Ruediger Pluem [Tue, 30 May 2006 20:48:09 +0000 (20:48 +0000)]
* Keep the Content-Type for successfully revalidated
cached objects, by unsetting possible Content-Type headers in
r->headers_out and r->err_headers_out as they may be different to what
we have received from the cache.
Actually they are not needed as r->content_type set by
ap_set_content_type a few lines above will be used in the store_headers
functions of the storage providers as a fallback and the HTTP_HEADER filter
does overwrite the Content-Type header with r->content_type anyway.
Martin Kraemer [Mon, 29 May 2006 07:48:19 +0000 (07:48 +0000)]
The syntax ">&/dev/null" is csh-style, not bourne-style shell.
Change it so that all bourne-style shells understand it.
I am going to make the same fix in 2.2.x
Chris Darroch [Fri, 26 May 2006 18:27:23 +0000 (18:27 +0000)]
On graceless shutdown or restart, send AP_SIG_GRACEFUL to all worker
threads so that any that are polling on Keep-Alive connections will
wake up and exit promptly. Otherwise, on Linux, they wait until
poll()'s timeout interval completes, which is often too long for
the parent process; the parent issues SIGKILL before the child's main
thread manages to re-join all the worker threads. PR 38737.
On Solaris, by contrast, the close_worker_sockets() function
successfully alerts all worker threads that they should exit quickly.
On Linux, this side-effect of one thread closing another's socket
doesn't occur; see:
http://bugme.osdl.org/show_bug.cgi?id=546
Also, expand on the placeholder in CHANGES regarding previous
cleanups to scoreboard.c and scoreboard.h in r404848 and r404849.
Chris Darroch [Fri, 26 May 2006 16:26:52 +0000 (16:26 +0000)]
Make the worker and event MPMs not touch the scoreboard when
handling a fork() failure. The previous behaviour appears to have
been inherited from the prefork MPM, where is it appropriate.
The prefork MPM sets thread_limit to 1 and therefore each
child process has a single worker_score structure in the scoreboard's
array, i.e., ap_scoreboard_image->servers[slot][0]. In make_child(),
it sets this structure's status to SERVER_STARTING, and then does
a fork(); if the fork() fails, it resets the status to SERVER_DEAD.
The worker and event MPMs, by constrast, obviously use multiple
worker_score structures per child process. They may also be
in use by worker threads from a previous generation at any particular
moment. Therefore make_child() and the parent process in general
doesn't normally update them; make_child() doesn't set them all
to SERVER_STARTING before doing fork(), for example.
So, make_child() shouldn't set them to SERVER_DEAD if fork()
fails (and even if it should, it certainly shouldn't be just
updating the first one).
Ruediger Pluem [Wed, 17 May 2006 19:16:43 +0000 (19:16 +0000)]
* Handle the cases "no proxy request" and "reverse proxy request" in the same
manner, when setting scheme and port_str. This is needed because if a cached
entry is looked up by mod_cache's quick handler r->proxyreq
is still unset in the reverse proxy case as it only gets set in the
translate name hook (either by ProxyPass or mod_rewrite) which is run
after the quick handler hook. This is different to the forward proxy
case where it gets set before the quick handler is run (in the
post_read_request hook).
If a cache entry is created by the CACHE_SAVE filter we always have
r->proxyreq set correctly.
Also set scheme to ap_http_scheme(r) instead of "http" to handle SSL
correctly.
Sander Temme [Fri, 5 May 2006 04:17:36 +0000 (04:17 +0000)]
Add optional 'scheme://' prefix to ServerName directive. For
'https', mod_http returns "https" for the ap_hook_http_scheme and
DEFAULT_HTTPS_PORT for ap_hook_default_port. This fixes Redirect
responses to requests for directories without a trailing slash
when httpd runs behind a proxy or offload device that processes
SSL. It also enables support for Subversion in that
configuration. This change is completely backwards compatible
and passes the perl-framework. Minor mmn bump because I add a
field to server_rec.
Joe Orton [Wed, 3 May 2006 13:16:57 +0000 (13:16 +0000)]
* modules/ssl/ssl_scache_shmcb.c: Rewrite of shmcb session cache to
reduce complexity and ensure all accesses within shm segment are
always aligned correctly.
