]> granicus.if.org Git - apache/log
apache
6 years agoIf several parameters are used in a AuthzProviderAlias directive, if these parameters...
Christophe Jaillet [Sat, 23 Jun 2018 14:17:26 +0000 (14:17 +0000)]
If several parameters are used in a AuthzProviderAlias directive, if these parameters are not enclosed in quotation mark, only the first one is handled. The other ones are silently ignored.

Add a message to warn about such a spurious configuration.
PR 62469

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834209 13f79535-47bb-0310-9956-ffa450edef68

6 years agodocumentation rebuild
Luca Toscano [Sat, 23 Jun 2018 13:14:17 +0000 (13:14 +0000)]
documentation rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834204 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_proxy.xml: clarify the usage of variable interpolation
Luca Toscano [Sat, 23 Jun 2018 13:12:09 +0000 (13:12 +0000)]
mod_proxy.xml: clarify the usage of variable interpolation

PR: 62477

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834203 13f79535-47bb-0310-9956-ffa450edef68

6 years agoAxe some CHANGES entries backported to 2.4.x.
Yann Ylavic [Fri, 22 Jun 2018 10:57:24 +0000 (10:57 +0000)]
Axe some CHANGES entries backported to 2.4.x.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834107 13f79535-47bb-0310-9956-ffa450edef68

6 years agoCompat 2.4.24 for SSLOCSPEnable leaf (r1834089) and ResponseFieldSize (r1834093).
Yann Ylavic [Fri, 22 Jun 2018 10:52:29 +0000 (10:52 +0000)]
Compat 2.4.24 for SSLOCSPEnable leaf (r1834089) and ResponseFieldSize (r1834093).

This was already adjusted on merge to 2.4.x, no need to backport.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834106 13f79535-47bb-0310-9956-ffa450edef68

6 years agoImprove syntax highlight and add the default value of ProxyHTMLBufSize in the descrip...
Christophe Jaillet [Thu, 21 Jun 2018 18:18:35 +0000 (18:18 +0000)]
Improve syntax highlight and add the default value of ProxyHTMLBufSize in the description of the directive.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834041 13f79535-47bb-0310-9956-ffa450edef68

6 years agore-add uwsgi
Jim Jagielski [Thu, 21 Jun 2018 13:40:02 +0000 (13:40 +0000)]
re-add uwsgi

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834017 13f79535-47bb-0310-9956-ffa450edef68

6 years agoxforms
Jim Jagielski [Thu, 21 Jun 2018 13:38:20 +0000 (13:38 +0000)]
xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834016 13f79535-47bb-0310-9956-ffa450edef68

6 years agoNore userland/PR change
Jim Jagielski [Thu, 21 Jun 2018 13:32:02 +0000 (13:32 +0000)]
Nore userland/PR change

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834013 13f79535-47bb-0310-9956-ffa450edef68

6 years agoAdd default schema ports for websockets
Jim Jagielski [Thu, 21 Jun 2018 13:28:51 +0000 (13:28 +0000)]
Add default schema ports for websockets
PR:62480
Lubos Uhliarik <luhliari@redhat.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834012 13f79535-47bb-0310-9956-ffa450edef68

6 years agodocumentation rebuild
Luca Toscano [Wed, 20 Jun 2018 20:47:40 +0000 (20:47 +0000)]
documentation rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833952 13f79535-47bb-0310-9956-ffa450edef68

6 years agoRemove some trailing spaces to synch trunk with 2.4
Christophe Jaillet [Wed, 20 Jun 2018 19:45:32 +0000 (19:45 +0000)]
Remove some trailing spaces to synch trunk with 2.4

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833941 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_cache: Per RFC 7234 section 5.3 an invalid
Rainer Jung [Tue, 19 Jun 2018 22:40:19 +0000 (22:40 +0000)]
mod_cache: Per RFC 7234 section 5.3 an invalid
Expires header value must be interpreted as a
time in the past. So apply the logic concerning
"CacheStoreExpired" and "max-age" and "s-maxage"
handling, which we are already using for a valid
Expires header containing a time in the past,
also to the case of an invalid Expires header.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833876 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_ratelimit: fix behavior with proxied content
Luca Toscano [Tue, 19 Jun 2018 22:28:24 +0000 (22:28 +0000)]
mod_ratelimit: fix behavior with proxied content

mod_ratelimit works by splitting data in "chunks"
to send to the client, sleeping a predefined amount
of time between them (200ms). So for example,
a rate-limit 40 value would correspond to a chunk size
of 8192 bytes, flushed to the client every 200ms.

The idea works fine when httpd directly serves the
content, since the filter will be called once with
a single bucket brigade. In the context of a proxied
content though the filter is likely to be called multiple
times, with a bucket brigade size that corresponds to
the maximum allowed buffer size. If this value is lower
or higher than the chunk size, the filter will not
properly rate limit the data going to the client.

