- Oct 10, 2017
-
-
Joe Orton authored
Fix a segmentation fault if AuthzDBDQuery is not set. PR: 61546 Submitted by: Lubos Uhliarik <luhliari redhat.com> Reviewed by: jailletc36, ylavic, elukey git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1811749 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
*) mod_rewrite: Add support for starting External Rewriting Programs as non-root user on UNIX systems by specifying username and group name as third argument of RewriteMap directive. Submitted by: jkaluza Reviewed by: jorton, wrowe, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1811748 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
* server/protocol.c (ap_content_length_filter): Rewrite the content length filter to avoid arbitrary memory consumption for streaming responses (e.g. large CGI script output). Ensures C-L is still generated in common cases (static content, small CGI script output), but this DOES change behaviour and some responses will end up chunked rather than C-L computed. PR: 61222 Submitted by: jorton, rpluem Reviewed by: jorton, wrowe, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1811746 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
mod_ssl: return non ambiguous value in ssl_callback_SessionTicket() for encryption mode (we used to return 0, OpenSSL documents returning 1 instead). Practically this does not change anything since OpenSSL will only check for >= 0 return value (non error) for encryption mode (the other possible return values are only relevant for decryption mode). However the OpenSSL documentation for SSL_CTX_set_tlsext_ticket_key_cb() states: " The return value of the cb function is used by OpenSSL to determine what further processing will occur. The following return values have meaning: 2 This indicates that the ctx and hctx have been set and the session can continue on those parameters. Additionally it indicates that the session ticket is in a renewal period and should be replaced. The OpenSSL library will call cb again with an enc argument of 1 to set the new ticket (see RFC5077 3.3 paragraph 2). 1 This indicates that the ctx and hctx have been set and the session can continue on those parameters. 0 This indicates that it was not possible to set/retrieve a session ticket and the SSL/TLS session will continue by by negotiating a set of cryptographic parameters or using the alternate SSL/TLS resumption mechanism, session ids. If called with enc equal to 0 the library will call the cb again to get a new set of parameters. less than 0 This indicates an error. " So 0 is not appropriate in our code, 1 is what we really want (and it won't break if OpenSSL later changes its checks on the callback return value). Reported/Proposed by: oknet on github, pull request #18. Reviewed by: jorton, ylavic, wrowe [Closes #18] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1811742 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 25, 2017
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1809610 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 22, 2017
-
-
Yann Ylavic authored
event: Avoid possible blocking in the listener thread when shutting down connections. PR 60956. start_lingering_close_nonblocking() now puts connections in defer_linger_chain which is emptied by any worker thread (all atomically) after its usual work, hence any possibly blocking flush and lingering close run outside the listener. The listener may create a dedicated worker if it fills defer_linger_chain or while it's not empty, calling push2worker with a NULL cs. The state machine in process_socket() is slighly modified to be able to enter with CONN_STATE_LINGER directly w/o clogging_input_filters to interfer. New abort_socket_nonblocking() allows to reset connections when nonblocking is required and we can't do much about the connection anymore, nor we want the system to linger on its own after close(). Many thanks to Stefan Priebe for his heavy testing on many event's changes! Submitted by: ylavic Reviewed by: ylavic, jim, icing git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1809299 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 19, 2017
-
-
Jim Jagielski authored
mod_speling/PR 38923: don't embed Referer in link in error page. Submitted by: niq Reviewed by: niq, ylavic, elukey git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1808856 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
loadfactor now decimal Umm. This is C :) Fix remaining lint from ms capability for hchecks. format typo Reviewed by: jim, humbedooh, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1808855 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
htdigest: prevent buffer overflow when strings in lines are too long. Reported by: Hanno Böck PR: 61511 Update CHANGES after r1808008 Submitted by: elukey Reviewed by: elukey, icing, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1808853 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 18, 2017
-
-
Yann Ylavic authored
