PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) mod_authz_dbd: Avoid a crash when lacking correct DB access permissions.
- PR 57868.
- trunk: http://svn.apache.org/r1688660
- 2.4.x: trunk works modulo CHANGES and next-number
- +1: jailletc36, ylavic, niq
- jailletc36: I'm just wondering why the log message speak about "dbd-query"
- while other messages around are about "dbd-group"?
-
- *) mod_rewrite: Avoid a crash when lacking correct DB access permissions
- when using RewriteMap with MapType dbd or fastdbd.
- PR 57868.
- trunk: http://svn.apache.org/r1695170
- 2.4.x: trunk works modulo (missing) CHANGES and next-number
- +1: jailletc36, ylavic, niq
- jailletc36: A CHANGE entry should be added. I forgot it :(
-
- *) mod_dir: when we bail out of fixups, make sure Content-Type is not still
- httpd/unix-directory. This only happens when the generator sets
- no content-type which is more common w/ no DefaultType in 2.4.
- trunk: http://svn.apache.org/r1695583
- 2.4.x: trunk works
- +1: covener, ylavic, niq
+
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
- * mod_proxy: Add ap_proxy_define_match_worker() and use it for ProxyPassMatch
- and ProxyMatch section to distinguish between normal workers and workers
- with regex substitutions in the name. Implement handling of such workers
- in ap_proxy_get_worker(). Fixes the bug when regex workers were not
- matched and used for request. PR 43513.
- trunk patch: http://svn.apache.org/r1609680
- http://svn.apache.org/r1609688
- http://svn.apache.org/r1641381
- ylavic: Merge patch provided (reusing new->real to avoid double de_socketfy() call).
- Also added missing r1609688 to the patchset.
- 2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-ap_proxy_define_match_worker.patch
- +1: ylavic
- -0: covener tried to review this one in Austin with Jeff. Does the added match function
- really cover a very narrow set of parameters with the way it skips over backreferences?
- Also, why a new API vs. just setting the field inline?
-
* core: Add ap_errorlog_provider to make ErrorLog logging modular. This
backport keeps syslog logging as part of httpd core and only adds
API to allow other modules to be used for error logging.
needs 2 args which is not valid in ErrorLog manual)
trawick: nit: fix "writing" in "/* NULL if we are writting to syslog */"
(sorry, haven't finished reviewing completely)
+ jim: What is the status of this??
* mod_journald: Add new module mod_journald to log error logs into journald.
This patch needs changes done in mod_systemd patch (already
trunk patch: http://svn.apache.org/r1610339
http://svn.apache.org/r1621806
2.4.x patch: http://people.apache.org/~jkaluza/patches/httpd-2.4.x-mod_journald.patch
- +1: jkaluza
-
- * MPMs: Support SO_REUSEPORT to create multiple duplicated listener
- records for scalability (full log in 2.4.x patch).
- trunk patch: http://svn.apache.org/r1599531
- http://svn.apache.org/r1599593
- http://svn.apache.org/r1599601
- http://svn.apache.org/r1599603
- http://svn.apache.org/r1601558
- http://svn.apache.org/r1629909
- http://svn.apache.org/r1629918
- http://svn.apache.org/r1629990
- http://svn.apache.org/r1635521
- http://svn.apache.org/r1635859
- http://svn.apache.org/r1640145
- http://svn.apache.org/r1640161
- http://svn.apache.org/r1640184
- http://svn.apache.org/r1640763
- http://svn.apache.org/r1643179
- http://svn.apache.org/r1656368
- http://svn.apache.org/r1679714
- 2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-ap_listeners_buckets-v3.patch
- +1: ylavic, jim
+ +1: jkaluza, jim
+ minfrin: Not understanding "This patch needs changes done in
+ mod_systemd patch", am I right in understanding this patch is
+ already committed?