This patch solves the problem with two fix:
1) do_sleep is now stored in the ctx context struct,
   so if the filter is invoked multiple times it
   will still sleep when needed. For example, say
   that the chunk_size is 8192 and the bucket brigate
   len is 10240: the filter will flush 8192 bytes
   on the first invocation, sleep 200ms, flush the
   remaining bytes and then finish. The next invocation
   will do the same, clearly not leading to the
   correct "sleeping pattern".
2) The example above highlights also another issue:
   mod_ratelimit should  flush only chunk_size bytes
   at the time (I am now excluding the burst calculation
   from the picture), and buffer between invocations
   unless the brigade contains EOS.

The change has been tested with various scenarios and
it looks working as expected, but of course more
feedback/testing is welcome.

The original patch was written by me and then Yann
refactored the code to be more precise and efficient,
basically transforming an axe in a wonderful Japanese
katana sword, so credits to him for this work.

PR: 62362

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833875 13f79535-47bb-0310-9956-ffa450edef68

6 years agoadd server_rec to log.c fatal startup errors
Eric Covener [Tue, 19 Jun 2018 12:07:19 +0000 (12:07 +0000)]
add server_rec to log.c fatal startup errors

Not strictly necessary for trunk, but in 2.4.x if the main ErrorLog is
using syslog, these messages are lost.  In trunk, the low-level logging
routines reach up and find the syslog provider when no server_rec is provided
but that backport is stalled.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833827 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_ssl: build with LibreSSL.
Yann Ylavic [Fri, 15 Jun 2018 14:35:31 +0000 (14:35 +0000)]
mod_ssl: build with LibreSSL.

LibreSSL seems to be openssl-1.1 API compatible only in version 2.8 (master).
So use that for MODSSL_USE_OPENSSL_PRE_1_1_API instead of 2.7, the two 2.7
compatibility-exceptions are handled explicitely but overall it's simpler.

Regarding CRYPTO_malloc_init vs OPENSSL_malloc_init, libreSSL uses none, the
former used to be a no-op but depends is LIBRESSL_INTERNAL in latest versions,
while the latter has never been (and will never be) defined. So don't call any
with LibreSSL.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833598 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_ssl: use SSL_HAVE_PROTOCOL_TLSV1_3 to check for compiled in TLS 1.3.
Yann Ylavic [Fri, 15 Jun 2018 11:25:46 +0000 (11:25 +0000)]
mod_ssl: use SSL_HAVE_PROTOCOL_TLSV1_3 to check for compiled in TLS 1.3.

More meaningful than SSL_OP_NO_TLSv1_3, hopefully...

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833589 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_ssl: disable check for client initiated renegotiations with TLS 1.3.
Yann Ylavic [Fri, 15 Jun 2018 11:12:19 +0000 (11:12 +0000)]
mod_ssl: disable check for client initiated renegotiations with TLS 1.3.

This is already forbidden by the protocol, enforced by OpenSSL, and the
current logic can't work (ssl_callback_Info() may be called multiple times
with TLS 1.3).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833588 13f79535-47bb-0310-9956-ffa450edef68

6 years agoFollow up to r1833368: share openssl between modules.
Yann Ylavic [Wed, 13 Jun 2018 09:54:16 +0000 (09:54 +0000)]
Follow up to r1833368: share openssl between modules.

Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto
can use the same crypto library (e.g. openssl), use the new APR crypto loading
API so that they can work together and initialize/terminate the lib either once
for all or on demand and reusable by the others.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833452 13f79535-47bb-0310-9956-ffa450edef68

6 years agoRemove extra and un-needed ""
Christophe Jaillet [Tue, 12 Jun 2018 17:14:23 +0000 (17:14 +0000)]
Remove extra and un-needed ""

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833416 13f79535-47bb-0310-9956-ffa450edef68

6 years agoapr_pcalloc can be turned into apr_palloc (the allocated memory is fully initialized...
Christophe Jaillet [Tue, 12 Jun 2018 17:13:27 +0000 (17:13 +0000)]
apr_pcalloc can be turned into apr_palloc (the allocated memory is fully initialized by the subsequent memcpy/strcpy) and '(int)strlen(p)' can be replaced by 'plen - 1' to save some cycles.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833415 13f79535-47bb-0310-9956-ffa450edef68

6 years agoFollow up to r1833368: fix "mixed declarations and code" warning (buildbot).
Yann Ylavic [Tue, 12 Jun 2018 12:48:42 +0000 (12:48 +0000)]
Follow up to r1833368: fix "mixed declarations and code" warning (buildbot).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833400 13f79535-47bb-0310-9956-ffa450edef68

6 years agoFollow up to r1833368: apr_crypto_prng_after_fork() now used a PID.
Yann Ylavic [Tue, 12 Jun 2018 08:01:04 +0000 (08:01 +0000)]
Follow up to r1833368: apr_crypto_prng_after_fork() now used a PID.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833383 13f79535-47bb-0310-9956-ffa450edef68

6 years agoMake use of the new apr_crypto_rng API if available.
Yann Ylavic [Mon, 11 Jun 2018 23:43:16 +0000 (23:43 +0000)]
Make use of the new apr_crypto_rng API if available.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833368 13f79535-47bb-0310-9956-ffa450edef68