https://svn.apache.org/r1807754 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1808787 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Add logic to read the Upgrade header and use it in the response. Use we you are proxying to a server that has multiple upgrade on the same IP/Port. PR 61142 Submitted by: jfclere Reviewed by: jfclere, jim, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1808698 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 08, 2017
-
-
Yann Ylavic authored
Allow WatchdogInterval to be sub 1 second Allow finer control over hcheck intervals... minimum is whatever the watchdog slice is. Fix remaining lint from ms capability for hchecks. userland change = we now are OK w/ ms Submitted by: jim Reviewed by: jim, covener, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1807772 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
mod_http2: version bump, partial fix for stream response getting stuck, see https://github.com/icing/mod_h2/issues/143 mod_http2: signalling produce IO before waiting on beam buffer to drain. mod_http2: non-dev version for backport Submitted by: icing Reviewed/backported by: icing, steffenal, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1807771 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1807762 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
core: Disallow Methods' registration at run time (.htaccess), they may be used only if registered at init time (httpd.conf). Calling ap_method_register() in children processes is not the right scope since it won't be shared for all requests. Reviewed by: ylavic, covener, icing git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1807754 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
mod_ssl: we can't use SSL_COMP_free_compression_methods() if OPENSSL_NO_COMP is defined. PR 61206. Submitted by: Michael Schlenker <msc contact.de> mod_ssl, ab: compatibility with LibreSSL. PR 61184. LibreSSL defines OPENSSL_VERSION_NUMBER = 2.0, but is not compatible with all of the latest OpenSSL 1.1 API. Address this by defining MODSSL_USE_OPENSSL_PRE_1_1_API which is true for anything but OpenSSL >= 1.1 (for now). Proposed by: Bernard Spil <brnrd freebsd.org> Reviewed by: ylavic Follow up to r1803396: CHANGES entry. Reviewed by: ylavic, jim, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1807734 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
Support use of optional "tag" in syslog entries. Streamline the patch. PR 60525. Submitted by: jim Reviewed by: rpluem, jim, mrumph git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1807707 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 18, 2017
-
-
Joe Orton authored
Fix ProxyAddHeaders merging. * modules/proxy/mod_proxy.h: Add add_forwarded_headers_set field to proxy_dir_conf. * modules/proxy/mod_proxy.c (create_proxy_dir_config): Initialize add_forwarded_headers_set. (add_proxy_http_headers): Set it. (merge_proxy_dir_config): Merge add_forwarded_headers correctly. Reviewed by: jorton, rpluem, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1805390 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 16, 2017
-
-
Jim Jagielski authored
core: Disallow multiple Listen on the same IP:port when listener buckets are configured (ListenCoresBucketsRatio > 0), consistently with the single bucket case (default), thus fixing the leak of the corresponding socket descriptors on graceful restart. Follow up to r1789220. Document the implicit behaviour of ListenCoresBucketsRatio when multiple Listen-ers are configured on the same IP:port. Submitted by: ylavic Reviewed by: ylavic, jim, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1805221 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 06, 2017
-
-
Steffen Land authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1804229 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 17, 2017
-
-
Jim Jagielski authored
Merge r1762580, r1762701, r1762702, r1762718, r1762723, r1762742, r1762743, r1774538, r1779354 from trunk: event: use atomics for *timeout_queue->total since it's updated concurrently, and move TO_QUEUE_*() macros to functions. event: add/remove from/to the pollset outside of the critical sections. We don't need external locking since it's created with APR_POLLSET_THREADSAFE, hence reduce those sections to the lowest cycles possible. A spinlock may be interesting instead of the mutex now, we won't block and the TO_QUEUE_*() and process_timeout_queue() operations are fast... event: follow up to r1762701: update log tag. event: avoid unnecessary listener/polling wake ups (context switches) by using apr_pollset_wakeup(), when implemented, to signal the listener according to the next timers or timeout queues expiry (updated at insert and maintenance time). Follow up to r1762718: CHANGES entry. event: follow up to r1762718. We still need to kill kept-alive connections in normal/expiry processing if the workers are busy or dying. event: follow up to r1762718 and r1762742: put de condition where it belongs. event: follow up to r1762718. On graceful shutdown/restart, kill kept-alive connections before poll()ing again, avoiding to wait for their "normal" timers (before being woken up) when they remain the last handled connections. event: follow up to r1762701. Keep QUEUE_APPEND()+pollset_add() or QUEUE_REMOVE()+pollset_remove() atomic. Otherwise when