Skip to content
  1. Jan 05, 2014
  3. Dec 26, 2013
  5. Dec 18, 2013
  7. Nov 29, 2013
  9. Nov 22, 2013
  11. Nov 19, 2013
  13. Nov 17, 2013
  15. Nov 16, 2013
  17. Nov 15, 2013
    • Jim Jagielski's avatar
      Merge r1523281, r1524368, r1525276, r1525280, r1525281 from trunk: · 675e9c8f
      Jim Jagielski authored 
      Switch from private FastCGI protocol handling to util_fcgi API.


Use apr_socket_timeout_get instead of hard-coded 30 seconds timeout.


Bring some envvar flexibility from mod_authnz_fcgi to mod_proxy_fcgi:

mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
An individual envvar with an encoded length of more than 16K will be
omitted.


Borrow a fix from mod_authnz_fcgi:

mod_proxy_fcgi: Handle reading protocol data that is split between
packets.


Use ap_log_rdata() to dump the FastCGI header, axing a bunch
of custom data dumping code.

Submitted by: trawick, jkaluza, trawick, trawick, trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1542330 13f79535-47bb-0310-9956-ffa450edef68
      675e9c8f
    • Jim Jagielski's avatar
      Merge r1526168, r1527291, r1527294, r1527295, r1527926 from trunk: · 3a14aba1
      Jim Jagielski authored 
      Streamline ephemeral key handling:

- drop support for ephemeral RSA keys (only allowed/needed
  for export ciphers)

- drop pTmpKeys from the per-process SSLModConfigRec, and remove
  the temp key generation at startup (unnecessary for DHE/ECDHE)

- unconditionally disable null and export-grade ciphers by always
  prepending "!aNULL:!eNULL:!EXP:" to any cipher suite string

- do not configure per-connection SSL_tmp_*_callbacks, as it is
  sufficient to set them for the SSL_CTX

- set default curve for ECDHE at startup, obviating the need
  for a per-handshake callback, for the time being (and also
  configure SSL_OP_SINGLE_ECDH_USE, previously left out)

For additional background, see
https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C52358ED1.2070704@velox.ch%3E


Follow-up fixes for r1526168:

- drop SSL_TMP_KEY_* constants from ssl_private.h, too

- make sure we also disable aNULL, eNULL and EXP ciphers
  for per-direct...
      3a14aba1
  19. Nov 14, 2013
  21. Nov 13, 2013
  23. Nov 09, 2013
  25. Oct 28, 2013
  27. Oct 18, 2013
    • Jim Jagielski's avatar
      Merge r1529559, r1531505 from trunk: · 484255f2
      Jim Jagielski authored 
      Fix PR 55397: dav_resource->uri treated as an unparsed uri.

The change made for PR 54611 caused this field to be treated as
unescaped.  mod_dav_svn however, provided escaped URIs.  Essentially
breaking support for paths with non-URI safe characters in SVN.

Adjust the code so that dav_resource->uri is assumed to be escaped and
adjust mod_dav_fs so that it uses escaped URIs in this field.

* modules/dav/fs/repos.c
  (dav_fs_get_resource): Use the unparsed_uri to contruct the resource uri.

* modules/dav/main/mod_dav.c
  (dav_xml_escape_uri): Do not uri escape, just handle xml escaping.
  (dav_created): Assume that locn if provided is escaped.
  (dav_method_copymove, dav_method_bind): Use the unparsed_uri on the request
    when calling dav_created() to adjust to locn assuming it is escaped.

* modules/dav/main/mod_dav.h
  (dav_resource): Document that uri is escaped.


Followup to r1529559: mod_dav_fs: Fix encoding of hrefs in PROPFIND response.

Previous commit missed encoding the names of the children of the PROPFIND
request when the depth wasn't 0.

* modules/dav/fs/repos.c
  (dav_fs_append_uri): New function
  (dav_fs_walker): Use dav_fs_append_uri() and adjust length calculations to
    use the encoded length.


Submitted by: breser
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1533448 13f79535-47bb-0310-9956-ffa450edef68
      484255f2
    • Jim Jagielski's avatar
      Merge r1528718 from trunk: · da9cdf04
      Jim Jagielski authored 
      mod_dav: Fix PR 55306.

Makes mod_dav no longer require that the lock token be provided when the
source of a COPY is locked.  The prior behavior was in violating of
RFC 4918 which says that the lock token is only required on resources
that may be modified by the method.

* modules/dav/main/mod_dav.h
  (DAV_VALIDATE_NO_MODIFY): New flag to be passed to dav_validate_* functions.

* modules/dav/main/mod_dav.c
  (dav_method_copymove): Use the new flag when calling dav_validate_request()
    on the COPY source.

* modules/dav/main/util.c
  (dav_validate_resource_state): Use the flag to decide to ignore if the lock
    token is not provided.

Submitted by: breser
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1533447 13f79535-47bb-0310-9956-ffa450edef68
      da9cdf04
  29. Oct 14, 2013
  31. Oct 10, 2013
    • Jim Jagielski's avatar
      Merge r1526666, r1527220 from trunk: · 37b01e35
      Jim Jagielski authored 
      WinNT MPM: Exit the child if the parent process crashes or is terminated.

Submitted by: Oracle, via trawick

The original modification was made some years ago for Oracle HTTP Server
by an Oracle employee.  trawick made additional changes for style and
for trunk/2.4.x changes.


Follow up to r1526666:

Use SYNCHRONIZE instead of PROCESS_ALL_ACCESS because

a. it is sufficient
b. it avoids an issue where PROCESS_ALL_ACCESS is larger on
   newer SDKs, resulting in a run-time error when running on
   older Windows

Close the handle.

Submitted by: Ivan Zhakov <ivan visualsvn.com>

Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1531000 13f79535-47bb-0310-9956-ffa450edef68
      37b01e35
    • Jim Jagielski's avatar
      Merge r1530793 from trunk: · 55337b30
      Jim Jagielski authored 
      core: Don't truncate output when sending is interrupted by a signal,
      such as from an exiting CGI process.

PR: 55643

Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1530999 13f79535-47bb-0310-9956-ffa450edef68
      55337b30
  33. Oct 08, 2013
  35. Oct 07, 2013
  37. Oct 03, 2013
  39. Oct 02, 2013
  41. Oct 01, 2013