6 years agoRebuild.
Lucien Gentis [Sat, 9 Jun 2018 14:34:02 +0000 (14:34 +0000)]
Rebuild.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833242 13f79535-47bb-0310-9956-ffa450edef68

6 years agoXML update.
Lucien Gentis [Sat, 9 Jun 2018 14:32:58 +0000 (14:32 +0000)]
XML update.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833241 13f79535-47bb-0310-9956-ffa450edef68

6 years ago* configure.in, Makefile.in: Handle no-test-suite case through
Joe Orton [Thu, 7 Jun 2018 13:17:27 +0000 (13:17 +0000)]
* configure.in, Makefile.in: Handle no-test-suite case through
  check-no rule.  Only regenerate the test suite on repeated
  "make check" run if a header file has changed.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833122 13f79535-47bb-0310-9956-ffa450edef68

6 years agoAvoid cyclic dependency by moving ap_set_etag() from module http to core.
Yann Ylavic [Wed, 6 Jun 2018 21:04:21 +0000 (21:04 +0000)]
Avoid cyclic dependency by moving ap_set_etag() from module http to core.

This function, along with ap_make_etag(), is used by the default_handler in
core.c, and in several modules other than builtin mod_http, breaking static
linking and httpdunit tests build.

The move is done by "svn move modules/http/http_etag.c server/util_etag.c".
MMN major bumped, not backportable (as is) to 2.4.x.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833083 13f79535-47bb-0310-9956-ffa450edef68

6 years ago* modules/http/http_request.c (ap_process_request_after_handler,
Joe Orton [Wed, 6 Jun 2018 11:39:33 +0000 (11:39 +0000)]
* modules/http/http_request.c (ap_process_request_after_handler,
  ap_process_request): Cache and retrieve the brigade structure used
  to send EOR and FLUSH between requests in c->pool userdata, to avoid
  allocating a brigade structure per-request out of c->pool.

Submitted by: rpluem, jorton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833014 13f79535-47bb-0310-9956-ffa450edef68

6 years ago* Makefile.in: Pass TESTS=... to run only specific tests with make check.
Joe Orton [Wed, 6 Jun 2018 11:25:32 +0000 (11:25 +0000)]
* Makefile.in: Pass TESTS=... to run only specific tests with make check.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833013 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_ssl: after code review, changed:
Stefan Eissing [Wed, 6 Jun 2018 09:56:00 +0000 (09:56 +0000)]
mod_ssl: after code review, changed:
 * eliminated SSLPolicyRec as name no longer used
 * eliminated some left over parameters in internal functions due to policy def removal
 * reverted a NULL test, necessary before

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832994 13f79535-47bb-0310-9956-ffa450edef68

6 years ago* modules/proxy/mod_proxy_hcheck.c (sctx_t, hc_create_config):
Joe Orton [Wed, 6 Jun 2018 08:42:33 +0000 (08:42 +0000)]
* modules/proxy/mod_proxy_hcheck.c (sctx_t, hc_create_config):
  Remove unused bucket allocator created off pconf.
  Tag the subpool.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832991 13f79535-47bb-0310-9956-ffa450edef68

6 years ago* modules/proxy/proxy_util.c (ap_proxy_share_worker): Skip creating subpool
Joe Orton [Tue, 5 Jun 2018 14:47:52 +0000 (14:47 +0000)]
* modules/proxy/proxy_util.c (ap_proxy_share_worker): Skip creating subpool
  for debugging unless debug-level logging is enabled.  No functional change.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832951 13f79535-47bb-0310-9956-ffa450edef68

6 years ago * mod_proxy_http2: ressurrecting some of the good parts of r1831231 and using memcpy...
Stefan Eissing [Tue, 5 Jun 2018 12:57:55 +0000 (12:57 +0000)]
 * mod_proxy_http2: ressurrecting some of the good parts of r1831231 and using memcpy instead of strncpy to make intentions more clear

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832937 13f79535-47bb-0310-9956-ffa450edef68

6 years ago * integrating latest changes from microgrit
Stefan Eissing [Tue, 5 Jun 2018 12:43:08 +0000 (12:43 +0000)]
 * integrating latest changes from microgrit
 * MDNotifyCmd can now specify arguments to the command

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832935 13f79535-47bb-0310-9956-ffa450edef68

6 years agoFixing h2 proxy link header mapping to substitute correctly again after r1831231...
Stefan Eissing [Tue, 5 Jun 2018 12:33:20 +0000 (12:33 +0000)]
Fixing h2 proxy link header mapping to substitute correctly again after r1831231 breakage.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832934 13f79535-47bb-0310-9956-ffa450edef68

6 years agoimage size 0x34000 exceeds specified maximum 0x30000
Gregg Lewis Smith [Mon, 4 Jun 2018 18:54:47 +0000 (18:54 +0000)]
image size 0x34000 exceeds specified maximum 0x30000

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832880 13f79535-47bb-0310-9956-ffa450edef68

