]> granicus.if.org Git - apache/log
apache
7 years agomod_auth_digest: fix segfaults during shared memory exhaustion
Jacob Champion [Tue, 6 Dec 2016 17:07:19 +0000 (17:07 +0000)]
mod_auth_digest: fix segfaults during shared memory exhaustion

The apr_rmm_addr_get/apr_rmm_malloc() combination did not correctly
check for a malloc failure, leading to crashes when we ran out of the
limited space provided by AuthDigestShmemSize. This patch replaces all
these calls with a helper function that performs this check.

Additionally, fix a NULL-check bug during entry garbage collection.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772919 13f79535-47bb-0310-9956-ffa450edef68

7 years agomod_session_crypto: follow up to r1772812: CHANGES entry.
Yann Ylavic [Mon, 5 Dec 2016 23:46:40 +0000 (23:46 +0000)]
mod_session_crypto: follow up to r1772812: CHANGES entry.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772813 13f79535-47bb-0310-9956-ffa450edef68

7 years agomod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash)
Yann Ylavic [Mon, 5 Dec 2016 23:43:05 +0000 (23:43 +0000)]
mod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash)
to prevent deciphering or tampering with a padding oracle attack.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772812 13f79535-47bb-0310-9956-ffa450edef68

7 years agocapitalize
Eric Covener [Mon, 5 Dec 2016 19:43:18 +0000 (19:43 +0000)]
capitalize

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772763 13f79535-47bb-0310-9956-ffa450edef68

7 years agoxforms
Eric Covener [Mon, 5 Dec 2016 19:34:20 +0000 (19:34 +0000)]
xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772759 13f79535-47bb-0310-9956-ffa450edef68

7 years agoprovide more access control migration hints
Eric Covener [Mon, 5 Dec 2016 19:34:13 +0000 (19:34 +0000)]
provide more access control migration hints

current examples don't account for when access control overlaps
with authentication.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772758 13f79535-47bb-0310-9956-ffa450edef68

7 years agoin 2.4.24-dev
Jim Jagielski [Mon, 5 Dec 2016 14:45:48 +0000 (14:45 +0000)]
in 2.4.24-dev

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772683 13f79535-47bb-0310-9956-ffa450edef68

7 years agoupdate after mod_http2 backport
Stefan Eissing [Sun, 4 Dec 2016 22:30:16 +0000 (22:30 +0000)]
update after mod_http2 backport

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772580 13f79535-47bb-0310-9956-ffa450edef68

7 years agoSECURITY: CVE-2016-8740
Stefan Eissing [Sun, 4 Dec 2016 22:06:30 +0000 (22:06 +0000)]
SECURITY: CVE-2016-8740

mod_http2: properly crafted, endless HTTP/2 CONTINUATION frames could be used to exhaust all server's memory.

Reported by: Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State University

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772576 13f79535-47bb-0310-9956-ffa450edef68

7 years agoChanges done by Daniel, reviewed by me, adding the html files and meta file to the...
Luis Gil [Sun, 4 Dec 2016 21:44:23 +0000 (21:44 +0000)]
Changes done by Daniel, reviewed by me, adding the html files and meta file to the repo.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772575 13f79535-47bb-0310-9956-ffa450edef68

7 years agorebuild
Rich Bowen [Sun, 4 Dec 2016 18:48:58 +0000 (18:48 +0000)]
rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772560 13f79535-47bb-0310-9956-ffa450edef68

7 years agoUndocumented query string.
Rich Bowen [Sun, 4 Dec 2016 18:48:01 +0000 (18:48 +0000)]
Undocumented query string.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772559 13f79535-47bb-0310-9956-ffa450edef68

7 years agompm-event's doc rebuild
Luca Toscano [Sun, 4 Dec 2016 10:08:06 +0000 (10:08 +0000)]
mpm-event's doc rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772513 13f79535-47bb-0310-9956-ffa450edef68

7 years agoAdded some notes in mpm-event's doc page
Luca Toscano [Sun, 4 Dec 2016 10:07:56 +0000 (10:07 +0000)]
Added some notes in mpm-event's doc page

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772512 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMissing CHNAGES for r1772489
Christophe Jaillet [Sun, 4 Dec 2016 07:12:29 +0000 (07:12 +0000)]
Missing CHNAGES for r1772489