*) http: Don't remove the Content-Length of zero from a HEAD response if
it comes from an origin server, module or script. Allow the previous
trunk patch: http://svn.apache.org/r1554303
http://svn.apache.org/r1678215
2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-preserve_head_cl_zero.patch
- +1: ylavic
+ +1: ylavic, jim
ylavic: r1554303 issued a major MMN bump, but since the ABI change is two
ints added at the end of core_server_config, the proposed merge
does a minor bump only.
+ minfrin: Two new directives need to be documented.
+
*) mod_substitute: Configure patterns merge order. PR 57641
trunk patch: http://svn.apache.org/r1684900
http://svn.apache.org/r1687539
ylavic: updated to v5 including r1697013 and r1697015, the diff to v4 is:
http://people.apache.org/~ylavic/httpd-2.4.x-SubstituteInheritBefore-v4_vs_v5.diff
- *) mod_proxy: Fix a race condition that caused a failed worker to be retried
- before the retry period is over
- Trunk version of patch:
- http://svn.apache.org/r1664709
- http://svn.apache.org/r1697323
- Backport version for 2.4.x of patch:
- Trunk version of patch works modulo CHANGES
- +1: rpluem, ylavic
- niq: 1. the if(worker->s->retries) {} and comment at line 2917
- don't seem to make any sense.
- rpluem: This is just taken over from existing code. It is just indented
- differently hence part of the path I think it should be marked
- as TODO section. But this should be subject to another
- patch.
- 2. Re: error handline line 2930 - can PROXY_WORKER_IS_USABLE
- not be tested BEFORE opening connection?
- rpluem: We could, but we can catch more race cases with the current code
- as it also catches the case where a connection establishment
- took long and the worker went into error meanwhile.
-
- *) apxs: add HTTPD_MMN and HTTPD_VERSION to apxs -q
- trunk: http://svn.apache.org/r1693919
- 2.4.x: trunk works modulo CHANGES
- +1: covener, ylavic
-
- *) mod_rewrite: Allow cookies to include ':' by using an alternate separator.
- PR47241.
- trunk: http://svn.apache.org/r1693963
- 2.4.x: trunk works modulo CHANGES
- +1: covener, ylavic
-
- *) mod_socache_memcache: Add the 'MemcacheConnTTL' directive to control how
- long to keep idle connections with the memcache server(s).
- Change default value from 600 usec (!) to 15 sec. PR 58091
- Measurements available in the svn commit message.
- trunk: http://svn.apache.org/r1696105
- 2.4.x: trunk works modulo CHANGES
- +1: jailletc36
-
- *) mod_session_dbd: fix lifetime of Request notes.
- trunk: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?r1=1679181&r2=1687087&view=patch
- 2.4.x: trunk patch applies.
- +1: niq, ylavic
-
- *) util_script: Make REDIRECT_URL a complete URL (where set).
- PR 57785
- trunk: http://svn.apache.org/viewvc?view=revision&revision=1677702
- 2.4.x: trunk patch applies.
- +1: niq
-
- *) mod_proxy: Give ap_proxy_post_request as chance to act correctly on the status code
- by setting r->status temporarily to access_status. r->status might be different than
- access_status e.g. r->status could be HTTP_OK if e.g. we override the error page on
- the proxy or if the error was not generated by the backend itself but by the proxy
- e.g. a bad gateway.
- Trunk version of patch:
- http://svn.apache.org/r1597352
- Backport version for 2.4.x of patch:
- Trunk version of patch works
- +1: rpluem,
-
*) core/mod_ssl: add Protocols/ProtocolsHonorOrder directives and new
protocols hooks to control Upgrade: and ALPN protocol switching.
HTTP_MISDIRECTED_REQUEST addition and handling in mod_ssl
http://svn.apache.org/r1693918
http://svn.apache.org/r1698116
http://svn.apache.org/r1698133
- All changes to files in modules/http2 need to be ignored.