6 years agobuild mod_proxy before mod_proxy_http2
Gregg Lewis Smith [Mon, 4 Jun 2018 18:42:32 +0000 (18:42 +0000)]
build mod_proxy before mod_proxy_http2

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832879 13f79535-47bb-0310-9956-ffa450edef68

6 years agoThese are in 2.4.x
Jim Jagielski [Thu, 31 May 2018 13:38:00 +0000 (13:38 +0000)]
These are in 2.4.x

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832613 13f79535-47bb-0310-9956-ffa450edef68

6 years agoFollow up to r1832580: correct CHANGES entry.
Yann Ylavic [Thu, 31 May 2018 07:36:39 +0000 (07:36 +0000)]
Follow up to r1832580: correct CHANGES entry.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832581 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_remoteip: Fix RemoteIP{Trusted,Internal}ProxyList loading broken by 2.4.30.
Yann Ylavic [Thu, 31 May 2018 07:24:24 +0000 (07:24 +0000)]
mod_remoteip: Fix RemoteIP{Trusted,Internal}ProxyList loading broken by 2.4.30.

Overwriting server config in pre_config hook breaks EXEC_ON_READ directives,
it's automatically created on purpose anyway.

PR 62220.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832580 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_proxy_balancer: follow up to r1828890: indentation and 80 col.
Yann Ylavic [Tue, 29 May 2018 21:43:01 +0000 (21:43 +0000)]
mod_proxy_balancer: follow up to r1828890: indentation and 80 col.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832500 13f79535-47bb-0310-9956-ffa450edef68

6 years agoAxe backported entries.
Yann Ylavic [Tue, 29 May 2018 21:37:16 +0000 (21:37 +0000)]
Axe backported entries.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832497 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_slotmem_shm: follow up to r1831869: fix dead else if condition.
Yann Ylavic [Tue, 29 May 2018 20:22:44 +0000 (20:22 +0000)]
mod_slotmem_shm: follow up to r1831869: fix dead else if condition.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832479 13f79535-47bb-0310-9956-ffa450edef68

6 years agoRpm: fix the location of the PID file so as to avoid timeout
Graham Leggett [Mon, 28 May 2018 12:03:21 +0000 (12:03 +0000)]
Rpm: fix the location of the PID file so as to avoid timeout
delays on systemd.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832383 13f79535-47bb-0310-9956-ffa450edef68

6 years agoAll error handling paths of this function call 'apr_brigade_destroy()' , except this...
Christophe Jaillet [Sun, 27 May 2018 20:48:00 +0000 (20:48 +0000)]
All error handling paths of this function call 'apr_brigade_destroy()' , except this one.
So add it here too.

Probably spotted with the help of the Coccinelle software (Thx Julia for the patch and for Coccinelle)

See PR 53016

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832351 13f79535-47bb-0310-9956-ffa450edef68

6 years agoAll error handling paths of this function call 'apr_socket_close()' , except this...
Christophe Jaillet [Sun, 27 May 2018 20:38:39 +0000 (20:38 +0000)]
All error handling paths of this function call 'apr_socket_close()' , except this one.
So add it here too.

Probably spotted with the help of the Coccinelle software (Thx Julia for the patch and for Coccinelle)

See PR 53015

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832348 13f79535-47bb-0310-9956-ffa450edef68

6 years agoHave code and doc consistent.
Christophe Jaillet [Sun, 27 May 2018 20:14:16 +0000 (20:14 +0000)]
Have code and doc consistent.
The SSLRandomSeed  builtin, uses 128 bytes of stack, not 1kb of scoreboard data.

See PR 54752

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832346 13f79535-47bb-0310-9956-ffa450edef68

6 years agoRebuild.
Lucien Gentis [Sun, 27 May 2018 12:25:30 +0000 (12:25 +0000)]
Rebuild.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832333 13f79535-47bb-0310-9956-ffa450edef68

6 years agoXML updates.
Lucien Gentis [Sun, 27 May 2018 12:20:10 +0000 (12:20 +0000)]
XML updates.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832332 13f79535-47bb-0310-9956-ffa450edef68

6 years agoFix a potential un-intialized variable usage warning.
Christophe Jaillet [Sat, 26 May 2018 16:54:23 +0000 (16:54 +0000)]
Fix a potential un-intialized variable usage warning.
This can not be a runtime ixsue, because, in such a case, we would assert and abort before.

 PR 59819.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832317 13f79535-47bb-0310-9956-ffa450edef68

6 years agoIf several directories are given in a UserDir directive, only files in the first...
Christophe Jaillet [Sat, 26 May 2018 12:25:10 +0000 (12:25 +0000)]
If several directories are given in a UserDir directive, only files in the first existing one are checked. If the file is not found there, the other possible directories are not checked. The doc clearly states that they will be checked one by one, until a match is found or an external redirect is performed.

 PR 59636.

