]> granicus.if.org Git - apache/log
apache
7 years agotested and voted
Jim Jagielski [Tue, 13 Dec 2016 12:41:18 +0000 (12:41 +0000)]
tested and voted

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773993 13f79535-47bb-0310-9956-ffa450edef68

7 years agovote
Stefan Eissing [Tue, 13 Dec 2016 09:52:50 +0000 (09:52 +0000)]
vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773937 13f79535-47bb-0310-9956-ffa450edef68

7 years agoProvide all-in-one patch to ease review.
Yann Ylavic [Mon, 12 Dec 2016 21:58:06 +0000 (21:58 +0000)]
Provide all-in-one patch to ease review.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773883 13f79535-47bb-0310-9956-ffa450edef68

7 years agoThis is looking solid
William A. Rowe Jr [Mon, 12 Dec 2016 21:34:44 +0000 (21:34 +0000)]
This is looking solid

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773877 13f79535-47bb-0310-9956-ffa450edef68

7 years agoDuplicate.
Yann Ylavic [Mon, 12 Dec 2016 20:51:44 +0000 (20:51 +0000)]
Duplicate.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773871 13f79535-47bb-0310-9956-ffa450edef68

7 years agoPropose.
Yann Ylavic [Mon, 12 Dec 2016 20:50:05 +0000 (20:50 +0000)]
Propose.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773869 13f79535-47bb-0310-9956-ffa450edef68

7 years agosome context
Jim Jagielski [Mon, 12 Dec 2016 16:14:10 +0000 (16:14 +0000)]
some context

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773811 13f79535-47bb-0310-9956-ffa450edef68

7 years agodrop proposal
Eric Covener [Mon, 12 Dec 2016 16:06:09 +0000 (16:06 +0000)]
drop proposal

surafe two showstoppers discussed elsewhere in STATUS

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773810 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1773162 from trunk:
Jim Jagielski [Mon, 12 Dec 2016 15:23:33 +0000 (15:23 +0000)]
Merge r1773162 from trunk:

After eliminating unusual whitespace in Unsafe mode (e.g. \f \v), we are left
with the same behavior in both of these cases. Simplify. Noted by rpluem.

Submitted by: wrowe
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773803 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1773159 from trunk:
Jim Jagielski [Mon, 12 Dec 2016 15:22:49 +0000 (15:22 +0000)]
Merge r1773159 from trunk:

Partial port of proposed r1773158 for httpd-2.x only; this change causes all
illegible protocol args to be rejected, irrespective of the strict toggle as
we expect this to occur with a garbage raw SP embedded in the request URI.

Simplifies the code using the protocol 0.9 sentinal to set up an http/1.0
error response.

String duplication of r1773158 is uninteresting, httpd-2.x has a const protocol
member.

Submitted by: rpluem, wrowe

Submitted by: wrowe
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773802 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1773346 from trunk:
Jim Jagielski [Mon, 12 Dec 2016 15:21:29 +0000 (15:21 +0000)]
Merge r1773346 from trunk:

Drop C-L header and message-body from HTTP 204 responses.

The C-L header can be set in a fcgi/cgi backend or in other
filters like ap_content_length_filter (with the value of 0),
meanwhile the message-body can be returned incorrectly
by any backend. The idea is to remove unnecessary bytes
from a HTTP 204 response.

PR 51350

Submitted by: elukey
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773801 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1773397 from trunk:
Jim Jagielski [Mon, 12 Dec 2016 15:20:04 +0000 (15:20 +0000)]
Merge r1773397 from trunk:

ProxyPass ! doesn't block per-directory ProxyPass

 *) mod_proxy: Honor a server scoped ProxyPass exception when ProxyPass is
     configured in <Location>, like in 2.2. PR 60458.
     [Eric Covener]

Submitted by: covener
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773800 13f79535-47bb-0310-9956-ffa450edef68

7 years agoVote, promote, note.
Yann Ylavic [Mon, 12 Dec 2016 11:30:28 +0000 (11:30 +0000)]
Vote, promote, note.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773765 13f79535-47bb-0310-9956-ffa450edef68

7 years agoOne doesn't seem like the right fix, another appears to be.
William A. Rowe Jr [Mon, 12 Dec 2016 05:59:51 +0000 (05:59 +0000)]
One doesn't seem like the right fix, another appears to be.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773740 13f79535-47bb-0310-9956-ffa450edef68

7 years agoPropose + vote
Luca Toscano [Sat, 10 Dec 2016 11:08:59 +0000 (11:08 +0000)]
Propose + vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773515 13f79535-47bb-0310-9956-ffa450edef68

7 years agovotes
Jim Jagielski [Fri, 9 Dec 2016 14:13:07 +0000 (14:13 +0000)]
votes

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773403 13f79535-47bb-0310-9956-ffa450edef68

7 years agopropose
Eric Covener [Fri, 9 Dec 2016 14:04:24 +0000 (14:04 +0000)]
propose

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773402 13f79535-47bb-0310-9956-ffa450edef68

7 years agopropose PR60458
Eric Covener [Fri, 9 Dec 2016 14:02:08 +0000 (14:02 +0000)]
propose PR60458

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773398 13f79535-47bb-0310-9956-ffa450edef68

7 years ago80 col
William A. Rowe Jr [Thu, 8 Dec 2016 19:00:08 +0000 (19:00 +0000)]
80 col

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773282 13f79535-47bb-0310-9956-ffa450edef68

7 years agoupdate transformation
André Malo [Thu, 8 Dec 2016 15:39:36 +0000 (15:39 +0000)]
update transformation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773254 13f79535-47bb-0310-9956-ffa450edef68

7 years agovotes
Jim Jagielski [Thu, 8 Dec 2016 15:16:20 +0000 (15:16 +0000)]
votes

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773252 13f79535-47bb-0310-9956-ffa450edef68

7 years agoxforms
Jim Jagielski [Thu, 8 Dec 2016 15:11:36 +0000 (15:11 +0000)]
xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773251 13f79535-47bb-0310-9956-ffa450edef68

7 years agocgi "most common"
Rich Bowen [Thu, 8 Dec 2016 14:35:08 +0000 (14:35 +0000)]
cgi "most common"

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773247 13f79535-47bb-0310-9956-ffa450edef68

7 years agoTwo issues noted by rpluem
William A. Rowe Jr [Wed, 7 Dec 2016 23:41:30 +0000 (23:41 +0000)]
Two issues noted by rpluem

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773164 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMeant to commit this to the merge branch for consideration; reverting r1773158
William A. Rowe Jr [Wed, 7 Dec 2016 23:05:37 +0000 (23:05 +0000)]
Meant to commit this to the merge branch for consideration; reverting r1773158

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773160 13f79535-47bb-0310-9956-ffa450edef68

7 years agoAs noted by rpluem, r->protocol isn't const char *. Ensure the exit cases
William A. Rowe Jr [Wed, 7 Dec 2016 22:54:36 +0000 (22:54 +0000)]
As noted by rpluem, r->protocol isn't const char *. Ensure the exit cases
are pstrdup'ed. Note that r->protocol = "" is not in a return path.

