue: follow up to r1821624. Prepare mpm_worker to use common fdqueue. mpm_worker: follow up to r1821624. Use common [mpm_]fdqueue. mpm_fdqueue: follow up to r1821624. The implemention wants APR_HAS_THREADS too. mpm_fdqueue: follow up to r1821624. The code is not part of the API. mpm_fdqueue: follow up to r1821624. Fix typo in comment. mpm_fdqueue: follow up to r1821624. Cosmetics, 80 cols, no functional change. mpm_worker: follow up to r1821624. Free idle pools while stopping. mpm_fdqueue: follow up to r1821624. Be explicit in the naming about what's push/pop-ed. mpm_fdqueue: follow up to r1821624. Either error matters, simplify code. mpm_fdqueue: follow up to r1821624. Make the allocation and zero-ing in ap_queue_init() => ap_queue_create(). mpm_fdqueue: follow up to r1821624. Export ap_queue_*() fonctions, so that they are accessible from MPMs, but don't provide "mpm_fdqueue.h" in the API (include/). mpm_fdqueue: follow up to r1821624. 80 colums. Follow up to r1821624: CHANGES entry. Submitted by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-mpm_fdqueue@1824384 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 15, 2018
-
-
Yann Ylavic authored
* mod_proxy: Allow setting options to globally defined balancer from ProxyPass used in VirtualHost. Balancers are now merged using the new merge_balancers method which merges the balancers options. mod_proxy: follow up to r1667707: MMN minor bump. Submitted by: jkaluza, ylavic Reviewed by: icing, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824333 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 14, 2018
-
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824271 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
Merge r1776575, r1776578, r1776624, r1776627, r1776674, r1776734, r1776740, r1778268, r1780725, r1781030, r1781031, r1781701, r1788674, r1789800, r1790169, r1790457, r1790691, r1806985, r1812332, r1818279 from trunk: Merge new PROXY protocol code into mod_remoteip Fix typo in mod_remoteip's doc Shorten RemoteIPProxyProtocolEnable to RemoteIPProxyProtocol and correct references in docs Move attribution for mod_remoteip RemoteIPProxyProtocol from file to CHANGES On the trunk: * mod_remoteip: added cast to fix clang compiler error Reinsert attribution to mod_remoteip.c for PROXY protocol * Silence compiler warning Set all read buckets aside in case we need to restore all during optional header processing * modules/metadata/mod_remoteip.c: Fix GCC strict-aliasing warning by moving deference of header array via a different pointer type ("type-punning") out of line. * modules/metadata/mod_remoteip.c (register_hooks, remoteip_hook_pre_connection): Reference the filter by handle rather than name (avoiding tree lookup by name on use). Change tactic for PROXY processing in Optional case Finally include feedback from Ruediger Pluem. Add slave "backoff" verified by Sander Hoentjen Update PROXY handling by removing Optional processing Rename RemoteIPProxyProtocolDisableHosts to RemoteIPProxyProtocolExceptions Fix directive name in (s/RemoteIPProxyProtocolDisableNetworks/RemoteIPProxyProtocolExceptions/) Use cmd->cmd->name instead to be future proof. XML update plus typo in mod_remoteip.xml. PROXY protocol proposal corrections Fix format pattern (%lu => %APR_SIZE_T_FMT). Detected by maintainer mode compilation and GCC error: .../modules/metadata/mod_remoteip.c: In function 'remoteip_input_filter': .../include/http_log.h:117:33: error: format '%lu' expects argument of type 'long unsigned int', but argument 8 has type 'apr_size_t {aka unsigned int}' [-Werror=format=] APR-ize uint types Submitted by: druggeri, elukey, druggeri, druggeri, druggeri, icing, druggeri, rpluem, druggeri, jorton, jorton, druggeri, druggeri, druggeri, druggeri, jailletc36, lgentis, mrumph, rjung, jim Reviewed by: druggeri, jim, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824248 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824246 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
trunk patch: http://svn.apache.org/r1776575 http://svn.apache.org/r1776578 (doc fix) http://svn.apache.org/r1776624 http://svn.apache.org/r1776627 (shortened name + doc fix) http://svn.apache.org/r1776674 (attribution moved to CHANGES) http://svn.apache.org/r1776734 http://svn.apache.org/r1776740 (attribution updated in mod_remotip.c) http://svn.apache.org/r1778268 (fix compiler warning) http://svn.apache.org/r1780725 (set buckets aside) http://svn.apache.org/r1781030 (fix strict GCC warning) http://svn.apache.org/r1781031 (reference the filter by handle) http://svn.apache.org/r1781701 (rework optional processing case) http://svn.apache.org/r1788674 (final edge cases/ignore slave conns) http://svn.apache.org/r1789800 (remove optional processing) http://svn.apache.org/r1790169 (rename "exception" directive) http://svn.apache.org/r1790457 (Update directive name in err message) http://svn.apache.org/r1790691 http://svn.apache.org/r1806985 http://svn.apache.org/r1818279 2.4 convenience patch (includes CHANGES): http://home.apache.org/~ylavic/patches/RemoteIPProxyProtocol.2.4-v3.patch +1: druggeri, jim, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824221 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 13, 2018
-
-
Graham Leggett authored
allowing per backend TLS configuration. trunk patch: http://svn.apache.org/r1740928 http://svn.apache.org/r1740960 http://svn.apache.org/r1740967 http://svn.apache.org/r1740987 http://svn.apache.org/r1740998 http://svn.apache.org/r1742697 http://svn.apache.org/r1756976 http://svn.apache.org/r1781313 http://svn.apache.org/r1812193 2.4.x patch: https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/httpd-2.4.x-r1740928_and_co-v6.patch +1: ylavic, icing, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824187 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
trunk patch: http://svn.apache.org/r1810358 http://svn.apache.org/r1810362 http://svn.apache.org/r1810363 http://svn.apache.org/r1810365 http://svn.apache.org/r1810447 http://svn.apache.org/r1816919 http://svn.apache.org/r1816922 http://svn.apache.org/r1818013 http://svn.apache.org/r1818280 +1: jim, icing, minfrin icing: tested on ubuntu 16.04 with a simple uwsgi python app. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824184 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
depend on the number of restarts (non-Unix systems) and preserve shared names as much as possible on configuration changes for SHMs and persisted files. PR 62044. trunk patch: http://svn.apache.org/r1822509 http://svn.apache.org/r1822511 http://svn.apache.org/r1823412 http://svn.apache.org/r1823415 http://svn.apache.org/r1823416 http://svn.apache.org/r1823564 http://svn.apache.org/r1823572 http://svn.apache.org/r1823575 2.4.x patch: trunk works (modulo CHANGES) (or http://home.apache.org/~ylavic/patches/httpd-2.4.x-PR62044-slotmems_reuse.patch) +1: ylavic, jim, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824180 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 10, 2018
-
-
Stefan Eissing authored
Merged /httpd/httpd/trunk:r1821371,1822502-1822503,1822624 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1823781 13f79535-47bb-0310-9956-ffa450edef68
-