While at it, add some debug messages to better understand what is performed.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832306 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_proxy: add a link to the status flag table
Christophe Jaillet [Sat, 26 May 2018 08:11:26 +0000 (08:11 +0000)]
mod_proxy: add a link to the status flag table

mod_proxy_hcheck: add some hyperlinks, improve syntax highlight, add some missing trailing dot, be more consistent with other modules in the way 'Syntax' lines are displayed

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832294 13f79535-47bb-0310-9956-ffa450edef68

6 years agoIn 'ap_proxy_cookie_reverse_map', iterate over each token of the 'Set-Cookie' header...
Christophe Jaillet [Fri, 25 May 2018 22:27:53 +0000 (22:27 +0000)]
In 'ap_proxy_cookie_reverse_map', iterate over each token of the 'Set-Cookie' header field in order to avoid updating the wrong one.

This could happen if the header field has something like 'fakepath=foo;path=bar". In this case fakepath would be updated instead of path.

We don't need regex anymore in order to parse the field values and 'ap_proxy_strmatch_domain' and 'ap_proxy_strmatch_path' are now useless. (and should be axed IMHO)

PR 61560

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832280 13f79535-47bb-0310-9956-ffa450edef68

6 years agoFix typo
Christophe Jaillet [Fri, 25 May 2018 20:40:27 +0000 (20:40 +0000)]
Fix typo

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832277 13f79535-47bb-0310-9956-ffa450edef68

6 years agoAxe some dead code.
Christophe Jaillet [Thu, 24 May 2018 20:59:44 +0000 (20:59 +0000)]
Axe some dead code.

See PR 60086.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832202 13f79535-47bb-0310-9956-ffa450edef68

6 years agoAxe some dead code.
Christophe Jaillet [Thu, 24 May 2018 20:42:43 +0000 (20:42 +0000)]
Axe some dead code.

See PR 60086.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832200 13f79535-47bb-0310-9956-ffa450edef68

6 years agoSuccess of 'SHGetMalloc()' should be tested with the SUCCEEDED macro.
Christophe Jaillet [Thu, 24 May 2018 20:36:26 +0000 (20:36 +0000)]
Success of 'SHGetMalloc()' should be tested with the SUCCEEDED macro.

/!\   This commit is _NOT COMPILE TESTED_. (I don't have a windows build environment available)

See PR 60086.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832198 13f79535-47bb-0310-9956-ffa450edef68

6 years agohttp_protocol.c: avoid duplicate headers when using
Luca Toscano [Wed, 23 May 2018 11:22:34 +0000 (11:22 +0000)]
http_protocol.c: avoid duplicate headers when using
                 ap_send_error_response

While debugging PR 61860 I found a chain of events
that leads to duplicate headers in the HTTP response
if Header always set is used in the httpd's config.

As far as can understand, mod_headers uses err_headers_out
when dealing with the 'always' setting, since it is expected
to be preserved even on error. The current code seems
to correctly preserve the important headers like Location
(happening before the bit of code that changed), but then
it swaps headers_out with err_headers_out and clears
err_headers_out. My understanding is that this will cause
mod_headers, if called again, to re-insert the headers
set via 'always' again in err_headers_out, leading to a
duplication in the response. So far I managed to reproduce this
only with the specific use case outlined by the PR, but
there might be more.

r1831585 was added to the test suite for PR 61860,
(marked as TODO), and now it seems to pass as expected.

Since this part of the codebase has been working fine
for years I was reluctant to change it, but it seems
the right change to me. I didn't run into any regression
while testing this change (including running the test suite),
but as always I'd be glad to get feedback from a more expert
eye. If I missed a clear regression I'll make sure to
add it to the test suite as part of the follow up.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832092 13f79535-47bb-0310-9956-ffa450edef68

6 years ago* modules/ssl/ssl_engine_config.c: Fix typos, but isn't this first TODO
Joe Orton [Wed, 23 May 2018 07:13:57 +0000 (07:13 +0000)]
* modules/ssl/ssl_engine_config.c: Fix typos, but isn't this first TODO
  actually done?

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832078 13f79535-47bb-0310-9956-ffa450edef68

6 years ago* Makefile.in (check-binaries): Split out binaries to separate targets
Joe Orton [Tue, 22 May 2018 08:36:51 +0000 (08:36 +0000)]
* Makefile.in (check-binaries): Split out binaries to separate targets
  so repeated "make check" still works.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832013 13f79535-47bb-0310-9956-ffa450edef68

6 years agoFix "make check" to be able to find ab, creating a "bin" inside the
Joe Orton [Tue, 22 May 2018 08:32:32 +0000 (08:32 +0000)]
Fix "make check" to be able to find ab, creating a "bin" inside the
dummy install root at $builddir/check.

* Makefile.in (check-binaries): New target.
  (check/bin/apxs): Moved target inside check/bin.
  (check/build/config_vars.mk): Override bindir as well.
  (check): Use apxs at new location.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832011 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_proxy_balancer: clear slotmem slots' inuse flags from persisted files.
Yann Ylavic [Sun, 20 May 2018 13:08:13 +0000 (13:08 +0000)]
mod_proxy_balancer: clear slotmem slots' inuse flags from persisted files.

