Joe Orton [Fri, 9 Mar 2018 09:19:44 +0000 (09:19 +0000)]
Merge r1667676, r1826207 from trunk:
* mod_access_compat, mod_authz_host: Handle '#' character.
For mod_access_compat, disable '#' in hostname completely.
For mod_authz_host, treat '#' as a comment and ignore everything after that.
This allows better handling of admin errors like
'Require host localhost# Add example.com later'.
* modules/aaa/mod_authz_host.c (host_check_authorization): Simplify
comment stripping in "Require host"; log a warning if a comment is
used in 'Require host', or an error if the expression is empty with
the comment stripped. (Currently in 2.4, #comment part is parsed)
Joe Orton [Fri, 9 Mar 2018 09:09:38 +0000 (09:09 +0000)]
Merge r1532281, r1532289, r1537718 from trunk:
* support/rotatelogs.c (get_now): Return the offset applied to the
Unix time as a parameter.
(doRotate): When exploding the time for strtfime formatting, iff in
-l mode, subtract the offset and explode the real Unix time as a
local time so %Z etc works correctly.
* support/rotatelogs.c (get_now): Fix the NULL ptr dereferences
added in r1532281.
* support/rotatelogs.c: Introduce an adjusted_time_t type to store the
weird "adjusted time since epoch" type returned by get_now().
Switch from int to long to fix an unnecessary Y2K38 issue. Adjust
use throughout and clean up other type issues. No functional change
intended apart from fixing Y2K38.
Joe Orton [Fri, 9 Mar 2018 07:55:27 +0000 (07:55 +0000)]
Merge r1811976 from trunk:
Add optional _RAW suffix to SSL_*_DN_xx attribute names, allowing
users to convert an attribute value without conversion to UTF-8. (A
public CA has issued certs with attributes tagged as the wrong ASN.1
string types.)
* modules/ssl/ssl_util_ssl.c (asn1_string_convert): Rename from
asn1_string_to_utf8; add raw argument. Reimplement _to_utf8 as
macro.
(modssl_X509_NAME_ENTRY_to_string): Add raw argument.
* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): Use raw
string conversion if _RAW suffix is present in DN component.
Daniel Ruggeri [Sat, 3 Mar 2018 14:31:14 +0000 (14:31 +0000)]
*) mod_proxy_fcgi: Add the support for the mod_proxy's flushpackets parameter.
trunk patch: http://svn.apache.org/r1802040
http://svn.apache.org/r1807876
http://svn.apache.org/r1808014
http://svn.apache.org/r1805490
http://svn.apache.org/r1823886
2.4.x: svn merge -c 1802040,1807876,1808014,1805490,1823886 ^/httpd/httpd/trunk .
+1: elukey, jim, ylavic
elukey: this patch has been requested a couple of times in the users@ mailing list,
but from my tests in trunk the async/set-aside core features would already
do the job without the need of this patch. I am proposing the backport
to allow more users to migrate away from mod_fastcgi.
Yann Ylavic [Sat, 3 Mar 2018 12:18:37 +0000 (12:18 +0000)]
Merge r1802040, r1807876, r1808014, r1805490, r1823886 from trunk:
mod_proxy_fcgi: Add the support for mod_proxy's
flushpackets and flushwait params
This change was requested on the development mailing
list in order to fill another gap between mod_fcgi
and mod_proxy_fcgi, namely the -flush funtionality.
The more evolved core trunk code would not need this
feature becuse of the non-blocking writes, but it
is be needed in 2.4.x.
mod_proxy_fcgi: limit the flush buckets inserted when flushpackets=on|auto
This commit is a follow up of r1802040 based on Jacob's
feedback, namely inserting the FLUSH buckets only when
really needed and useful, not always.
mod_proxy_fcgi: follow up to r1807876.
Fix mixed declarations and code [-Wdeclaration-after-statement].