Simplify the garbage-in protocol handling without consideration to 'strict'
settings. It is expected to be caused by an invalid raw SP in the URL.

Backports: r1773159 (with pstrdup enhancement)
Submitted by: rpluem, wrowe

Reverted in r1773160 (for further STATUS review)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773158 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1772919 from trunk:
Jim Jagielski [Wed, 7 Dec 2016 12:57:08 +0000 (12:57 +0000)]
Merge r1772919 from trunk:

mod_auth_digest: fix segfaults during shared memory exhaustion

The apr_rmm_addr_get/apr_rmm_malloc() combination did not correctly
check for a malloc failure, leading to crashes when we ran out of the
limited space provided by AuthDigestShmemSize. This patch replaces all
these calls with a helper function that performs this check.

Additionally, fix a NULL-check bug during entry garbage collection.
Submitted by: jchampion
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773069 13f79535-47bb-0310-9956-ffa450edef68

7 years agovote/promote
Eric Covener [Tue, 6 Dec 2016 19:42:34 +0000 (19:42 +0000)]
vote/promote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772946 13f79535-47bb-0310-9956-ffa450edef68

7 years agovote
Jim Jagielski [Tue, 6 Dec 2016 18:39:02 +0000 (18:39 +0000)]
vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772931 13f79535-47bb-0310-9956-ffa450edef68

7 years agoPropose
Jacob Champion [Tue, 6 Dec 2016 17:39:12 +0000 (17:39 +0000)]
Propose

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772926 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1772812, r1772813 from trunk:
Jim Jagielski [Tue, 6 Dec 2016 17:37:38 +0000 (17:37 +0000)]
Merge r1772812, r1772813 from trunk:

mod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash)
to prevent deciphering or tampering with a padding oracle attack.

mod_session_crypto: follow up to r1772812: CHANGES entry.
Submitted by: ylavic
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772925 13f79535-47bb-0310-9956-ffa450edef68

7 years agopromote
Jim Jagielski [Tue, 6 Dec 2016 17:36:26 +0000 (17:36 +0000)]
promote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772924 13f79535-47bb-0310-9956-ffa450edef68

7 years agovote
Jim Jagielski [Tue, 6 Dec 2016 17:36:09 +0000 (17:36 +0000)]
vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772923 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1772489, r1772504 from trunk:
Jim Jagielski [Tue, 6 Dec 2016 17:35:52 +0000 (17:35 +0000)]
Merge r1772489, r1772504 from trunk:

The default value of 'inherit' should be AP_LUA_INHERIT_UNSET.
With this value, the behavior is the same as 'parent-first' in the 'LuaInherit' directive

If not explicitelly initialized, its value is 0 because of the 'apr_calloc 'in 'create_dir_config'. 0 means 'AP_LUA_INHERIT_NONE'

PR 60419

Missing CHNAGES for r1772489
Submitted by: jailletc36
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772922 13f79535-47bb-0310-9956-ffa450edef68

7 years agoformat CVE entries
Eric Covener [Tue, 6 Dec 2016 13:54:05 +0000 (13:54 +0000)]
format CVE entries

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772895 13f79535-47bb-0310-9956-ffa450edef68

7 years agosiphash
Eric Covener [Tue, 6 Dec 2016 00:31:27 +0000 (00:31 +0000)]
siphash

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772818 13f79535-47bb-0310-9956-ffa450edef68

7 years agoVote, promote.
Yann Ylavic [Tue, 6 Dec 2016 00:22:48 +0000 (00:22 +0000)]
Vote, promote.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772817 13f79535-47bb-0310-9956-ffa450edef68

7 years agoPropose mod_session_crypto fix for CVE-2016-0736.
Yann Ylavic [Mon, 5 Dec 2016 23:50:17 +0000 (23:50 +0000)]
Propose mod_session_crypto fix for CVE-2016-0736.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772814 13f79535-47bb-0310-9956-ffa450edef68

7 years agocapitalize
Eric Covener [Mon, 5 Dec 2016 19:43:34 +0000 (19:43 +0000)]
capitalize

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772764 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1772758 from trunk:
Eric Covener [Mon, 5 Dec 2016 19:39:40 +0000 (19:39 +0000)]
Merge r1772758 from trunk:

provide more access control migration hints

current examples don't account for when access control overlaps
with authentication.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772762 13f79535-47bb-0310-9956-ffa450edef68

7 years agoupdates
Jim Jagielski [Mon, 5 Dec 2016 14:46:00 +0000 (14:46 +0000)]
updates

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772685 13f79535-47bb-0310-9956-ffa450edef68

7 years ago------------------------------------------------------------------------
Jim Jagielski [Mon, 5 Dec 2016 14:34:29 +0000 (14:34 +0000)]
------------------------------------------------------------------------
r1772419 | covener | 2016-12-02 19:10:53 -0500 (Fri, 02 Dec 2016) | 7 lines

Merge r1772418 from trunk:

loop in checking response headers

w/ HTTPProtocolOptions Unsafe

------------------------------------------------------------------------
r1772236 | wrowe | 2016-12-01 11:29:27 -0500 (Thu, 01 Dec 2016) | 8 lines

Appears we cannot disallow this whitespace, since the chunk BNF coexisted
with the implied *LWS rule, before RFC7230 eliminated the later. Whether
this is actually OWS or BWS is an editorial decision beyond our pay grade.

Backports: r1765475
Submitted by: wrowe

------------------------------------------------------------------------
r1771697 | rpluem | 2016-11-28 04:59:00 -0500 (Mon, 28 Nov 2016) | 4 lines

Merge r1771690 from trunk:

* Fix numbers count in comment.