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772504 13f79535-47bb-0310-9956-ffa450edef68

7 years agoFix some style issue.
Christophe Jaillet [Sat, 3 Dec 2016 21:59:55 +0000 (21:59 +0000)]
Fix some style issue.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772490 13f79535-47bb-0310-9956-ffa450edef68

7 years agoThe default value of 'inherit' should be AP_LUA_INHERIT_UNSET.
Christophe Jaillet [Sat, 3 Dec 2016 21:37:52 +0000 (21:37 +0000)]
The default value of 'inherit' should be AP_LUA_INHERIT_UNSET.
With this value, the behavior is the same as 'parent-first' in the 'LuaInherit' directive

If not explicitelly initialized, its value is 0 because of the 'apr_calloc 'in 'create_dir_config'. 0 means 'AP_LUA_INHERIT_NONE'

PR 60419

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772489 13f79535-47bb-0310-9956-ffa450edef68

7 years agoRemove some spaces to synch with 2.4
Christophe Jaillet [Sat, 3 Dec 2016 20:04:08 +0000 (20:04 +0000)]
Remove some spaces to synch with 2.4

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772484 13f79535-47bb-0310-9956-ffa450edef68

7 years agoupdate transformation
André Malo [Sat, 3 Dec 2016 19:19:16 +0000 (19:19 +0000)]
update transformation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772480 13f79535-47bb-0310-9956-ffa450edef68

7 years agoloop in checking response headers
Eric Covener [Sat, 3 Dec 2016 00:10:31 +0000 (00:10 +0000)]
loop in checking response headers

w/ HTTPProtocolOptions Unsafe

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772418 13f79535-47bb-0310-9956-ffa450edef68

7 years agompm-event's doc rebuild
Luca Toscano [Fri, 2 Dec 2016 19:21:51 +0000 (19:21 +0000)]
mpm-event's doc rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772400 13f79535-47bb-0310-9956-ffa450edef68

7 years agoFixed some wording in mpm-event's doc page
Luca Toscano [Fri, 2 Dec 2016 19:21:27 +0000 (19:21 +0000)]
Fixed some wording in mpm-event's doc page

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772399 13f79535-47bb-0310-9956-ffa450edef68

7 years agompm-event's documentation rebuild
Luca Toscano [Fri, 2 Dec 2016 14:57:27 +0000 (14:57 +0000)]
mpm-event's documentation rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772358 13f79535-47bb-0310-9956-ffa450edef68

7 years agoAdd a section to mpm-event's documentation to advertise new changes
Luca Toscano [Fri, 2 Dec 2016 14:56:50 +0000 (14:56 +0000)]
Add a section to mpm-event's documentation to advertise new changes

I tried to add a summary of Stefan's last patches just backported to
2.4.x today. I've read all of them and tried to report Stefan's comment
from PR 53555 as much as possible. Please review and let me know if I wrong
something incorrect or not precise enough.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772357 13f79535-47bb-0310-9956-ffa450edef68

7 years agoadd mod_proxy_hcheck to legacy build
Gregg Lewis Smith [Tue, 29 Nov 2016 03:27:37 +0000 (03:27 +0000)]
add mod_proxy_hcheck to legacy build

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771839 13f79535-47bb-0310-9956-ffa450edef68

7 years agomod_brotli: Update makefiles to use the library layout of the official
Evgeny Kotkov [Tue, 29 Nov 2016 00:00:28 +0000 (00:00 +0000)]
mod_brotli: Update makefiles to use the library layout of the official
Brotli repository.

With the recent update (https://github.com/google/brotli/pull/464), the
official repository now produces pkg-config metadata files (brotli.pc),
and has a fixed library layout (libbrotlicommon/libbrotlienc/libbrotlidec)
on both Windows and Linux.  Expect this layout in the makefiles, and take
advantage of the pkg-config metadata, if it's available.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771827 13f79535-47bb-0310-9956-ffa450edef68

7 years agomod_brotli: Explicitly cast 'const uint8_t *' to 'const char *' when using
Evgeny Kotkov [Mon, 28 Nov 2016 18:40:23 +0000 (18:40 +0000)]
mod_brotli: Explicitly cast 'const uint8_t *' to 'const char *' when using
the data received from Brotli to create a bucket.