a worker adds an entry in some queue (e.g. KA, lingering), it might race with the listener in the time between the mutex is released and the pollset is updated; meanwhile the listener might process the queue and find an entry no yet in its pollset. For the lingering queue, the entry could then have been used after its pool destroyed. Submitted by: ylavic Reviewed by: ylavic, icing, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1802146 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy_wstunnel: we want to detect whether some response was sent to the client when forwarding data from the backend to the client, not the reverse. Follow up to r1754164: CHANGES entry. Follow up to r1801994: CHANGES' PR reference. Submitted by: ylavic Reviewed by: ylavic, jchampion, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1802144 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1802129 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1802121 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 08, 2017
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1801291 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 06, 2017
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1801086 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1801080 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1801079 13f79535-47bb-0310-9956-ffa450edef68
-
Jacob Champion authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1801074 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
On the trunk: mod_http2: Simplify ready queue, less memory and better performance. Update mod_http2 version to 1.10.7. Submitted by: icing Reviewed by: icing, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1801045 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 04, 2017
-
-
Rainer Jung authored
PR58188, PR60831, PR61245. RTC The following lua 5.2 and 5.3 compat change should be checked for runtime correctness by someone more knowledgeable about lua. Index: modules/lua/lua_apr.c --- modules/lua/lua_apr.c (original) +++ modules/lua/lua_apr.c Tue Jul 4 20:48:43 2017 @@ -82,7 +82,11 @@ static const luaL_Reg lua_table_methods[ int ap_lua_init(lua_State *L, apr_pool_t *p) { luaL_newmetatable(L, "Apr.Table"); +#if LUA_VERSION_NUM < 502 luaL_register(L, "apr_table", lua_table_methods); +#else + luaL_newlib(L, lua_table_methods); +#endif lua_pushstring(L, "__index"); lua_pushstring(L, "get"); lua_gettable(L, 2); git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1800835 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
* Do not apply the strict permissions of the temporary file to a possibly existing passwd file. This long standing bug was triggered by fixing a bug in APR in r1791029. PR: 61240 Submitted by: rpluem Reviewed by: rpluem, ylavic, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1800775 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
On the trunk: mod_http2: disable and give warning when mpm_prefork is encountered. The server will continue to work, but HTTP/2 will no longer be negotiated. Submitted by: icing Reviewed by: icing, ylavic, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1800774 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 03, 2017
-
-
Jim Jagielski authored
proxy_fcgi: remove FPM-specific logic Reverts r1780328, r1780329, and their associated followups, which incorrectly manipulated SCRIPT_NAME by default. All proxy_fcgi.t regression tests now pass. PR: 61202 Partial reversal of r1800306... note virtual scripts in notes Submitted by: jchampion, jim Reviewed by: jchampion, jim, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1800618 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 29, 2017
-
-
William A. Rowe Jr authored
Backports: r1800173 PR: 61220 Submitted by: ylavic Reviewed by: wrowe, jchampion, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1800215 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 26, 2017
-
-
Jim Jagielski authored
Since r1753257, "HEAD" method is registered into the registry hash with the M_GET ID. (r1757672 in 2.4.x) We iterate over all the values of the registery, so there is no need anymore to have a special case for "HEAD" in 'make_allow()'. It has its own entry now. With the current code, we have "HEAD" 3 times in the Allow Header field. This is because we find M_GET 2 times in the registry hash. The first one gives "GET" and "HEAD" (as the special handling), and the second "HEAD" and "HEAD" (as the special handling). BTW, use APR_ARRAY_PUSH instead of hand coding it, in oder to have the code more readable. PR 61207 Add CHANGE entry Submitted by: jailletc36 Reviewed by: jailletc36, rpluem, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1799890 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 19, 2017
-
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1799230 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1799225 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 14, 2017
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1798665 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 13, 2017
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1798616 13f79535-47bb-0310-9956-ffa450edef68
-