Otherwise, when BalancerPersist is enabled, we might fail (re)starting with a
saved slotmem if a BalancerMember was renamed (e.g. PR 62308's port change).
This is because the renamed member is considered a new one, while the old name
still reserves a slot, so we end up missing one room. The overall number of
members does not change so the sizes check succeeds thus the persisted slotmem
is not invalidated. Yet the slomem is not really compatible.

By clearing inuse flags, we still allow for slots to be reused if their index
did not change (thanks to ap_proxy_find_balancershm() and slotmem_fgrab() at
the given index), but will also invalidate renamed slots which don't match the
index. We now have the correct behaviour by slot and the server (re)starts in
any case.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831938 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_slotmem_shm: follow up to r1831869: fix persisted file size's checksum.
Yann Ylavic [Sun, 20 May 2018 12:19:13 +0000 (12:19 +0000)]
mod_slotmem_shm: follow up to r1831869: fix persisted file size's checksum.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831935 13f79535-47bb-0310-9956-ffa450edef68

6 years agoRebuild.
Lucien Gentis [Sat, 19 May 2018 15:19:20 +0000 (15:19 +0000)]
Rebuild.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831898 13f79535-47bb-0310-9956-ffa450edef68

6 years agoXML update.
Lucien Gentis [Sat, 19 May 2018 15:18:22 +0000 (15:18 +0000)]
XML update.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831897 13f79535-47bb-0310-9956-ffa450edef68

6 years agoFollow up to r1831869: update CHANGES entry.
Yann Ylavic [Fri, 18 May 2018 17:18:19 +0000 (17:18 +0000)]
Follow up to r1831869: update CHANGES entry.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831872 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_slotmem_shm: follow up to r1831869 (check persistent files).
Yann Ylavic [Fri, 18 May 2018 17:05:18 +0000 (17:05 +0000)]
mod_slotmem_shm: follow up to r1831869 (check persistent files).

Since persistent files are also reused on stop/start, we must ensure that
they match the same descriptor when reused on the next startup, so add it
to integrity metadata.

Also, the descriptor being the first field in the SHM, we don't need to
copy on the stack it in several places, and can handle it as a pointer.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831871 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_slotmem_shm: follow up to r1831869.
Yann Ylavic [Fri, 18 May 2018 16:48:34 +0000 (16:48 +0000)]
mod_slotmem_shm: follow up to r1831869.

Don't try to attach SHMs on startup, they might be from a previous crash and
prevent the server to start (on failure to reuse it).

On mpm_winnt though, the pre/post_config() phases are re-run in child process,
and the parent process already created the SMs, so they must be attached there.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831870 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_slotmem_shm: use a generation number for SHM filename on all platforms.
Yann Ylavic [Fri, 18 May 2018 16:33:28 +0000 (16:33 +0000)]
mod_slotmem_shm: use a generation number for SHM filename on all platforms.

Successive generations can't share the same SHMs because restarts may modify
them under the terminating children, while SHMs are not extensible when all
slots are in use.

This effectively restores r1822341 which was reverted by r1822505.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831869 13f79535-47bb-0310-9956-ffa450edef68

6 years agoRestore mod_slotmem_shm from 2.4.29.
Yann Ylavic [Fri, 18 May 2018 16:22:21 +0000 (16:22 +0000)]
Restore mod_slotmem_shm from 2.4.29.

Will restart from there to really fix PR 62308 (and PR 62044 still).

This effectively reverts:
- r1831394,
- r1830800,
- r1826970,
- r1826845,
- r1823572,
- r1823416,
- r1823415,
- r1823412,
- r1822511,
- r1822509.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831868 13f79535-47bb-0310-9956-ffa450edef68

6 years agoError page translations submitted for zh-cn and zh-tw, contributed
William A. Rowe Jr [Thu, 17 May 2018 17:47:56 +0000 (17:47 +0000)]
Error page translations submitted for zh-cn and zh-tw, contributed
by CodeingBoy <codeingboy gmail.com>.

Note that zh-tw is not a native translation; each translation aught
be reviewed by a native reader before backporting to 2.4.x branch.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831800 13f79535-47bb-0310-9956-ffa450edef68

6 years agoPR62311: only create the rewritelock when needed
Eric Covener [Thu, 17 May 2018 12:28:59 +0000 (12:28 +0000)]
PR62311: only create the rewritelock when needed

Submitted By: Hank Ibell <hwibell gmail.com>
Committed By: covener

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831773 13f79535-47bb-0310-9956-ffa450edef68

6 years agoPR62368: Print the unparsed URI in AH03454
Eric Covener [Thu, 17 May 2018 12:21:15 +0000 (12:21 +0000)]
PR62368: Print the unparsed URI in AH03454

... to include r->args and get otherwise get as close to possible to
what came in over the wire.