This fixes a /W4 warning in my environment, and should also allow building
mod_brotli on NetWare.

Submitted by: NormW <normw gknw.net>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771791 13f79535-47bb-0310-9956-ffa450edef68

7 years agomod_brotli: Rewrite the autoconf script in a, hopefully, less convoluted way.
Evgeny Kotkov [Mon, 28 Nov 2016 18:28:56 +0000 (18:28 +0000)]
mod_brotli: Rewrite the autoconf script in a, hopefully, less convoluted way.

Explicitly handle different cases when we do a pkg-config lookup
(<nothing>, --with-brotli or --with-brotli=yes) or examine the path
provided by the user (--with-brotli=PATH).

This lays the groundwork to simplify the switch to the official Brotli
library (https://github.com/google/brotli), instead of expecting the
install layout of a third-party wrapper (https://github.com/bagder/libbrotli).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771789 13f79535-47bb-0310-9956-ffa450edef68

7 years ago* Fix numbers count in comment.
Ruediger Pluem [Mon, 28 Nov 2016 09:04:26 +0000 (09:04 +0000)]
* Fix numbers count in comment.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771690 13f79535-47bb-0310-9956-ffa450edef68

7 years agoupdate transformation
André Malo [Sun, 27 Nov 2016 22:09:54 +0000 (22:09 +0000)]
update transformation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771655 13f79535-47bb-0310-9956-ffa450edef68

7 years agouse consistent encoding between xml.fr files (utf-8)
André Malo [Sun, 27 Nov 2016 22:04:17 +0000 (22:04 +0000)]
use consistent encoding between xml.fr files (utf-8)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771654 13f79535-47bb-0310-9956-ffa450edef68

7 years agoremove bom, remove useless encoding declaration
André Malo [Sun, 27 Nov 2016 19:19:23 +0000 (19:19 +0000)]
remove bom, remove useless encoding declaration

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771632 13f79535-47bb-0310-9956-ffa450edef68

7 years agoRebuild.
Lucien Gentis [Sat, 26 Nov 2016 16:14:49 +0000 (16:14 +0000)]
Rebuild.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771497 13f79535-47bb-0310-9956-ffa450edef68

7 years agoXML update.
Lucien Gentis [Sat, 26 Nov 2016 16:14:14 +0000 (16:14 +0000)]
XML update.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771496 13f79535-47bb-0310-9956-ffa450edef68

7 years agoRebuild.
Lucien Gentis [Sat, 26 Nov 2016 16:00:16 +0000 (16:00 +0000)]
Rebuild.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771494 13f79535-47bb-0310-9956-ffa450edef68

7 years agoXML update.
Lucien Gentis [Sat, 26 Nov 2016 15:59:11 +0000 (15:59 +0000)]
XML update.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771493 13f79535-47bb-0310-9956-ffa450edef68

7 years agomod_http2: wseaking cleanup assertion on streams that have never been scheduled
Stefan Eissing [Thu, 24 Nov 2016 14:53:12 +0000 (14:53 +0000)]
mod_http2: wseaking cleanup assertion on streams that have never been scheduled

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771160 13f79535-47bb-0310-9956-ffa450edef68

7 years agoupdate after backport
Stefan Eissing [Wed, 23 Nov 2016 18:22:07 +0000 (18:22 +0000)]
update after backport

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771019 13f79535-47bb-0310-9956-ffa450edef68

7 years agomod_http2: new directove H2EarlyPushes for enabled 103 interim responses
Stefan Eissing [Wed, 23 Nov 2016 18:13:06 +0000 (18:13 +0000)]
mod_http2: new directove H2EarlyPushes for enabled 103 interim responses

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771015 13f79535-47bb-0310-9956-ffa450edef68

7 years agoupdate after backport
Stefan Eissing [Wed, 23 Nov 2016 16:33:27 +0000 (16:33 +0000)]
update after backport

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771001 13f79535-47bb-0310-9956-ffa450edef68

7 years agomod_proxy_http2: not forwarding any 1xx responses on frontend HTTP/1.x connections...
Stefan Eissing [Wed, 23 Nov 2016 16:14:06 +0000 (16:14 +0000)]
mod_proxy_http2: not forwarding any 1xx responses on frontend HTTP/1.x connections. Unless its 100 and the client is expecting that.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770998 13f79535-47bb-0310-9956-ffa450edef68