* modules/proxy/mod_proxy_fcgi.c
Add include of util_script.h to pick up some function prototypes.
(send_begin_request): Initialize the reserved bytes in the request
body to zero.
(dispatch): Use APR_SIZE_T_FMT instead of %d when logging an apr_size_t.
Remove all /machine:I386 references, these are getting in the way
of switching linkers from the x86 (default linker) to x64 or other
possible target platforms. (Also, this commit cleans up lingering
/GX switches from the 'BASE' options that are supposed to be unused).
Merge the fcgi-proxy-dev branch to trunk, adding a FastCGI back end for
mod_proxy. This log message is just a summary of the changes, for the
full original log messages see r357431:393955 in branches/fcgi-proxy-dev.
* modules/proxy/mod_proxy_fcgi.c: New file, holds the impementation of
our new fcgi backend for mod_proxy.
* modules/proxy/fcgi_protocol.h: New file, holds constants and structures
for the fcgi protocol.
* modules/proxy/mod_proxy_balancer.c
(proxy_balancer_canon): Set up r->path_info, so the PATH_INFO env
variable is correctly passed on to balancer workers.
* modules/proxy/config.m4: Build the new mod_proxy_fcgi module.
* support: Add fcgistarter to svn:ignore.
* support/Makefile.in: Build the new fcgistarter program.
* support/fcgistarter.c: New program, a helper for starting fcgi worker
processes.
Ahhh, this was missed in 395432, and the addition of httpd.rc needs
to occur on each branch backported to (paying close attn to whether
or not our IS_DEV flag is a boolean, or a define/undef).
Not for backport; our boolean state is 1/0, not defined/undef.
Remove win32ver.awk, it's now unused (but should be preserved
on the 2.0 tree for anyone who leveraged it.)
Remove a host of dependencies upon awk, using the same template for
nearly every .rc compilation (giving the output .res file a different
name for each component). Adds AP_SERVER_BASEPROJECT to ap_revision.h
so we can display the proper name of "Apache HTTP Server" as opposed
to AP_SERVER_BASEPRODUCT (which is, and should remain, simply "Apache"
for the server string tokens.)
Mark J. Cox [Tue, 18 Apr 2006 15:30:13 +0000 (15:30 +0000)]
Thiago Zaninotti reported to security@apache.org on 20060410 a possible
cross-site scripting flaw because the Expect header error message isn't
escaped. We couldn't find a way that this could be used by an attacker
however, as they can't influence the Expect header a victim will send to a
target site. Thiago agreed and we're therefore not treating this as a
security flaw, but it is a bug that ought to get fixed. I'll add to
STATUS for 1.3/2.0/2.2 shortly for acks.
* Avoid calling ap_proxy_http_cleanup twice as this releases a connection
from the connection pool twice. This causes this connection to be present
in the connection pool twice. Thus it may be used by different threads
at the same time which causes many troubles (segfaults in this case).
Furthermore implement a logic to prevent double releases to the connection
pool if they are triggered by buggy code and log an error message in this
case.
- mod_proxy_http.c: remove double calls to ap_proxy_http_cleanup
- proxy_util.c: Add logic to prevent double releases of a
connection to the connection pool.
* After r377780 the condition in the if clause never becomes true, because
ap_proxy_initialize_worker_share is always left with PROXY_WORKER_INITIALIZED
set in workers->s->status. So remove this code to save cycles and avoid
confusion.
Jeff Trawick [Wed, 12 Apr 2006 01:55:11 +0000 (01:55 +0000)]
The crypt() prototype is in <unistd.h> instead of <crypt.h>
on HP-UX. We had no prototype for crypt() there.
In 64-bit mode, a crash occurred because the pointer
returned by crypt() was truncated before we passed
the pointer to apr_cpystrn().
* Rollback r393037 as this was vetoed by wrowe. Details see
http://mail-archives.apache.org/mod_mbox/httpd-dev/200604.mbox/%3c443ABE65.1060603@rowe-clan.net%3e
* Check for an existing socket independant of an existing connection record.
This ensures that requests handled by the '*' worker are sent to the correct
backend server.
projects / apache / log