Fix a compilation warning introduced by r1802040.
mod_proxy_fcgi.c:893:19: warning: ‘flushpoll’ may be used uninitialized in this function [-Wmaybe-uninitialized]
This warning is a false positive.
mod_proxy_fcgi: prioritize the check for mayflush when using flushpackets
The mayflush variable should be checked before the rest
to avoid polling when not needed.
Suggested by Yann Ylavic on the dev@ mailing list.
Jim Jagielski [Fri, 2 Mar 2018 12:59:58 +0000 (12:59 +0000)]
Merge r1825169 from trunk:
Propose backportable fix to accept libxml2 path in the
base form or the absolute path to include tree form.
Nowhere does the --with-libxml2= arg suggest the path
is that of the include tree, and disagrees with httpd's
use of --with- syntax for package location.
Submitted by: wrowe
Reviewed by: wrowe, ylavic, jim
These tags generate a "Not applicable" section in
docs/manual/mod/overrides.html that doesn't make a lot of
sense, plus it breaks ./build.sh validate-xhtml.
Yann Ylavic [Tue, 20 Feb 2018 13:42:59 +0000 (13:42 +0000)]
Merge r1823047, r1824454, r1824463, r1824464, r1824497, r1824862, r1824877 from trunk:
mpm_event: move lingering close "sucker" from the listener to worker(s).
This was the last non-constant time action performed by the listener thread.
It's now handled by the worker thread directly after entering lingering close,
which should directly address the cases when the socket is already closed
remotely at that time, hence avoid more scheduling (it may be the common case
for some scenarios).
And it's only if the above would need blocking (i.e. more data to suck) that
the socket is added to the pollset for the listener to re-schedule a worker
later when ready. If no worker is available at that time then the socket is
forcibly closed (similarly to what's done for keepalive connections in this
case).
Also, since process_lingering_close() is now called by a worker thread and
with almost no depth in the call stack, we can grow the size of the "suck"
buffer from 2K to 32K to potentially call recv() up to sixteen times less.
mpm_event: follow up to r1823047.
Update clogged counter on read_request retry too.
mpm_event: follow up to r1823047: simplify "clogging" logic (reentrance).
mpm_event: follow up to r1823047: complete state validation after processing.
mpm_event: follow up to r1823047: CHANGES entry.
mpm_event: follow up to r1823047 and r1824464.
MMN bump for CONN_STATE_NUM, plus don't consider CONN_STATE_LINGER_* as valid
states returned process_connection (never have been).
mpm_event: follow up to r1823047 and r1824862.
Revert (broken) functional change from r1824862.
Submitted by: ylavic
Reviewed by: ylavic, minfrin, jim
Yann Ylavic [Tue, 20 Feb 2018 12:56:16 +0000 (12:56 +0000)]
Merge r1823047, r1824454, r1824463, r1824464, r1824497, r1824862 from trunk:
mpm_event: move lingering close "sucker" from the listener to worker(s).
This was the last non-constant time action performed by the listener thread.
It's now handled by the worker thread directly after entering lingering close,
which should directly address the cases when the socket is already closed
remotely at that time, hence avoid more scheduling (it may be the common case
for some scenarios).
And it's only if the above would need blocking (i.e. more data to suck) that
the socket is added to the pollset for the listener to re-schedule a worker
later when ready. If no worker is available at that time then the socket is
forcibly closed (similarly to what's done for keepalive connections in this
case).
Also, since process_lingering_close() is now called by a worker thread and
with almost no depth in the call stack, we can grow the size of the "suck"
buffer from 2K to 32K to potentially call recv() up to sixteen times less.
mpm_event: follow up to r1823047.
Update clogged counter on read_request retry too.
mpm_event: follow up to r1823047: simplify "clogging" logic (reentrance).
mpm_event: follow up to r1823047: complete state validation after processing.
mpm_event: follow up to r1823047: CHANGES entry.
mpm_event: follow up to r1823047 and r1824464.
MMN bump for CONN_STATE_NUM, plus don't consider CONN_STATE_LINGER_* as valid
states returned process_connection (never have been).
Submitted by: ylavic
Reviewed by: ylavic, minfrin, jim
projects / apache / log