7 years agoUpdate xforms
Jim Jagielski [Wed, 23 Nov 2016 12:43:55 +0000 (12:43 +0000)]
Update xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770958 13f79535-47bb-0310-9956-ffa450edef68

7 years agoAllow for initual burst at full speed
Jim Jagielski [Wed, 23 Nov 2016 12:15:01 +0000 (12:15 +0000)]
Allow for initual burst at full speed

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770951 13f79535-47bb-0310-9956-ffa450edef68

7 years agoOptimize away one more strchr
William A. Rowe Jr [Tue, 22 Nov 2016 18:43:28 +0000 (18:43 +0000)]
Optimize away one more strchr

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770869 13f79535-47bb-0310-9956-ffa450edef68

7 years agoList discussion resulted in rejecting all but SP characters in the request
William A. Rowe Jr [Tue, 22 Nov 2016 18:33:20 +0000 (18:33 +0000)]
List discussion resulted in rejecting all but SP characters in the request
line, but in the strict mode prioritize excessive space testing over bad
space testing (which is captured later) and make both more efficient
(at this test ll[0] is already whitespace or \0 char). Also correct a comment.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770867 13f79535-47bb-0310-9956-ffa450edef68

7 years agoxforms
Jim Jagielski [Tue, 22 Nov 2016 15:59:48 +0000 (15:59 +0000)]
xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770853 13f79535-47bb-0310-9956-ffa450edef68

7 years agoAnd another logno
Jim Jagielski [Tue, 22 Nov 2016 14:31:40 +0000 (14:31 +0000)]
And another logno

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770845 13f79535-47bb-0310-9956-ffa450edef68

7 years agoOops. update logno
Jim Jagielski [Tue, 22 Nov 2016 14:29:36 +0000 (14:29 +0000)]
Oops. update logno

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770844 13f79535-47bb-0310-9956-ffa450edef68

7 years agomod_macro improvements to bypass "expected" warnings and conflicts
Jim Jagielski [Tue, 22 Nov 2016 14:06:28 +0000 (14:06 +0000)]
mod_macro improvements to bypass "expected" warnings and conflicts

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770843 13f79535-47bb-0310-9956-ffa450edef68

7 years agoFrom Norm:
Jim Jagielski [Tue, 22 Nov 2016 12:22:31 +0000 (12:22 +0000)]
From Norm:
NWGNUsocachmem needs to find mod_status.h

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770828 13f79535-47bb-0310-9956-ffa450edef68

7 years agoRemoving unused warning after r1764961 changes.
Stefan Eissing [Tue, 22 Nov 2016 09:51:37 +0000 (09:51 +0000)]
Removing unused warning after r1764961 changes.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770817 13f79535-47bb-0310-9956-ffa450edef68

7 years agoremove Location: header checks for absolute URL
Eric Covener [Tue, 22 Nov 2016 01:53:40 +0000 (01:53 +0000)]
remove Location: header checks for absolute URL

https://tools.ietf.org/html/rfc7231#section-7.1.2

   The "Location" header field is used in some responses to refer to a
   specific resource in relation to the response.  The type of
   relationship is defined by the combination of request method and
   status code semantics.

     Location = URI-reference

   The field value consists of a single URI-reference.  When it has the
   form of a relative reference ([RFC3986], Section 4.2), the final
   value is computed by resolving it against the effective request URI
   ([RFC3986], Section 5).

There is even an example with no scheme:

     Location: /People.html#tim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770786 13f79535-47bb-0310-9956-ffa450edef68

7 years agoupdate docs xforms
Stefan Fritsch [Mon, 21 Nov 2016 22:15:09 +0000 (22:15 +0000)]
update docs xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770772 13f79535-47bb-0310-9956-ffa450edef68

7 years agoDescribe new behavior of ServerLimit
Stefan Fritsch [Mon, 21 Nov 2016 22:13:05 +0000 (22:13 +0000)]
Describe new behavior of ServerLimit

This has changed a bit after the fix for PR 53555. Better wording is welcome.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770771 13f79535-47bb-0310-9956-ffa450edef68

7 years agompm_event: add clarifying comment
Stefan Fritsch [Mon, 21 Nov 2016 21:41:23 +0000 (21:41 +0000)]
mpm_event: add clarifying comment

from jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770768 13f79535-47bb-0310-9956-ffa450edef68

7 years agoUse all available scoreboard slots
Stefan Fritsch [Mon, 21 Nov 2016 20:46:51 +0000 (20:46 +0000)]
Use all available scoreboard slots

Allow to use all slots up to ServerLimit. This makes 'scoreboard full'
errors much less likely.