------------------------------------------------------------------------
r1771696 | rpluem | 2016-11-28 04:56:42 -0500 (Mon, 28 Nov 2016) | 1 line

* Revert 1771372: As Bill points out correctly. Only backport trunk revisions to this branch.
------------------------------------------------------------------------
r1771372 | rpluem | 2016-11-25 14:55:18 -0500 (Fri, 25 Nov 2016) | 1 line

* Fix numbers count in comment.
------------------------------------------------------------------------
r1770870 | wrowe | 2016-11-22 13:44:21 -0500 (Tue, 22 Nov 2016) | 3 lines

Optimize away one more strchr.
Backports: 1770869

------------------------------------------------------------------------
r1770868 | wrowe | 2016-11-22 13:34:25 -0500 (Tue, 22 Nov 2016) | 8 lines

List discussion resulted in rejecting all but SP characters in the request
line, but in the strict mode prioritize excessive space testing over bad
space testing (which is captured later) and make both more efficient
(at this test ll[0] is already whitespace or \0 char). Also correct a comment.

Backports: r1770867
Submitted by: wrowe

------------------------------------------------------------------------
r1770846 | covener | 2016-11-22 09:32:45 -0500 (Tue, 22 Nov 2016) | 5 lines

Merge r1770817 from trunk:

Removing unused warning after r1764961 changes.

------------------------------------------------------------------------
r1770789 | covener | 2016-11-21 20:58:06 -0500 (Mon, 21 Nov 2016) | 25 lines

Merge r1770786 from trunk:

remove Location: header checks for absolute URL

https://tools.ietf.org/html/rfc7231#section-7.1.2

   The "Location" header field is used in some responses to refer to a
   specific resource in relation to the response.  The type of
   relationship is defined by the combination of request method and
   status code semantics.

     Location = URI-reference

   The field value consists of a single URI-reference.  When it has the
   form of a relative reference ([RFC3986], Section 4.2), the final
   value is computed by resolving it against the effective request URI
   ([RFC3986], Section 5).

There is even an example with no scheme:

     Location: /People.html#tim

------------------------------------------------------------------------
r1770386 | wrowe | 2016-11-18 09:45:32 -0500 (Fri, 18 Nov 2016) | 6 lines

Backport: r1769965
Submitted by: wrowe, rpluem

Actually cause the Host header to be overridden, as noted by rpluem,
and simplify now that there isn't a log-only mode.

------------------------------------------------------------------------
r1770173 | wrowe | 2016-11-17 07:09:32 -0500 (Thu, 17 Nov 2016) | 1 line

Merge of r1765451 did not apply cleanly, drop unneeded prototype.
------------------------------------------------------------------------
r1769675 | wrowe | 2016-11-14 13:57:12 -0500 (Mon, 14 Nov 2016) | 1 line

Add an entry about RFC strictness
------------------------------------------------------------------------
r1769674 | wrowe | 2016-11-14 13:54:42 -0500 (Mon, 14 Nov 2016) | 1 line

Clean up CHANGES for clarity
------------------------------------------------------------------------
r1769672 | wrowe | 2016-11-14 13:15:07 -0500 (Mon, 14 Nov 2016) | 31 lines

Dropped the never-released ap_has_cntrls() as it had very limited
and inefficient application at that, added ap_scan_vchar_obstext()
to accomplish a similar purpose.

Dropped HttpProtocolOptions StrictURL option, this will be better
handled in the future with a specific directive and perhaps multiple
levels of scrutiny, use ap_scan_vchar_obstext() to simply ensure there
are no control characters or whitespace within the URI.

Changed the scanning of the response header table by check_headers()
to follow the same rulesets as reading request headers. Disallow any
CTL character within a response header value, and any CTL or whitespace
in response header field name, even in strict mode.

Apply HttpProtocolOptions Strict to chunk header parsing, invalid
whitespace is invalid, line termination must follow CRLF convention.
Submitted by: wrowe
Backport: r1764961,1765112-1765115

When redrawing the parser, ap_get_http_token looked to be useful, but there's
no application for this yet in httpd, so hold off adding this function when
we backport the enhancements. ap_scan_http_token was entirely sufficient.
If the community wants this new function, we can add it when backporting
work is complete.

This patch, and the earlier patches Friday actually demanded an mmn major
bump due to struct member changes. In any final backport, new members must
be added to the end of the struct to retain an mmn minor designation.
Submitted by: wrowe
Backport: r1765451

------------------------------------------------------------------------
r1769669 | wrowe | 2016-11-14 12:59:10 -0500 (Mon, 14 Nov 2016) | 124 lines

Fix syntax
Submitted by: jailletc36
Backport: r1756862

Introduce StrictURI|UnsafeURI for RFC3986 enforcement
Submitted by: wrowe
Backport: r1756959

Surpress noise about syntax
Submitted by: wrowe
Backport: r1756978

Yann is correct, % is distinct from reserved and unreserved
Submitted by: wrowe
Backport: r1757062

As commented, ensure we don't flag a request as a rejected 0.9 request
if we identified any other parsing errors and handle all 0.9 request
errors as 400 BAD REQUEST, presuming HTTP/1.0 to deliver the error details.
Do not report 0.9 issues as 505 INVALID PROTOCOL because the client apparently
specified no protocol, and 505 post-dates the simple HTTP request mechanism.
Submitted by: wrowe
Backport: r1757065

Rename LenientWhitespace to UnsafeWhitespace and change StrictWhitespace
to the default behavior, after discussion with fielding et al about the
purpose of section 3.5. Update the documentation to clarify this.

This patch removes whitespace considerations from the Strict|Unsafe toggle
and consolidates them all in the StrictWhitespace|UnsafeWhitespace toggle.

Added a bunch of logic comments to read_request_line parsing.

Dropped the badwhitespace list for an all-or-nothing toggle in rrl.

Leading space before the method is optimized to be evaluated only once.

Toggled the request from HTTP/0.9 to HTTP/1.0 for more BAD_REQUEST cases.

Moved s/[\n\v\f\r]/ / cleanup logic earlier in the cycle, to operate on
each individual line read, and catch bad whitespace errors earlier.
This changes the obs-fold to more efficiently condense whitespace and
forces concatinatination with a single SP, always. Overrides are not
necessary since obs-fold is clearly deprecated.
Submitted by: wrowe
Backport: r1757589

Also catch invalid spaces between the URI <> Protocol in StrictWhitespace mode.
(matching the test for the Method <> URI)
Submitted by: wrowe
Backport: r1757593

Correct RFC reference text (link was right)
Submitted by: wrowe
Backport: r1757711

First survey results, all intrinsicly bad input will be logged at the debug
level, no louder. This patch intentionally dodges the Limit* constrained tests
since administrators may shoot themselves in the foot, or be confronted with
impossibly long cookie values, etc.

Adjust the documentation to match.
Submitted by: wrowe
Backport: r1757920

Correct URL failure reporting.

