Joe Orton [Wed, 9 Jan 2019 09:34:34 +0000 (09:34 +0000)]
* modules/aaa/mod_authn_dbm.c (fetch_dbm_value): No functional change:
return APR_SUCCESS rather than rv, which is guaranteed to be
APR_SUCCESS in current code.
Jim Jagielski [Tue, 8 Jan 2019 13:12:34 +0000 (13:12 +0000)]
This just got me. I upgraded macOS to Mojave (w/ latest Xcode) and I always build w/ maintainer-mode. The problem is that libxml2 will include various unicode/*.h files that have C++ type comments, which causes building to fail (due to Werror). Work around this.
Stefan Sperling [Sun, 23 Dec 2018 09:26:56 +0000 (09:26 +0000)]
Avoid hard-coded "%ld" format strings in mod_deflate's logging statements.
On some platforms (e.g. OpenBSD) zlib's input/output counters are off_t
instead of ulong, which resuls in format-string warnings from some
compilers (e.g. clang). Work around this by upcasting to uint64_t.
Discussed on dev@ with ylavic and wrowe
Graham Leggett [Sun, 25 Nov 2018 21:15:21 +0000 (21:15 +0000)]
core: Split out the ability to parse wildcard files and directories
from the Include/IncludeOptional directives into a generic set of
functions ap_dir_nofnmatch() and ap_dir_fnmatch().
I have choosen "unlikely" because this bug has been around for ever ([1]) and the pool is only "cleared"; that is to say, the data is still valid, but the memory *could* be re-used.
Stefan Eissing [Mon, 5 Nov 2018 10:37:32 +0000 (10:37 +0000)]
*) mod_ssl: clear *SSL errors before loading certificates and checking
afterwards. Otherwise errors are reported when other SSL using modules
are in play. Fixes PR 62880. [Michael Kaufmann]
Yann Ylavic [Sun, 28 Oct 2018 20:55:43 +0000 (20:55 +0000)]
Revert r1844928 and follow up r1844942.
Actually *len can be > 0 here, at least without a change I'm working on but now
think should be discussed first probably. Anyway r1844928 alone is broken, just
rollback for now.
Luca Toscano [Sat, 20 Oct 2018 09:21:47 +0000 (09:21 +0000)]
mod_headers.xml: clarify the difference between
onsuccess vs always
In PR 62380 a user was confused why Header set always
was not overriding a header set by a HTTP backend managed
via mod_proxy_http. The difference between 'onsuccess'
and 'always' is really subtle, even if somebody is familiar
with r->headers_out and r->err_headers_out and the httpd's
internals.
As Stefan mentioned over email, the absence of a "normalized"
headers list in the response should be explained, so I tried to
do so in this commit.
Ruediger Pluem [Tue, 16 Oct 2018 12:55:01 +0000 (12:55 +0000)]
* Correctly merge configurations that have client certificates set
by SSLProxyMachineCertificate{File|Path}.
The certificates and keys loaded during configuration time got lost during
runtime if e.g. SSLProxyMachineCertificate{File|Path} was set on virtual host
level and there was an SSL directive at directory level, e.g. SSLRequire.
This fixes a regression likely introduced in r1740928.
Rainer Jung [Mon, 15 Oct 2018 21:14:21 +0000 (21:14 +0000)]
SSL_read() doesn't distinguish between return value 0 and <0,
at least not for OpenSSL 1.1.1. This is documented in the man
page for SSL_read and let to h2 failures when using OpenSSL 1.1.1.
When no data could be read, our code returned EAGAIN up until
OpenSSL 1.1.0, but APR_EOF for OpenSSL 1.1.1.
Now instead check SSL_get_error() also when SSL_read() returns 0.
To keep changes small, this change should not influence behavior,
when (rc=SSL_read()):
- rc < 0
- rc == 0 && *len > 0
- rc == 0 &&
(APR_STATUS_IS_EAGAIN(inctx->rc) || APR_STATUS_IS_EINTR(inctx->rc) &&
inctx->block == APR_NONBLOCK_READ
Behavior changes if
- rc == 0 &&
!(APR_STATUS_IS_EAGAIN(inctx->rc) || APR_STATUS_IS_EINTR(inctx->rc) &&
!*len > 0
Instead of APR_EOF:
- same behavior as rc < 0 for SSL_ERROR_WANT_READ
- same behavior as rc < 0 for SSL_ERROR_SYSCALL && APR_STATUS_IS_EAGAIN(inctx->rc)
Another change is that rc == 0 && ssl_err == SSL_ERROR_ZERO_RETURN
also results in APR_EOF.