And if ther is a situation where the scoreboard is full, don't make any
more processes finish gracefully due to reduced load until some old
processes have terminated. Otherwise, the situation would get worse once
the load increases again.

ap_daemon_limit is renamed to the more descriptive active_server_limit,
to make sure that all its uses are taken care of.

PR 53555

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770752 13f79535-47bb-0310-9956-ffa450edef68

7 years agoap_reclaim_child_processes(): Implement terminate immediately
Stefan Fritsch [Mon, 21 Nov 2016 20:32:40 +0000 (20:32 +0000)]
ap_reclaim_child_processes(): Implement terminate immediately

The behavior for terminate == 1 was documented but not implemented. Do
that now.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770750 13f79535-47bb-0310-9956-ffa450edef68

7 years agoRebuild.
Lucien Gentis [Sat, 19 Nov 2016 16:23:09 +0000 (16:23 +0000)]
Rebuild.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770502 13f79535-47bb-0310-9956-ffa450edef68

7 years agoXML updates.
Lucien Gentis [Sat, 19 Nov 2016 16:20:20 +0000 (16:20 +0000)]
XML updates.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770501 13f79535-47bb-0310-9956-ffa450edef68

7 years agomod_http2: limiting new PUSHes to GET only, preventing 103 responses when expecting...
Stefan Eissing [Fri, 18 Nov 2016 15:19:00 +0000 (15:19 +0000)]
mod_http2: limiting new PUSHes to GET only, preventing 103 responses when expecting a 100

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770395 13f79535-47bb-0310-9956-ffa450edef68

7 years agoaddendum to r1769760 to make it generate 100 status lines
Stefan Eissing [Thu, 17 Nov 2016 15:43:54 +0000 (15:43 +0000)]
addendum to r1769760 to make it generate 100 status lines

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770220 13f79535-47bb-0310-9956-ffa450edef68

7 years agoActually cause the Host header to be overridden, as noted by rpluem,
William A. Rowe Jr [Wed, 16 Nov 2016 12:05:53 +0000 (12:05 +0000)]
Actually cause the Host header to be overridden, as noted by rpluem,
and simplify now that there isn't a log-only mode.

I believe this logic to be busted. Given this request;

GET http://distant-host.com/ HTTP/1.1
Host: proxy-host

we would now fail to evaluate the proxy-host virtual host rules.

This seems like a breaking change to our config. mod_proxy already
follows this rule of RFC7230 section 5.4;

   When a proxy receives a request with an absolute-form of
   request-target, the proxy MUST ignore the received Host header field
   (if any) and instead replace it with the host information of the
   request-target.  A proxy that forwards such a request MUST generate a
   new Host field-value based on the received request-target rather than
   forward the received Host field-value.

Section 5.5 of RFC7230 has this to say;

   Once the effective request URI has been constructed, an origin server
   needs to decide whether or not to provide service for that URI via
   the connection in which the request was received.  For example, the
   request might have been misdirected, deliberately or accidentally,
   such that the information within a received request-target or Host
   header field differs from the host or port upon which the connection
   has been made.  If the connection is from a trusted gateway, that
   inconsistency might be expected; otherwise, it might indicate an
   attempt to bypass security filters, trick the server into delivering
   non-public content, or poison a cache.  See Section 9 for security
   considerations regarding message routing.

Section 5.3.1 states;

   To allow for transition to the absolute-form for all requests in some
   future version of HTTP, a server MUST accept the absolute-form in
   requests, even though HTTP/1.1 clients will only send them in
   requests to proxies.

