ap_http_header_filter: avoid double encoding of output headers in traces.
When output headers are logged (TRACE4) in send_all_header_fields(), we don't
need to explicitely ap_escape_logitem() them since ap_log_rerror() takes care
of log files escaping already.
Otherwise, characters like '"' are unncesseralily encoded, and '\\' is doubly
encoded (including for controls).
Joe Orton [Fri, 13 Sep 2019 10:43:16 +0000 (10:43 +0000)]
* modules/mappers/mod_rewrite.c: Enhance trace-level logging to log
line numbers accurately for C99 compilers, and remove odd/awkward
double-parentheses using the rewritelog() macro. For non-C99
compilers do_rewritelog() will now be defined - but as a noop - if
REWRITELOG_DISABLED is defined at compile time.
No functional change at runtime apart from the line numbers being
fixed.
Eric Covener [Fri, 30 Aug 2019 11:58:41 +0000 (11:58 +0000)]
restore use of global mutex under !APR_HAS_THREADS
followup to r1852442 which appears to have been too agressive in wrapping
blocks with #if APR_HAS_THREADS. With !APR_HAS_THREADS a global mutex
is a proc mutex.
Ruediger Pluem [Thu, 29 Aug 2019 14:53:04 +0000 (14:53 +0000)]
* Make it obsolete to supply a starting pool
Improve dump_all_pools by making it obsolete to supply a starting pool.
If the parameter is not supplied ap_pglobal which is a global symbol is
used as starting pool.
The pool parameter is still accepted and considered for backwards
compatibility or if ap_pglobal cannot be resolved.
Yann Ylavic [Fri, 23 Aug 2019 10:31:01 +0000 (10:31 +0000)]
mod_ssl: OCSP does not apply to proxy mode, fix verify context.
Since ssl_callback_SSLVerify() is called for both server and proxy modes,
use myCtxConfig()->ocsp_mask to check the right mode/configuration (i.e.
none for proxy in any case).
Add some missing <module> tags.
Add some missing <directive> tags.
Add some missing <directive module=...> links
Add the name of the directive in <default>, so that 'quickreference.html' is generated correctly.
In the AuthnCacheContext directive, fix the way 'directory' and 'server' are displayed. They are key-words and should not be in italic.
Fix a signed/unsigned comparison that can never match.
-1 is a valid length value (for socket, pipe and cgi buckets for example)
All path I've checked cast the -1 to (apr_size_t) in order for the comparison to work. So do it as well here.
This has been like that in trunk since r708144, about 11 years ago, so I assume that it is not really an issue.
Fix a corner case where automatic APLOGNO number generation generates invalid code. (see r1864733 fixed in r1864736, thx Eric)
Not sure why this ,? is there, but it looks uneeded to me.
There is maybe a link with the patterns used in 'find-messages.cocci'. They seem to add some extra , after the empty APLOGNO() it generates.
I will investigate further and fix 'find-messages.cocci' accordingly if needed.
Joe Orton [Thu, 8 Aug 2019 12:11:36 +0000 (12:11 +0000)]
* modules/proxy/mod_proxy_balancer.c (balancer_handler): Check Referer
to improve on protection against balancer-manager XSRF attacks
provided by the nonce.
Joe Orton [Tue, 6 Aug 2019 07:54:24 +0000 (07:54 +0000)]
* modules/filters/mod_proxy_html.c, modules/filters/mod_xml2enc.c:
Fix gcc 9 warnings in code attempting to reduce gcc warnings.
(should have used expat...)
mod_xml2enc.c:26:28: warning: "/*" within comment [-Wcomment]
26 | /* libxml2 includes unicode/*.h files which uses C++ comments */
|
mod_proxy_html.c:32:28: warning: "/*" within comment [-Wcomment]
32 | /* libxml2 includes unicode/*.h files which uses C++ comments */
|
Rainer Jung [Mon, 5 Aug 2019 14:18:22 +0000 (14:18 +0000)]
The GCC flag "-Wno-error=comment" introduced by r1855446
and r1850745 are only known since GCC 4.2. Since it gets
set unconditionally, this breaks compilation with old GCC
even when not using maintainer mode.