Drop the second reporting of HEAD over HTTP/0.9 requests, we short-circuit
this early now in read_request_line() when presented anything other than
the sole "GET" method permitted by spec.
Revert to the correct APLOGNO ID for this case
Submitted by: wrowe
Backport: r1757921, r1757924

Folding StrictWhitespace into the Strict ruleset of RFC7230, per dev@ poll.
This choice is unanimous, although StrictURI (a different RFC) still hasn't
found absolute concensus.
Submitted by: wrowe
Backport: r1758226

Correct the parser construction for several optimizations,
based on the fact that bad whitespace shall not be permitted
or corrected in any operating mode, while preserving the
ability to extract bad method/uri/proto for later reporting
and diagnostics.

This change causes badwhitespace in the request line or any
request field line to always fail, and not honor the setting
of the HttpProtocolOptions Unsafe option. Mult SP characters
or trailing SP characters in the request line are still
permitted in Unsafe mode.

Adjusted several error message emits to match these changes.
Submitted by: wrowe
Backport: r1758263

Clarify documentation based on concensus decisions discussed on dev@
and reflecting the current implementation, clean up stray <p>
Submitted by: wrowe
Backport: r1758265, r1758266

New optional flag to enforce <CR><LF> line delimiters in ap_[r]getline,
created by overloading 'int fold' (1 or 0) as 'int flags', with the same
value 1 for AP_GETLINE_FOLD (which httpd doesn't use), and a new value
2 for AP_GETLINE_CRLF

Enforce CRLF when HttpProtocolOptions Strict is in force.

Correctly introduces a new t/TEST fail.
Submitted by: wrowe
Backport: r1758304

Calm some overly agressive crlf handling, and clarify
Submitted by: wrowe
Backport: r1758305, r1758313

Review of IE 11, Firefox 48 and Chrome 53 all indicate that ';' URI characters
are transmitted unencoded, per RFC3986 section 3.3 grammer. Correct httpd's
behavior to not encode ';' in proxied URI's or Location: response headers.
Submitted by: wrowe
Backport: r1760444

------------------------------------------------------------------------
r1769664 | wrowe | 2016-11-14 12:07:40 -0500 (Mon, 14 Nov 2016) | 48 lines

Drop unused, previously sscanf() target variables
Submitted by: wrowe
Backport: r1756821

Drop redundant == --rrl_none evaluation
Submitted by: rpluem
Backport: r1756823

server/protocol.c (read_request_line): Fix compiler warnings with GCC.
Submitted by: jorton
Backport: r1756824

Correct request header handling of whitespace with the new possible config of
HttpProtocolOptions Unsafe StrictWhitespace

I have elected not to preserve any significance to excess whitespace in the
now-deprecated obs-fold code path, that's certainly open for discussion.

This can be reviewed by tweaking t/conf/extra.conf to switch Strict to Unsafe.
Submitted by: wrowe
Backport: r1756847

A band-aid to resolve an immediate IBM MVS'ism
Submitted by: wrowe
Backport: r1756849

Resolve Netware (and other arch) build error for non-portable isascii()
Submitted by: wrowe
Backport: r1756934

Generally, the cart comes before the horse, this mirrors apr_lib.h
Submitted by: wrowe
Backport: r1756937

After lengthy investigation with covener's assistance, it seems we cannot
use a static table. We cannot change this to dynamic use of the local iconv
without build changes to avoid such use on cross-platform builds.

I'm satisfied if we trust iscntrl to at least catch all the most lethal
C0 Ctrls (we are promised it catches bad carriage control/line endings)
and leave this in the short term with an XXX to revisit at a future time.

The token stop never needed this table, because we can use the affirmative
list of token characters to define it.
Submitted by: wrowe, covener
Backport: r1756946

------------------------------------------------------------------------
r1769662 | wrowe | 2016-11-14 12:01:20 -0500 (Mon, 14 Nov 2016) | 46 lines

Rename the previously undocumented HTTPProtocol directive
to EnforceHTTPProtocol, and invert the default behavior
to strictly observe RFC 7230 unless otherwise configured.
And Document This.

The relaxation option is renamed 'Unsafe'. 'Strict' is no
longer case sensitive. 'min=0.9|1.0' is now the verbose
'Allow0.9' or 'Require1.0' case-insenstive grammer. The
exclusivity tests have been modified to detect conflicts.

The 'strict,log' option failed to enforce strict conformance,
and has been removed. Unsafe, informational logging is possible
in any loadable module, after the request data is unsafely
accepted.

This triggers a group of failures in t/apache/headers.t as
expected since those patterns violated RFC 7230 section 3.2.4.
Submitted by: wrowe
Backport: r1756540

Correct AP_HTTP_CONFORMANCE_ flags
Submitted by: wrowe
Backport: r1756555

Renaming this directive to HttpProtocolOptions after discussion on dev@
Submitted by: wrowe
Backport: r1756649

Perform correct, strict parsing of the request line, handling the
http protocol tag, url and method appropriately, and attempting
to extract values even in the presence of unusual whitespace in
keeping with section 3.5, prior to responding with whatever
error reply is needed. Conforms to RFC7230 in all respects,
the section 3.5 optional behavior can be disabled by the user
with a new HttpProtocolOptions StrictWhitespace flag. In all
cases, the_request is regenerated from the parsed components
with exactly two space characters.

Shift sf's 'strict' method check from the Strict behavior because
it violates forward proxy logic, adding a new RegisteredMethods
flag, as it will certainly be useful to some.
Submitted by: wrowe
Backport: r1756729

------------------------------------------------------------------------
r1769649 | wrowe | 2016-11-14 10:29:20 -0500 (Mon, 14 Nov 2016) | 124 lines

Improve legibility of reviewing the generated table, using hex rather than dec
Submitted by: wrowe
Backport: r1754536

Correct T_HTTP_TOKEN_STOP per RFC2068 (2.2) - RFC7230 (3.2.6),
which has always defined 'token' as CHAR or VCHAR - visible USASCII only.
NUL char is also a stop, end of parsing.
Submitted by: wrowe
Backport: r1754538

Be more explicit about NUL in case iscntrl is inconsistent
Submitted by: wrowe
Backport: r1754539

Introduce T_HTTP_CTRLS for efficiently finding non-text chars
Submitted by: wrowe
Backport: r1754540

Introduce ap_scan_http_field_content, ap_scan_http_token
and ap_get_http_token [later reverted] for more efficient
string handling.
Submitted by: wrowe
Backport: r1754541

With NUL as a TOKEN_STOP, this code is more efficient
Submitted by: wrowe
Backport: r1754544

We arrive here for more than one cause; offer a more general statement
Submitted by: wrowe
Backport: r1754547

Strictly observe spec on obs-fold
Submitted by: wrowe
Backport: r1754548

Leave an emphatic TODO per Jeff's observations
Submitted by: trawick
Backport: r1754555

Introduce ap_scan_http_token / ap_scan_http_field_content for a much
more efficient pass through the header text; rather than reparsing
the strings over and over under the HTTP_CONFORMANCE_STRICT fules.