It seems to me we should simply trust the Host: header and dump this whole
mess. If we want to reject requests in absolute form after the proxy modules
have had a chance to accept them, that wouldn't be a bad solution.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769965 13f79535-47bb-0310-9956-ffa450edef68

7 years agodocumentation rebuild
Luca Toscano [Tue, 15 Nov 2016 22:57:36 +0000 (22:57 +0000)]
documentation rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769900 13f79535-47bb-0310-9956-ffa450edef68

7 years agoAdded a note in the mod_headers docs about Content-Type and setifempty
Luca Toscano [Tue, 15 Nov 2016 22:57:18 +0000 (22:57 +0000)]
Added a note in the mod_headers docs about Content-Type and setifempty

This note has been added as a follow up of a stack overflow post
(thanks to Michael Allan for the research):

http://stackoverflow.com/questions/29398123/apache-2-4-set-mime-type-of-file-without-extension

After a chat in #httpd-dev it seems that the issue boils down to how %{CONTENT_TYPE}
is evaluated in util_expr_eval.c (r->content_type) vs how setifempty is (only a check
of the response headers). This particular behavior might be a bug or feature,
but it is worth to alert our users.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769899 13f79535-47bb-0310-9956-ffa450edef68

7 years agodocumentation rebuild
Luca Toscano [Tue, 15 Nov 2016 20:43:01 +0000 (20:43 +0000)]
documentation rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769878 13f79535-47bb-0310-9956-ffa450edef68

7 years agoUpdated the perf-tuning documentation
Luca Toscano [Tue, 15 Nov 2016 20:42:35 +0000 (20:42 +0000)]
Updated the perf-tuning documentation

Removed some out of date references and re-wrote
some sections. Added also a banner at the top of
the page to warn the users about stale content.
The next step is to improve the accept() related
documentation introducing the latest changes made
for event (and how awesome event is).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769877 13f79535-47bb-0310-9956-ffa450edef68

7 years agohttp: Allow unknown response status' lines returned in the form of:
Yann Ylavic [Tue, 15 Nov 2016 09:06:55 +0000 (09:06 +0000)]
http: Allow unknown response status' lines returned in the form of:
    HTTP/x.x xxx Status xxx

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769760 13f79535-47bb-0310-9956-ffa450edef68

7 years agoFix some HTML tags
Christophe Jaillet [Tue, 15 Nov 2016 06:42:48 +0000 (06:42 +0000)]
Fix some HTML tags
</br> --> <br />

Couls also be <br> or <br/> but some (very) old clients don't like it.
httpd is not really consistent on it. (personnlaly <br> would be just fine for me but <br /> is the most commonly used form)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769737 13f79535-47bb-0310-9956-ffa450edef68

7 years agoxform
Eric Covener [Tue, 15 Nov 2016 03:51:20 +0000 (03:51 +0000)]
xform

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769719 13f79535-47bb-0310-9956-ffa450edef68

7 years agoadd an <IfFile> config section like <IfDefine>
Eric Covener [Tue, 15 Nov 2016 03:50:42 +0000 (03:50 +0000)]
add an <IfFile> config section like <IfDefine>

It allows a non httpd config file to be used as a marker directly in
httpd.conf without hiding logic in a script in front of apachectl
to do test -f and pass extra -D's.

This is something we've had in IBM's httpd distro for a little bit and
hadn't remembered to share. I've seen some questions/config files come
up in a few places lately that would benefit from this as an option.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769718 13f79535-47bb-0310-9956-ffa450edef68

7 years agoreorganize mod_socache_redis so it compiles w/o apr-redis
Eric Covener [Tue, 15 Nov 2016 03:15:15 +0000 (03:15 +0000)]
reorganize mod_socache_redis so it compiles w/o apr-redis

It looks like this was the original intent. The provider
is not registered if apr-redis is missing.

It was previously failing to compile due to the dirconf being
hidden behind the #ifdef guard but not the routine module
code that used it.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769712 13f79535-47bb-0310-9956-ffa450edef68

7 years agoDocumentation rebuild
Luca Toscano [Mon, 14 Nov 2016 14:17:21 +0000 (14:17 +0000)]
Documentation rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769638 13f79535-47bb-0310-9956-ffa450edef68

7 years agoUnified duplicate warning in mod_proxy ProxyPass documentation.
Luca Toscano [Mon, 14 Nov 2016 14:16:50 +0000 (14:16 +0000)]
Unified duplicate warning in mod_proxy ProxyPass documentation.