- 2.4.x patch: https://raw.githubusercontent.com/icing/mod_h2/master/sandbox/httpd/patches/core-protocols.patch
- +1: icing,
-
+ http://svn.apache.org/r1694950
+ http://svn.apache.org/r1700968
+ http://svn.apache.org/r1701005
+ http://svn.apache.org/r1701145
+ http://svn.apache.org/r1701178
+ All changes to files in modules/http2 need to be ignored.
+ v2: added r1698116, r1693918 to patch
+ v3: added changes to ap_array_index and ap_array_contains
+ 2.4.x patch: https://raw.githubusercontent.com/icing/mod_h2/master/sandbox/httpd/patches/core-protocols-v4.patch
+ +1: icing, jim
+ minfrin: +1 with proposed MMN bump at https://people.apache.org/~minfrin/core-protocols-mmn.patch
+ +1: jim, icing
+ icing: applied patch to ^/httpd/httpd/branches/2.4.17-protocols-http2
+
+ *) mod_h2: add HTTP/2 support to httpd, depends on core/mod_ssl changes above
+ 2.4.x branch for this and core/mod_ssl: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.17-protocols-http2
+ See diff and merged changelists via:
+ svn diff ^/httpd/httpd/branches/2.4.x ^/httpd/httpd/branches/2.4.17-protocols-http2
+ +1: icing, jim
+
+ *) mod_proxy: don't recyle backend announced "Connection: close" connections
+ to avoid reusing it should the close be effective after some new request
+ is ready to be sent.
+ trunk patch: http://svn.apache.org/r1678763
+ http://svn.apache.org/r1703807
+ http://svn.apache.org/r1703813
+ 2.4.x patch: trunk works (module CHANGES)
+ +1: ylavic
+ ylavic: while at it, I also included r1678763 which is only an
+ optimization, but allows to keep code in sync with trunk.
+
+ *) mod_proxy: Fix ProxySourceAddress binding failure with AH00938. PR 56687.
+ trunk patch: http://svn.apache.org/r1703902
+ 2.4.x patch: trunk works (module CHANGES)
+ +1: ylavic, minfrin
+
+ *) mod_logio: Fix %^FB on initial request on SSL connection by not counting
+ handshake writes as first byte. Also fix processing per Yann's observations
+ about potential problems with e.g. write completion.
+ trunk patch: http://svn.apache.org/r1705099
+ http://svn.apache.org/r1705134
+ 2.4.x patch: trunk works
+ +1: covener, minfrin
+
+ *) mod_xml2enc: fix spurious (and harmless) test
+ trunk patch: http://svn.apache.org/r1704099
+ 2.4.x patch: trunk works
+ +1: jailletc36, minfrin
+
+ *) mod_ssl: namespacing changes from May 2015
+ trunk patches: https://svn.apache.org/r1674538
+ https://svn.apache.org/r1677143
+ https://svn.apache.org/r1677144
+ https://svn.apache.org/r1677145
+ https://svn.apache.org/r1677146
+ https://svn.apache.org/r1677149
+ https://svn.apache.org/r1677151
+ https://svn.apache.org/r1677153
+ https://svn.apache.org/r1677154
+ https://svn.apache.org/r1677155
+ https://svn.apache.org/r1677156
+ https://svn.apache.org/r1677159
+ https://svn.apache.org/r1677339
+ https://svn.apache.org/r1677830
+ https://svn.apache.org/r1677832
+ https://svn.apache.org/r1677834
+ https://svn.apache.org/r1677835
+ 2.4.x patch: https://people.apache.org/~kbrand/mod_ssl-2.4.x-namespacing.diff
+ +1: kbrand
+
+ *) mod_ssl: add support for msUPN and dnsSRV otherName form entries
+ in the subjectAltName extension. PR 58020.
+ trunk patch: https://svn.apache.org/r1693792
+ 2.4.x patch: trunk works (modulo CHANGES),
+ but depends on the namespacing backport (see above)
+ +1: kbrand
+
+ *) mod_ssl: support SUITEB* cipher strings with OpenSSL 1.0.2 and later.
+ PR 58213.