Improve logic and legibility by eliminating multiple repetitive tests
of the STRICT flag, and simply reorder 'classic' behavior first and
this new parser second to simplify the diff. Because of the whitespace
change (which I had wished to dodge), reading this --ignore-all-space
is a whole lot easier. Particularly against 2.4.x branch, which is now
identical in the 'classic' logic flow. Both of which I'll share with dev@
Submitted by: wrowe
Backport: r1754556

Friendly catch by Rüdiger, restore line mis-removed by the previous commit
Submitted by: rpluem
Backport: r1754568

Clean up doubled-'{'
Correct usage for ap_scan_http_token (had used _get_ syntax)
Correct logic, detect no 'token' chars, or missing ':'
Submitted by: wrowe, rpluem
Backport: r1754569,r1754570,r1754577

Replacement solution to identify VCHAR/ASCII symbols, even in EBCDIC.
Looking for someone with an EBCDIC environment to post the output of
the test_char.h generated file for verification.
Submitted by: wrowe
Backport: r1754579

Clean up an edge case where obs-fold continuation preceeds the first header,
as with r1755098, but this time ensure the previous header processing logic
ensures there was a previous header as identified by jchampion.

This patch restructures the loop for legibility with a loop continuation,
allowing us to flatten all of this hard-to-follow code. The subsequent
patch will be a whitespace-only change for formatting.

Testing len > 0 is redundant when *field is a "\0" and mismatches here,
folded flag was a no-op, unused once we added continue; logic.
Fix these as initially attempted in r1755114.

Improve comments and reflow whitespace.
Submitted by: wrowe
Backport: r1755123,r1755124,r1755125,r1755126

As promised, reduce this logic by net 9 code lines, shifting the burden
of killing trailing whitespace to the purpose-agnostic read logic.

Whitespace before or after an obs-fold, and before or after a field value
have no semantic purpose at all. Because we are building a buffer for all
folded values, reducing the size of the newly allocated buffer is always
to our advantage.
Submitted by: wrowe
Backport: r1755233

Treat empty obs-fold line as a noop, eliminate all intra-obs-fold excess
whitespace, and observe the 1 SP per obs-folding per spec.
Submitted by: wrowe
Backport: r1755234,r1755235,r1755236

Treat empty obs-fold line as abusive traffic.
Submitted by: wrowe
Backport: r1755263

Stop reflecting irrelevant data to the request error notes, particularly
for abusive and malformed traffic the non-technical consumer of a user-agent
has no control over.

Simply take note where the administrator-configured limits have been exceeded,
that administrator can find details in the error log if desired.
Submitted by: wrowe
Backport: r1755264

Follow up to r1755264.
Don't crash when ap_rgetline() returns a NULL field on ENOSPC.
Submitted by: ylavic
Backport: r1755343

Follow on to r1755264, for the case of merged header length exceptions,
and ensure the field header name is truncated to a sane log width.
Submitted by: wrowe
Backport: r1755744

------------------------------------------------------------------------
r1769454 | wrowe | 2016-11-12 18:47:29 -0500 (Sat, 12 Nov 2016) | 2 lines

Partial Backport of r1746884, no-op changes that introduce patch conflicts.

------------------------------------------------------------------------
r1768978 | wrowe | 2016-11-09 09:39:05 -0500 (Wed, 09 Nov 2016) | 5 lines

Backports: r1687643
Submitted by: covener

be less weird in comment

------------------------------------------------------------------------
r1768977 | wrowe | 2016-11-09 09:37:34 -0500 (Wed, 09 Nov 2016) | 5 lines

Backports: r1687642
Submitted by: covener
elaborate on a misleading comment

------------------------------------------------------------------------
r1768971 | wrowe | 2016-11-09 09:32:09 -0500 (Wed, 09 Nov 2016) | 8 lines

core: Follow up to r1664205 (previously backported)
Don't let invalid r->proto_num/protocol out of read_request_line() reach
the output filters (when responding with 400 Bad Request).
Suggested by: rpluem
Backports: r1664576

------------------------------------------------------------------------
r1768969 | wrowe | 2016-11-09 09:23:00 -0500 (Wed, 09 Nov 2016) | 10 lines

Backport: r1610383
Submitted by: jailletc36
Simplify code.

Cases where 'loc' doesn't have any ':' or is  starting with ':' are already
handled by 'ap_is_url()'
Calling 'apr_isascii()' seems useless.

------------------------------------------------------------------------
r1768968 | wrowe | 2016-11-09 09:20:45 -0500 (Wed, 09 Nov 2016) | 4 lines

Backport: r1546860
Submitted by: jailletc36
Fix missing space in message of protocol.c (other r1546860 changes ignored)

------------------------------------------------------------------------
r1768093 | wrowe | 2016-11-04 16:50:45 -0400 (Fri, 04 Nov 2016) | 7 lines

ap_rgetline_core() now pulls from r->proto_input_filters
for better input filtering behavior during chunked trailer
processing by ap_http_filter().
Backports: r1446421
Submitted by: joes

------------------------------------------------------------------------
r1768090 | wrowe | 2016-11-04 16:47:00 -0400 (Fri, 04 Nov 2016) | 7 lines

Stupid CodeWarrior compiler cant take vars with struct inits.
Ensure that is_v6literal is always initialized

Backports: r1428145, r1436457
Submitted by: fuankg, rpluem

------------------------------------------------------------------------
r1768036 | wrowe | 2016-11-04 10:20:16 -0400 (Fri, 04 Nov 2016) | 40 lines

Add an option to enforce stricter HTTP conformance

This is a first stab, the checks will likely have to be revised.
For now, we check

 * if the request line contains control characters
 * if the request uri has fragment or username/password
 * that the request method is standard or registered with RegisterHttpMethod
 * that the request protocol is of the form HTTP/[1-9]+.[0-9]+,
   or missing for 0.9
 * if there is garbage in the request line after the protocol
 * if any request header contains control characters
 * if any request header has an empty name
 * for the host name in the URL or Host header:
   - if an IPv4 dotted decimal address: Reject octal or hex values, require
     exactly four parts
   - if a DNS host name: Reject non-alphanumeric characters besides '.' and
     '-'. As a side effect, this rejects multiple Host headers.
 * if any response header contains control characters
 * if any response header has an empty name
 * that the Location response header (if present) has a valid scheme and is
   absolute

If we have a host name both from the URL and the Host header, we replace the
Host header with the value from the URL to enforce RFC conformance.