Also changed terminology to be in sync with:
https://httpd.apache.org/docs/current/mod/directive-dict.html#Context

It was confusing in my opinion to read that ProxyPass wasn't supported
for the <Directory> context (since "directory" semantic is already
overloaded).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769637 13f79535-47bb-0310-9956-ffa450edef68

7 years agoBackported in 2.4.21.
Yann Ylavic [Mon, 14 Nov 2016 12:10:50 +0000 (12:10 +0000)]
Backported in 2.4.21.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769612 13f79535-47bb-0310-9956-ffa450edef68

7 years agoAxe backported CHANGES entries.
Yann Ylavic [Mon, 14 Nov 2016 11:50:17 +0000 (11:50 +0000)]
Axe backported CHANGES entries.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769606 13f79535-47bb-0310-9956-ffa450edef68

7 years agomod_http2: fixes for compiler warnings
Stefan Eissing [Mon, 14 Nov 2016 11:38:59 +0000 (11:38 +0000)]
mod_http2: fixes for compiler warnings

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769600 13f79535-47bb-0310-9956-ffa450edef68

7 years agoupdate after mod_http2 backport
Stefan Eissing [Mon, 14 Nov 2016 11:15:39 +0000 (11:15 +0000)]
update after mod_http2 backport

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769596 13f79535-47bb-0310-9956-ffa450edef68

7 years agoUpdated changelog with the last change of mod_proxy_fcgi
Luca Toscano [Mon, 14 Nov 2016 10:58:06 +0000 (10:58 +0000)]
Updated changelog with the last change of mod_proxy_fcgi

r1759984, r1760018 and r1752347 are all changes related
to a bug fixed for mod_proxy_fcgi.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769593 13f79535-47bb-0310-9956-ffa450edef68

7 years ago* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert): Use const
Joe Orton [Mon, 14 Nov 2016 10:57:46 +0000 (10:57 +0000)]
* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert): Use const
  ASN1_OBJECT for X509_ALGOR_get0() for OpenSSL >= 1.1.0 per
  https://github.com/openssl/openssl/commit/ac4e257747075958d37665f327bdf685dd2478ab

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769592 13f79535-47bb-0310-9956-ffa450edef68

7 years agoRemove trailing whitespace.
Joe Orton [Mon, 14 Nov 2016 10:43:35 +0000 (10:43 +0000)]
Remove trailing whitespace.

Submitted by: Josef Radinger

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769590 13f79535-47bb-0310-9956-ffa450edef68

7 years agomod_http2: H2PushResource directive for early pushing
Stefan Eissing [Sun, 13 Nov 2016 21:30:40 +0000 (21:30 +0000)]
mod_http2: H2PushResource directive for early pushing
mod_proxy_http2: Link header uris are reverse mapped

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769550 13f79535-47bb-0310-9956-ffa450edef68

7 years agoRebuild.
Lucien Gentis [Sun, 13 Nov 2016 13:35:13 +0000 (13:35 +0000)]
Rebuild.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769493 13f79535-47bb-0310-9956-ffa450edef68

7 years agoXML update.
Lucien Gentis [Sun, 13 Nov 2016 13:34:29 +0000 (13:34 +0000)]
XML update.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769492 13f79535-47bb-0310-9956-ffa450edef68

7 years agossl: clear the error queue before SSL_read/write/accept()
Jacob Champion [Fri, 11 Nov 2016 19:38:28 +0000 (19:38 +0000)]
ssl: clear the error queue before SSL_read/write/accept()

If other modules or libraries do not clear the OpenSSL error queue after
a failed operation, other code that relies on SSL_get_error() -- in
particular, code that deals with SSL_ERROR_WANT_READ/WRITE logic -- will
malfunction later on. To prevent this, explicitly clear the error queue
before calls like SSL_read/write/accept().