Make the fix for maintainer mode more specific by using
a version dependent pragma in the relevant two C files
only switching off error status for comment warnings.
Stefan Eissing [Mon, 5 Aug 2019 11:29:58 +0000 (11:29 +0000)]
*) mod_ssl: reverting a 2.4.40 change where a superfluous SSLCertificateChainFile configuration
for a domain managed by mod_md caused a startup error. This happened when mod_md installed
its fallback certificate, before it got the first real certificate from Lets Encrypt.
Eric Covener [Thu, 1 Aug 2019 13:58:45 +0000 (13:58 +0000)]
don't mess with AP_ENABLE_EXCEPTION_HOOK on trunk
mpm_common defines it later anyway:
In file included from mod_md.c:25:
In file included from /Users/covener/SRC/httpd-trunk/include/mpm_common.h:40:
In file included from /Users/covener/SRC/httpd-trunk/include/ap_config.h:184:
/Users/covener/SRC/httpd-trunk/include/ap_config_auto.h:11:9: error: 'AP_ENABLE_EXCEPTION_HOOK' macro redefined [-Werror,-Wmacro-redefined]
Stefan Eissing [Thu, 18 Jul 2019 12:31:01 +0000 (12:31 +0000)]
*) mod_http2: core setting "LimitRequestFieldSize" is not additionally checked on
merged header fields, just as HTTP/1.1 does. [Stefan Eissing, Michael Kaufmann]
Joe Orton [Wed, 17 Jul 2019 07:51:53 +0000 (07:51 +0000)]
mod_cgid: Continuation of r1862968, experimental fd passing support.
Split out CGI bucket implementation from mod_cgi and use in both
mod_cgi and mod_cgid, bringing stderr handling in mod_cgid up to par
with mod_cgi. (There is a lot of code which has been copied between
mod_cgi{,d} so there's scope for further reduction of source
duplication between the modules using this header)
* modules/generators/cgi_common.h: Copied from mod_cgi.c, removed
everything but the CGI bucket implementation with only one change:
(struct cgi_bucket_data, cgi_bucket_create, cgi_bucket_read): Take a
timeout on bucket creation, store and use on reads.
* modules/generators/mod_cgi.c [APR_FILES_AS_SOCKETS]: Include
cgi_common.h.
(cgi_handler): Pass configured timeout to CGI bucket.
* modules/generators/mod_cgid.c: Include cgi_common.h.
(log_script_err): Copy from mod_cgi.c.
(log_script): Use log_script_err.
(send_req): Take fd for stderr.
(cgid_child_errfn): Handle fd-passing case by writing error
to stderr for client to pass through ap_log_rerror.
(cgid_handler): Create pipe for stderr, pass write-end to
server via send_req, use read-end to create CGI bucket. Handle
stderr output in failure paths.
Joe Orton [Fri, 12 Jul 2019 12:09:04 +0000 (12:09 +0000)]
Add experimental support for fd passing in mod_cgid. Attaches CGI
script stderr to the error log specific to the vhost, by passing the
appropriate fd over the AF_UNIX socket from the request handling
thread to the cgid server process.
* modules/generators/mod_cgid.c (sock_readhdr): New function, also
returns auxiliary control data (the stderr fd) if available.
(sock_write): Take optional aux fd argument, send it as control
data. (send_req, get_req): Adjust accordingly to pass/receive the
stderr fd.
(cgid_server): Use passed fd if available, limit the lifetime.
Stefan Eissing [Wed, 10 Jul 2019 10:18:15 +0000 (10:18 +0000)]
*) mod_http2: fixed a bug that prevented proper stream cleanup when connection
throttling was in place. Stream resets by clients on streams initiated by them
are counted as possible trigger for throttling.
Stefan Eissing [Tue, 9 Jul 2019 16:57:59 +0000 (16:57 +0000)]
* moving the openssl related new hooks into mod_ssl_openssl.h
* chaning type parameter to openssl types
* adding explanation of return value in get_stapling_status()
* adding array element description for add_cert_files and add_fallback_cert_files hooks
projects / apache / log