There is a log-only mode, but the loglevels of the logged messages need some
thought/work. Currently, the  checks for incoming data log for 'core' and the
checks for outgoing data log for 'http'. Maybe we need a way to configure the
loglevels separately from the core/http loglevels.

change protocol number parsing in strict mode according to HTTPbis draft
- only accept single digit version components
- don't accept white-space after protocol specification

Clean up comment, fix log tags.
Submitted by: sf
Backports: r1426877, r1426879, r1426988, r1426992

------------------------------------------------------------------------
r1768035 | wrowe | 2016-11-04 10:14:59 -0400 (Fri, 04 Nov 2016) | 14 lines

Correctly parse an IPv6 literal host specification in an absolute URL
in the request line.

- Fix handling of brackets [ ] surrounding the IPv6 address.
- Skip parsing r->hostname again if not necessary.
- Do some checks that the IPv6 address is sane. This is not done by
  apr_parse_addr_port().

log client error at level debug, log broken Host header value

Backports: r1407006, r1426827
Submitted by: sf

------------------------------------------------------------------------
r1767942 | wrowe | 2016-11-03 14:01:23 -0400 (Thu, 03 Nov 2016) | 5 lines

Expose ap_method_register() to the admin with a new RegisterHttpMethod
directive.
Backports: r1407599
Submitted by: sf

------------------------------------------------------------------------
r1767941 | wrowe | 2016-11-03 13:57:50 -0400 (Thu, 03 Nov 2016) | 9 lines

New directive HttpProtocol which allows to disable HTTP/0.9 support
with min=0.9|1.0 syntax.

A tighter restriction off the version in the request line is still
possible with <If "%{SERVER_PROTOCOL_NUM} ..."> .
Submitted by: sf
Backports: r1406719, r1407643, r1425366

------------------------------------------------------------------------
r1767912 | wrowe | 2016-11-03 11:55:18 -0400 (Thu, 03 Nov 2016) | 1 line

Branch to bring http protocol parsing in 2.4.x in sync with trunk
------------------------------------------------------------------------

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772678 13f79535-47bb-0310-9956-ffa450edef68

7 years agopromote
Jim Jagielski [Mon, 5 Dec 2016 14:31:27 +0000 (14:31 +0000)]
promote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772677 13f79535-47bb-0310-9956-ffa450edef68

7 years agovotes
Jim Jagielski [Mon, 5 Dec 2016 14:30:50 +0000 (14:30 +0000)]
votes

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772676 13f79535-47bb-0310-9956-ffa450edef68

7 years agovote for strict http patch
Eric Covener [Sun, 4 Dec 2016 23:55:10 +0000 (23:55 +0000)]
vote for strict http patch

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772586 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge of r771160,1772576 from trunk:
Stefan Eissing [Sun, 4 Dec 2016 22:28:45 +0000 (22:28 +0000)]
Merge of r771160,1772576 from trunk:

SECURITY: CVE-2016-8740

mod_http2: properly crafted, endless HTTP/2 CONTINUATION frames could be used to exhaust all server's memory.

Reported by: Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State University

mod_http2: wseaking cleanup assertion on streams that have never been scheduled

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772579 13f79535-47bb-0310-9956-ffa450edef68

7 years agoPropose + 1 minor comment
Christophe Jaillet [Sun, 4 Dec 2016 07:22:00 +0000 (07:22 +0000)]
Propose + 1 minor comment

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772505 13f79535-47bb-0310-9956-ffa450edef68

7 years agoupdate transformation
André Malo [Sat, 3 Dec 2016 19:32:38 +0000 (19:32 +0000)]
update transformation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772481 13f79535-47bb-0310-9956-ffa450edef68

7 years agoAdd testing hint
William A. Rowe Jr [Fri, 2 Dec 2016 20:31:07 +0000 (20:31 +0000)]
Add testing hint

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772404 13f79535-47bb-0310-9956-ffa450edef68

7 years agosilence warning. No functional change
Jim Jagielski [Fri, 2 Dec 2016 11:56:36 +0000 (11:56 +0000)]
silence warning. No functional change

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772337 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1770771 from trunk:
Jim Jagielski [Fri, 2 Dec 2016 11:46:50 +0000 (11:46 +0000)]
Merge r1770771 from trunk:

Describe new behavior of ServerLimit

This has changed a bit after the fix for PR 53555. Better wording is welcome.

Submitted by: sf
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772336 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1738631, r1738633, r1738635, r1757030, r1757031, r1770752, r1770768 from trunk:
Jim Jagielski [Fri, 2 Dec 2016 11:46:38 +0000 (11:46 +0000)]
Merge r1738631, r1738633, r1738635, r1757030, r1757031, r1770752, r1770768 from trunk:

Don't take over scoreboard slots from gracefully finishing threads

Otherwise the old and the new thread will both update the same scoreboard slot
with undefined results.

add comments

Document which directives set which variables

Make ap_find_child_by_pid() look at all slots that have ever been used.

This is preparation to allow to use more scoreboard slots in mpm event.

mpm_event: minor code simplification

- move variable initializations into declarations
- use max_workers variable

mpm_event: don't re-use scoreboard slots that are still in use

This causes inconsistent data in the scoreboard (due to async
connections) and makes it difficult to determine what is going on.
Therefore it is not a useful fix for the scoreboard-full issues (PR
53555).

The consent on the dev list is that we should allocate/use more
scoreboard entries instead.

Use all available scoreboard slots

Allow to use all slots up to ServerLimit. This makes 'scoreboard full'
errors much less likely.

And if ther is a situation where the scoreboard is full, don't make any
more processes finish gracefully due to reduced load until some old
processes have terminated. Otherwise, the situation would get worse once
the load increases again.

ap_daemon_limit is renamed to the more descriptive active_server_limit,
to make sure that all its uses are taken care of.

PR 53555

mpm_event: add clarifying comment

from jim

Submitted by: sf
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772335 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1705922, r1706523, r1738464, r1738466, r1738486 from trunk:
Jim Jagielski [Fri, 2 Dec 2016 11:44:57 +0000 (11:44 +0000)]
Merge r1705922, r1706523, r1738464, r1738466, r1738486 from trunk:

When shutting down a process, free resources early

Due to lingering connections, shutting down a process may take a very
long time. Free all recycled pools early in the hope that we can already
give some memory back to the OS.

rename some variables to be more descriptive

pid -> pslot
tid -> tslot
remove unused 'sd'

Terminate keep-alive connections when dying

When shutting down a process gracefully, terminate keep-alive connections so
that we don't get any new requests which may keep the dying process alive
longer.