PR: 60223
Submitted by: Paul Spangler <paul.spangler ni.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769332 13f79535-47bb-0310-9956-ffa450edef68

7 years agoRebuild.
Lucien Gentis [Fri, 11 Nov 2016 17:00:06 +0000 (17:00 +0000)]
Rebuild.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769315 13f79535-47bb-0310-9956-ffa450edef68

7 years agoXML update.
Lucien Gentis [Fri, 11 Nov 2016 16:59:05 +0000 (16:59 +0000)]
XML update.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769314 13f79535-47bb-0310-9956-ffa450edef68

8 years agoRemove unnecessary apr_table_do() function casts
Jacob Champion [Thu, 10 Nov 2016 20:53:21 +0000 (20:53 +0000)]
Remove unnecessary apr_table_do() function casts

Function casts can cause hard-to-debug corruption issues if a
declaration is accidentally changed to be incompatible. Luckily, most of
the function casts for apr_table_do() calls are unnecessary. Remove
them, and adjust the signatures for helpers that weren't taking void* as
the first argument.

The remaining helper that requires a cast is http_filter.c's
form_header_field(), which is probably where many of these casts were
copy-pasted from. I have left it as-is: it has other direct callers
besides apr_table_do(), and it's already documented with warnings not to
change the function signature.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769192 13f79535-47bb-0310-9956-ffa450edef68

8 years agoheh... bring memcache up to redis :)
Jim Jagielski [Sat, 5 Nov 2016 16:47:43 +0000 (16:47 +0000)]
heh... bring memcache up to redis :)
mod_status info

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1768245 13f79535-47bb-0310-9956-ffa450edef68

8 years agoNeeds LOGNO #s
Jim Jagielski [Sat, 5 Nov 2016 14:47:17 +0000 (14:47 +0000)]
Needs LOGNO #s

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1768225 13f79535-47bb-0310-9956-ffa450edef68

8 years agoRebuild.
Lucien Gentis [Sat, 5 Nov 2016 13:36:34 +0000 (13:36 +0000)]
Rebuild.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1768213 13f79535-47bb-0310-9956-ffa450edef68

8 years agoXML update.
Lucien Gentis [Sat, 5 Nov 2016 13:35:51 +0000 (13:35 +0000)]
XML update.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1768212 13f79535-47bb-0310-9956-ffa450edef68

8 years agoRemove redundant test.
Christophe Jaillet [Sat, 5 Nov 2016 08:27:43 +0000 (08:27 +0000)]
Remove redundant test.

Follow-up to r1759547

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1768160 13f79535-47bb-0310-9956-ffa450edef68

8 years agoAnd provide some nice usage stats. Could be prettier, for sure.
Jim Jagielski [Fri, 4 Nov 2016 23:06:08 +0000 (23:06 +0000)]
And provide some nice usage stats. Could be prettier, for sure.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1768120 13f79535-47bb-0310-9956-ffa450edef68

8 years agoAnd the socache provider interface for Redis
Jim Jagielski [Fri, 4 Nov 2016 17:04:28 +0000 (17:04 +0000)]
And the socache provider interface for Redis

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1768070 13f79535-47bb-0310-9956-ffa450edef68

8 years agomod_proxy_http2: workaround for newly proposed 103 status code
Stefan Eissing [Thu, 3 Nov 2016 17:27:06 +0000 (17:27 +0000)]
mod_proxy_http2: workaround for newly proposed 103 status code

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1767936 13f79535-47bb-0310-9956-ffa450edef68

8 years agofix properties, update transformation
André Malo [Thu, 3 Nov 2016 11:55:29 +0000 (11:55 +0000)]
fix properties, update transformation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1767875 13f79535-47bb-0310-9956-ffa450edef68

8 years agoRebuild
Luis Gil [Thu, 3 Nov 2016 11:20:03 +0000 (11:20 +0000)]
Rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1767870 13f79535-47bb-0310-9956-ffa450edef68

8 years agotrying out to fix why the other secction not loading.
Luis Gil [Thu, 3 Nov 2016 11:04:07 +0000 (11:04 +0000)]
trying out to fix why the other secction not loading.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1767867 13f79535-47bb-0310-9956-ffa450edef68

8 years agoRebuild
Luis Gil [Thu, 3 Nov 2016 10:57:10 +0000 (10:57 +0000)]
Rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1767865 13f79535-47bb-0310-9956-ffa450edef68

8 years agoRebuild
Luis Gil [Thu, 3 Nov 2016 10:53:29 +0000 (10:53 +0000)]
Rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1767864 13f79535-47bb-0310-9956-ffa450edef68