+ trunk patch: https://svn.apache.org/r1702643
+ 2.4.x patch: trunk works (modulo CHANGES)
+ +1: kbrand
+
+ *) mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3,
+ and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3".
+ PR 58349, PR 57120.
+ trunk patch: https://svn.apache.org/r1703952
+ 2.4.x patch: https://people.apache.org/~kbrand/mod_ssl-2.4.x-disable-sslv3.diff
+ +1: kbrand
+ ylavic: Should we really change the (implicit) default in 2.4.x at
+ this stage (and potentially break existing configuratios w/o
+ SSLProtocol which used to work with SSLv3 only capable clients)?
+
+ *) mod_alias: Introduce expression parser support for Alias, ScriptAlias
+ and Redirect. Limit Redirect expressions to directory (Location) context
+ and redirect statuses (implicit or explicit).
+ trunk patch: http://svn.apache.org/r1653941
+ http://svn.apache.org/r1653978
+ http://svn.apache.org/r1656225
+ http://svn.apache.org/r1686853
+ http://svn.apache.org/r1686856
+ 2.4.x patch: https://people.apache.org/~minfrin/httpd-mod_alias-expr2.patch
+ +1: minfrin
+
+ * MPMs: Follow up to r1705492 (SO_REUSEPORT). Add missing (and harmless)
+ backport hunk (for consistency with trunk and 2.4.x's worker/event).
+ trunk patch: http://svn.apache.org/r1629916
+ 2.4.x patch: trunk works
+ +1: ylavic
-PATCHES/ISSUES THAT ARE BEING WORKED
- *) mod_ssl: add ALPN support by allowing other modules to register callbacks
- for negotiation of the application layer protocol. PR 52210.
- trunk patch: http://svn.apache.org/r1332643
- http://svn.apache.org/r1487772
- http://svn.apache.org/r1670397
- http://svn.apache.org/r1670434
- http://svn.apache.org/r1670436
- http://svn.apache.org/r1670578
- http://svn.apache.org/r1670738
- http://svn.apache.org/r1675459
- http://svn.apache.org/r1676004
- http://svn.apache.org/r1676709
- http://svn.apache.org/r1681741
- http://svn.apache.org/r1681746
- http://svn.apache.org/r1685069
- 2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-alpn-v4.patch
- +1:
- ylavic: Needs work wrt activation with a new Protocols directive:
- http://www.mail-archive.com/dev@httpd.apache.org/msg62163.html
- and also about SNI checks and status 421:
- http://www.mail-archive.com/dev@httpd.apache.org/msg62230.html
- Let's comment on @dev for Stefan Eissing (mod_h2) to be able to
- participate.
+PATCHES/ISSUES THAT ARE BEING WORKED
* mod_proxy_http: Don't establish or reuse a backend connection before pre-
fetching the request body, so to minimize the delay between it is supposed
PATCHES/ISSUES THAT ARE STALLED
+ * mod_proxy: Add ap_proxy_define_match_worker() and use it for ProxyPassMatch
+ and ProxyMatch section to distinguish between normal workers and workers
+ with regex substitutions in the name. Implement handling of such workers
+ in ap_proxy_get_worker(). Fixes the bug when regex workers were not
+ matched and used for request. PR 43513.
+ trunk patch: http://svn.apache.org/r1609680
+ http://svn.apache.org/r1609688
+ http://svn.apache.org/r1641381
+ ylavic: Merge patch provided (reusing new->real to avoid double de_socketfy() call).
+ Also added missing r1609688 to the patchset.
+ 2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-ap_proxy_define_match_worker.patch
+ +1: ylavic
+ -0: covener tried to review this one in Austin with Jeff. Does the added match function
+ really cover a very narrow set of parameters with the way it skips over backreferences?
+ Also, why a new API vs. just setting the field inline?
+
* mod_systemd: New module, for integration with systemd on Linux.
trunk patch: http://svn.apache.org/r1393976
http://svn.apache.org/r1393997