Exit threads early during shutdown

During graceful shutdown, if there are more running worker threads than open
connections, terminate some threads. This frees resources faster, which may be
needed for new processes.

Exit threads early during shutdown, part 2

Follow up to r1738466: During graceful shutdown, when the listener thread is
closing a connection, it needs to wake up a worker thread so that it may
terminate.

Submitted by: sf
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772334 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1738628, r1757009, r1756848, r1757029 from trunk:
Jim Jagielski [Fri, 2 Dec 2016 11:43:55 +0000 (11:43 +0000)]
Merge r1738628, r1757009, r1756848, r1757029 from trunk:

Display process slot number in the async overview

Fix the number of column for 'Async connections'.
There are only 3 columns (writing, keep-alive, closing), not 4.

Try to improve the code layout for it to be more readable.
Each <th> is on its own line so keep the corresponding "colspan" <td> fields grouped together.

r1738628 introduced a new column, 'Slot'.
Add an empty cell for it in the last line of the table, in order to fix the layout of the Totals.

Replace tab by spaces to be consistent

mod_status: note stopping procs in async info table

* add new column "stopping", denoting if a process is shutting down
* add additional "(old gen)", if a process is from before a graceful reload
* add counts of processes and stopping processes to summary line

Submitted by: sf, jailletc36, jailletc36, sf
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772333 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1757061, r1770750 from trunk:
Jim Jagielski [Fri, 2 Dec 2016 11:42:55 +0000 (11:42 +0000)]
Merge r1757061, r1770750 from trunk:

ap_reclaim_child_processes() ignores its first argument

note this in the docs, add comment

ap_reclaim_child_processes(): Implement terminate immediately

The behavior for terminate == 1 was documented but not implemented. Do
that now.

Submitted by: sf
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772332 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1496711, r1597533, r1649491, r1665216, r1756553, r1756631, r1726675, r1718496...
Jim Jagielski [Fri, 2 Dec 2016 11:42:13 +0000 (11:42 +0000)]
Merge r1496711, r1597533, r1649491, r1665216, r1756553, r1756631, r1726675, r1718496, r1718476, r1747469 from trunk:

recognize the "default handler name" in r->handler, which is used when
no SetHandler/AddHandler and no matching mimetype during type_checker.

Submitted by: Eric Covener

mod_cache: try to use the key of a possible open but stale cache entry
if we have one in cache_try_lock(). PR 50317

Submitted by: Ruediger Pluem

* modules/cache/mod_socache_memcache.c (socache_mc_store): Pass
  through expiration time.

Submitted by: Faidon Liambotis <paravoid debian.org>, jorton

* mod_cache: Preserve the Content-Type in case of 304 response.
304 does not contain Content-Type and mod_mime regenerates
the Content-Type based on the r->filename. This later leads to original
Content-Type to be lost (overwriten by whatever mod_mime generates).

mod_cache: Use the actual URI path and query-string for identifying the
cached entity (key), such that rewrites are taken into account when
running afterwards (CacheQuickHandler off).  PR 21935.

mod_cache: follow up to r1756553: log the real/actual cached URI (debug).

better s-maxage support

+  *) mod_cache: Consider Cache-Control: s-maxage in expiration
+     calculations.  [Eric Covener]
+
+  *) mod_cache: Allow caching of responses with an Expires header
+     in the past that also has Cache-Control: max-age or s-maxage.
+     PR55156. [Eric Covener]

remove dead code leftover from r1023387.

Prior to this revision, there was an apr_atoi64 in this context.
Now, ap_cache_control() sets control.max_age (which is checked here) when
the maxage value was parsed OK.

duplicate debug-level AH00764 in the just-validated path.

Rename ap_casecmpstr[n]() to ap_cstr_casecmp[n](), update with APR doxygen
Submitted by: jkaluza, jorton, jkaluza, ylavic, ylavic, covener, covener, covener, wrowe
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772331 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1702948, r1759415 from trunk:
Jim Jagielski [Fri, 2 Dec 2016 11:36:06 +0000 (11:36 +0000)]
Merge r1702948, r1759415 from trunk:

httpd compiles warning free on gcc and every new warning will be treated as an error, standard c-89 is enforced

http_config: follow up to r1702948: maybe unused, yet maybe usefull too.
Submitted by: icing, ylavic
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772330 13f79535-47bb-0310-9956-ffa450edef68

7 years agoPromoted
William A. Rowe Jr [Thu, 1 Dec 2016 19:06:25 +0000 (19:06 +0000)]
Promoted

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772252 13f79535-47bb-0310-9956-ffa450edef68

7 years agoStraightforward votes first
William A. Rowe Jr [Thu, 1 Dec 2016 19:04:58 +0000 (19:04 +0000)]
Straightforward votes first

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772251 13f79535-47bb-0310-9956-ffa450edef68

7 years agoAdd mod_proxy_hcheck to Windows
Gregg Lewis Smith [Wed, 30 Nov 2016 22:40:15 +0000 (22:40 +0000)]
Add mod_proxy_hcheck to Windows

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772126 13f79535-47bb-0310-9956-ffa450edef68

7 years agoupdate transformation
André Malo [Sun, 27 Nov 2016 22:27:47 +0000 (22:27 +0000)]
update transformation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1771661 13f79535-47bb-0310-9956-ffa450edef68

7 years agoremove BOM
André Malo [Sun, 27 Nov 2016 22:24:38 +0000 (22:24 +0000)]
remove BOM

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1771659 13f79535-47bb-0310-9956-ffa450edef68

7 years agouse consistent encoding between xml.fr files (utf-8)
André Malo [Sun, 27 Nov 2016 22:22:06 +0000 (22:22 +0000)]
use consistent encoding between xml.fr files (utf-8)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1771657 13f79535-47bb-0310-9956-ffa450edef68

7 years agoRebuild.
Lucien Gentis [Sun, 27 Nov 2016 13:46:15 +0000 (13:46 +0000)]
Rebuild.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1771596 13f79535-47bb-0310-9956-ffa450edef68

7 years agoUTF-8 encoding.
Lucien Gentis [Sun, 27 Nov 2016 13:45:20 +0000 (13:45 +0000)]
UTF-8 encoding.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1771595 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge of r1771001,1771015 from trunk:
Stefan Eissing [Wed, 23 Nov 2016 18:20:10 +0000 (18:20 +0000)]
Merge of r1771001,1771015 from trunk:

mod_http2: new directive H2EarlyHints

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1771018 13f79535-47bb-0310-9956-ffa450edef68