Submitted By: Hank Ibell <hwibell gmail.com>
Committed By: covener

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831772 13f79535-47bb-0310-9956-ffa450edef68

6 years agoI don't know if 'c' can be NULL here, but we should not dereference it before checking.
Christophe Jaillet [Mon, 14 May 2018 20:51:31 +0000 (20:51 +0000)]
I don't know if 'c' can be NULL here, but we should not dereference it before checking.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831591 13f79535-47bb-0310-9956-ffa450edef68

6 years agoRevert r1831218, the API garantees slotmem_attach() is called in child_init().
Yann Ylavic [Fri, 11 May 2018 09:44:38 +0000 (09:44 +0000)]
Revert r1831218, the API garantees slotmem_attach() is called in child_init().

r1831394 is the right follow to r1830800 to preserve "inherited" slotmems in
children processes.

While at it, comment on the expectations from mod_proxy_balancer w.r.t.
slotmem_attach() implementations, and eventually how we could improve the API
later (w/o backporting to 2.4.x).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831396 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_slotmem_shm: follow up to r1830800, preserve callee API.
Yann Ylavic [Fri, 11 May 2018 09:31:13 +0000 (09:31 +0000)]
mod_slotmem_shm: follow up to r1830800, preserve callee API.

The caller might (and actually balancer_child_init() does) rely on
slotmem_attach() to not mangle the passed in/out slotmem pointer on
failure.

[Reverted by r1831868]

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831394 13f79535-47bb-0310-9956-ffa450edef68

6 years ago * mod_http2: fix by notroj to silence gcc strncpy warnings and simplify
Stefan Eissing [Wed, 9 May 2018 07:33:20 +0000 (07:33 +0000)]
 * mod_http2: fix by notroj to silence gcc strncpy warnings and simplify

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831231 13f79535-47bb-0310-9956-ffa450edef68

6 years agohttp2 version step
Stefan Eissing [Wed, 9 May 2018 07:29:26 +0000 (07:29 +0000)]
http2 version step

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831230 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_proxy_balancer: follow up to r1830800.
Yann Ylavic [Wed, 9 May 2018 01:23:59 +0000 (01:23 +0000)]
mod_proxy_balancer: follow up to r1830800.

Don't call slotmem_attach() if the slot is already initialized/reused, that
used to work previously because the returned error status is ignored, but
r1830800 changed the function to forcibly reset the returned slot pointer to
NULL first.

There is no point to call slotmem_attach() in this case, the slot is already
initialized because it's either inherited/fork()ed on Unixes, or on Windows
the attachment happened in post_config/slotmem_create() already.

One case where slotmem_attach() would fail is when balancers are defined
globally (main server) and some virtualhosts don't have/use any mod_proxy
configuration/directive. In this case their proxy server config is a pointer
copy of the main server thus their slots are already initialized in both
post_config and child_init hooks. While the case was already handled in
the balancer_post_config(), it did not in balancer_child_init() where we
relied on slotmem_attach() to be a noop.

[Reverted by r1831396]

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831218 13f79535-47bb-0310-9956-ffa450edef68

6 years agoTransforms.
Joe Orton [Tue, 8 May 2018 12:51:38 +0000 (12:51 +0000)]
Transforms.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831175 13f79535-47bb-0310-9956-ffa450edef68

6 years agoAdd next-number bump missed in r1831173.
Joe Orton [Tue, 8 May 2018 12:51:05 +0000 (12:51 +0000)]
Add next-number bump missed in r1831173.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831174 13f79535-47bb-0310-9956-ffa450edef68

6 years ago* modules/ssl/ssl_engine_init.c (ssl_init_server_certs): Add error
Joe Orton [Tue, 8 May 2018 12:50:26 +0000 (12:50 +0000)]
* modules/ssl/ssl_engine_init.c (ssl_init_server_certs): Add error
  logno. Free EVP_PKEY in engine case.  Never try reading ECDH/DH
  parameters from engine ids.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831173 13f79535-47bb-0310-9956-ffa450edef68

6 years agofix bld break in r1831165
Eric Covener [Tue, 8 May 2018 12:48:13 +0000 (12:48 +0000)]
fix bld break in r1831165

I had to disable -Werror in maintainer mode for this file in darwin :/

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831172 13f79535-47bb-0310-9956-ffa450edef68

6 years agostyle fix for r1831165
Eric Covener [Tue, 8 May 2018 12:46:44 +0000 (12:46 +0000)]
style fix for r1831165

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831171 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_ssl: Add support for loading TLS certificates through the PKCS#11
Joe Orton [Tue, 8 May 2018 12:39:22 +0000 (12:39 +0000)]
mod_ssl: Add support for loading TLS certificates through the PKCS#11
engine.

* modules/ssl/ssl_util.c (modssl_is_engine_id): Renamed
  from modssl_is_engine_key.

* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLCertificateKeyFile):
  Adjust accordingly.
  (ssl_cmd_SSLCertificateFile): Also allow ENGINE cert ids.

* modules/ssl/ssl_engine_pphrase.c (modssl_load_engine_keypair):
  Rename from modssl_load_engine_key; load certificate if
  cert id is passed.

* modules/ssl/ssl_engine_init.c (ssl_init_server_certs): Optionally
  load the certificate from the engine as well.