Ruediger Pluem [Mon, 15 Oct 2018 19:25:20 +0000 (19:25 +0000)]
* Ensure that aborted connections are logged as such.
Set c->aborted before apr_brigade_cleanup to have the correct status
when logging the request as apr_brigade_cleanup triggers the logging
of the request if it contains an EOR bucket.
Luca Toscano [Sat, 13 Oct 2018 12:10:49 +0000 (12:10 +0000)]
md_acme_drive.c: remove unused variable
Compiling in maintainer mode leads to a failure
due to challenges_configured initialized but
not used. Removing it seems harmless, Stefan
please let me know if this is not the case.
Stefan Eissing [Thu, 11 Oct 2018 11:22:55 +0000 (11:22 +0000)]
On the trunk:
mod_md: eliminating compiler warnings re signedness and unused. Adding a APLOG_WARNING
when the only available ACME challenge is "tls-sni-01" since Let's Encrypt will
disable that completely beginning of 2019.
Eric Covener [Wed, 10 Oct 2018 21:47:53 +0000 (21:47 +0000)]
mpm_event: avoid AH00484 with idle threads
mpm_event: Stop issuing AH00484 "server reached MaxRequestWorkers..." when
there are still idle threads available. When there are less idle threads than
MinSpareThreads, issue new one-time message AH10159. Matches worker MPM.
Stefan Eissing [Wed, 10 Oct 2018 11:35:48 +0000 (11:35 +0000)]
mod_http2: adding defensive code for stream EOS handling, in case the request handler
missed to signal it the normal way (eos buckets). Addresses github issues
https://github.com/icing/mod_h2/issues/164, https://github.com/icing/mod_h2/issues/167
and https://github.com/icing/mod_h2/issues/170.
Luca Toscano [Tue, 9 Oct 2018 12:29:08 +0000 (12:29 +0000)]
mod_session_cookie: avoid adding the Set-Cookie header
in both r->headers_out and r->err_headers_out
to avoid duplication.
In session_cookie_save it seems that ap_cookie_write is called
with r->headers_out and r->err_headers_out, ending up in the same
Set-Cookie header on both tables and eventually duplicated in the
HTTP response. I took Emmanuel's patch and trimmed out the bits
that remove the header only from r->err_headers_out (leaving it
to do the work on both tables) as attempt to change this bit of code
in the most conservative way as possible. Sending a commit for
a broader review.
Evgeny Kotkov [Tue, 9 Oct 2018 12:16:08 +0000 (12:16 +0000)]
mod_brotli, mod_deflate: Restore the separate handling of 304 Not Modified
responses allowing these modules to properly set or fix-up the response
headers such as Vary or ETag.
This change follows up on r1837056 that disabled that special handling and
thus resulted in a potential violation of RFC7232, 4.1:
The server generating a 304 response MUST generate any of the following
header fields that would have been sent in a 200 (OK) response to the
same request: Cache-Control, Content-Location, Date, ETag, Expires,
and Vary.)
Joe Orton [Fri, 5 Oct 2018 12:06:27 +0000 (12:06 +0000)]
* modules/ldap/util_ldap_cache_mgr.c (util_ald_create_caches): Destroy
rather than leak caches if all three cannot be allocated (Coverity
warning). Remove unnecessary pointer.
Joe Orton [Fri, 5 Oct 2018 10:17:18 +0000 (10:17 +0000)]
* modules/slotmem/mod_slotmem_shm.c (restore_slotmem): Remove
redundant assignment (clang warning), the apr_file_eof(fp)=>APR_EOF
case assigns rv to APR_EOF and then to APR_SUCCESS after already.
Ruediger Pluem [Mon, 1 Oct 2018 18:21:18 +0000 (18:21 +0000)]
* Pickup the proxy related configuration for verify mode and verify depth and
not the configuration settings for frontend connections in case of
connections by the proxy to the backend.
projects / apache / log