* docs/manual/: Update manual.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831168 13f79535-47bb-0310-9956-ffa450edef68

6 years agomod_ldap: log and abort locking errors.
Eric Covener [Tue, 8 May 2018 12:31:02 +0000 (12:31 +0000)]
mod_ldap: log and abort locking errors.

related to PR60296 investigation

RMM corruption is really nasty, so abort on locking failures.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831165 13f79535-47bb-0310-9956-ffa450edef68

6 years agoRebuild.
Lucien Gentis [Sun, 6 May 2018 16:32:44 +0000 (16:32 +0000)]
Rebuild.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831032 13f79535-47bb-0310-9956-ffa450edef68

6 years agoXML update.
Lucien Gentis [Sun, 6 May 2018 16:31:53 +0000 (16:31 +0000)]
XML update.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831031 13f79535-47bb-0310-9956-ffa450edef68

6 years agoRebuild.
Lucien Gentis [Sun, 6 May 2018 16:17:49 +0000 (16:17 +0000)]
Rebuild.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831030 13f79535-47bb-0310-9956-ffa450edef68

6 years agoXML update.
Lucien Gentis [Sun, 6 May 2018 16:16:16 +0000 (16:16 +0000)]
XML update.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831029 13f79535-47bb-0310-9956-ffa450edef68

6 years agoSave a few cycles.
Christophe Jaillet [Fri, 4 May 2018 19:54:53 +0000 (19:54 +0000)]
Save a few cycles.

Use apr_pstrmemdup instead of apr_pstrndup when possible.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830944 13f79535-47bb-0310-9956-ffa450edef68

6 years agoSave a few cycles and simlify code.
Christophe Jaillet [Fri, 4 May 2018 19:51:12 +0000 (19:51 +0000)]
Save a few cycles and simlify code.

Use apr_pstrmemdup instead of apr_pstrndup when possible.
Avoid scanning the first 2 bytes when looking for the | delimiter. it is known to be "${".
Avoid comma separated statements, it is not that usual.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830943 13f79535-47bb-0310-9956-ffa450edef68

6 years agoSimplify the ssl_asn1_table API, remove abstraction (it is used only
Joe Orton [Fri, 4 May 2018 17:56:32 +0000 (17:56 +0000)]
Simplify the ssl_asn1_table API, remove abstraction (it is used only
to cache serialized EVP_PKEYs not any char * blobs), and document.

* modules/ssl/ssl_util.c (ssl_asn1_table_set): Take the EVP_PKEY and
  serialize internally.  Use ap_realloc.  Return the ssl_asn1_t *
  pointer.  Don't call apr_hash_set() for unchanged pointer case.

* modules/ssl/ssl_engine_pphrase.c (ssl_load_encrypted_pkey):
  Adjust for the above.

* modules/ssl/ssl_private.h: Adjust as above, add docs.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830927 13f79535-47bb-0310-9956-ffa450edef68

6 years ago* modules/ssl/ssl_util_ssl.c (modssl_read_privatekey): Remove unused
Joe Orton [Fri, 4 May 2018 12:24:11 +0000 (12:24 +0000)]
* modules/ssl/ssl_util_ssl.c (modssl_read_privatekey): Remove unused
  second argument.

* modules/ssl/ssl_engine_pphrase.c (ssl_load_encrypted_pkey): Adjust
  accordingly.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830913 13f79535-47bb-0310-9956-ffa450edef68

6 years ago* modules/ssl/ssl_util_ssl.c, modules/ssl/ssl_util_ssl.h:
Joe Orton [Fri, 4 May 2018 12:16:37 +0000 (12:16 +0000)]
* modules/ssl/ssl_util_ssl.c, modules/ssl/ssl_util_ssl.h:
  Remove modssl_read_encrypted_pkey() and helpers, added in r1804087
  but never used.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830912 13f79535-47bb-0310-9956-ffa450edef68

6 years agoTransforms.
Joe Orton [Fri, 4 May 2018 07:09:47 +0000 (07:09 +0000)]
Transforms.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830880 13f79535-47bb-0310-9956-ffa450edef68

6 years agoUse <var> for variables in directive syntax everywhere for
Joe Orton [Fri, 4 May 2018 07:09:28 +0000 (07:09 +0000)]
Use <var> for variables in directive syntax everywhere for
consistency.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830879 13f79535-47bb-0310-9956-ffa450edef68

6 years agoTransforms.
Joe Orton [Thu, 3 May 2018 16:11:41 +0000 (16:11 +0000)]
Transforms.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830840 13f79535-47bb-0310-9956-ffa450edef68

6 years ago* modules/ssl/ssl_engine_pphrase.c (ssl_load_encrypted_pkey):
Joe Orton [Thu, 3 May 2018 15:41:26 +0000 (15:41 +0000)]
* modules/ssl/ssl_engine_pphrase.c (ssl_load_encrypted_pkey):
  Simplify code, no functional change.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830836 13f79535-47bb-0310-9956-ffa450edef68