7 years agobackport prop
Jim Jagielski [Wed, 23 Nov 2016 16:57:20 +0000 (16:57 +0000)]
backport prop

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1771005 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge of r1769596,1769600,1770395,1770998 from trunk
Stefan Eissing [Wed, 23 Nov 2016 16:32:59 +0000 (16:32 +0000)]
Merge of r1769596,1769600,1770395,1770998 from trunk

mod_http2: PUSH triggers only on GET
mod_proxy_http2: 1xx responses not forwarded unconditionally on HTTP/1.x connections

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1771000 13f79535-47bb-0310-9956-ffa450edef68

7 years agothanks, now in the branch
Eric Covener [Tue, 22 Nov 2016 14:33:15 +0000 (14:33 +0000)]
thanks, now in the branch

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770847 13f79535-47bb-0310-9956-ffa450edef68

7 years agothese look like works in progress (??)
Jim Jagielski [Tue, 22 Nov 2016 13:45:32 +0000 (13:45 +0000)]
these look like works in progress (??)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770839 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1756542 from trunk:
Jim Jagielski [Tue, 22 Nov 2016 13:42:51 +0000 (13:42 +0000)]
Merge r1756542 from trunk:

mod_ssl: Fix quick renegotiation (OptRenegotiaton) with no intermediate
in the client certificate chain.  PR 55786.

This is done by handling an empty cert chain as no/NULL chain.

Submitted by: ylavic
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770838 13f79535-47bb-0310-9956-ffa450edef68

7 years agopromote
Jim Jagielski [Tue, 22 Nov 2016 13:40:56 +0000 (13:40 +0000)]
promote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770837 13f79535-47bb-0310-9956-ffa450edef68

7 years agotests OK
Jim Jagielski [Tue, 22 Nov 2016 13:40:39 +0000 (13:40 +0000)]
tests OK

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770836 13f79535-47bb-0310-9956-ffa450edef68

7 years agoHmmm....
Jim Jagielski [Tue, 22 Nov 2016 12:40:47 +0000 (12:40 +0000)]
Hmmm....

Was folded into Revision 1769595 ??

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770830 13f79535-47bb-0310-9956-ffa450edef68

7 years agovotes
Jim Jagielski [Tue, 22 Nov 2016 12:24:37 +0000 (12:24 +0000)]
votes

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770829 13f79535-47bb-0310-9956-ffa450edef68

7 years agocomment on proposal
Stefan Eissing [Tue, 22 Nov 2016 09:53:10 +0000 (09:53 +0000)]
comment on proposal

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770818 13f79535-47bb-0310-9956-ffa450edef68

7 years agovote+promote
Stefan Fritsch [Mon, 21 Nov 2016 22:24:20 +0000 (22:24 +0000)]
vote+promote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770777 13f79535-47bb-0310-9956-ffa450edef68

7 years agonote docs commit in proposal
Stefan Fritsch [Mon, 21 Nov 2016 22:15:48 +0000 (22:15 +0000)]
note docs commit in proposal

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770773 13f79535-47bb-0310-9956-ffa450edef68

7 years agoSplit proposal for PR 53555 into smaller chunks
Stefan Fritsch [Mon, 21 Nov 2016 21:47:16 +0000 (21:47 +0000)]
Split proposal for PR 53555 into smaller chunks

Replace jim's proposal into smaller chunks that are IMHO easier to review.

The end result is the same, except for the CHANGES entry and one comment that I
added to r1770752 vs. the Bugzilla patch and that was missing in jim's patch.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770769 13f79535-47bb-0310-9956-ffa450edef68

7 years agoAnother bit o' lint
Jim Jagielski [Mon, 21 Nov 2016 21:07:51 +0000 (21:07 +0000)]
Another bit o' lint

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770761 13f79535-47bb-0310-9956-ffa450edef68

7 years agoAnd the final trunk related bit
Jim Jagielski [Mon, 21 Nov 2016 21:07:04 +0000 (21:07 +0000)]
And the final trunk related bit

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770760 13f79535-47bb-0310-9956-ffa450edef68

7 years agoPropose backport,
Jim Jagielski [Mon, 21 Nov 2016 21:03:06 +0000 (21:03 +0000)]
Propose backport,

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770759 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1752331, r1752332, r1752333 from trunk:
Jim Jagielski [Mon, 21 Nov 2016 12:18:18 +0000 (12:18 +0000)]
Merge r1752331, r1752332, r1752333 from trunk:

CMake: use CMAKE_REQUIRED_INCLUDES to find APR macros

When using CMake with Visual Studio on Windows, invoking the
CHECK_SYMBOL_EXISTS macro with the full paths to the include files seems
to always result in failure.

Instead, use the documented CMAKE_REQUIRED_INCLUDES variable to set the
include directory, and pass only the headers' base names to
CHECK_SYMBOL_EXISTS.

CMake: use generator expressions to find output files

Multi-configuration generators, like Visual Studio, use a different
output directory (Debug, Release, etc.) for each configuration. To find
the output files reliably, switch to using generator expressions instead
of hardcoding the file paths for PDBs, export files, etc.

CMake: quote installation paths

Deal with installation paths with spaces in them (e.g. "C:\Program
Files") by quoting the arguments to perl and xcopy.
Submitted by: jchampion
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770674 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1769332 from trunk:
Jim Jagielski [Mon, 21 Nov 2016 12:17:46 +0000 (12:17 +0000)]
Merge r1769332 from trunk:

ssl: clear the error queue before SSL_read/write/accept()

If other modules or libraries do not clear the OpenSSL error queue after
a failed operation, other code that relies on SSL_get_error() -- in
particular, code that deals with SSL_ERROR_WANT_READ/WRITE logic -- will
malfunction later on. To prevent this, explicitly clear the error queue
before calls like SSL_read/write/accept().

PR: 60223
Submitted by: Paul Spangler <paul.spangler ni.com>
Submitted by: jchampion
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770673 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1698334 from trunk:
Jim Jagielski [Mon, 21 Nov 2016 12:17:13 +0000 (12:17 +0000)]
Merge r1698334 from trunk:

Avoid adding duplicate subequest filters, as they would not be stripped
properly during an ap_internal_fast_redirect.

Submitted by: covener
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770672 13f79535-47bb-0310-9956-ffa450edef68

7 years agoXML updates.
Lucien Gentis [Sun, 20 Nov 2016 13:36:35 +0000 (13:36 +0000)]
XML updates.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770560 13f79535-47bb-0310-9956-ffa450edef68

7 years agoXML updates.
Lucien Gentis [Sat, 19 Nov 2016 17:17:50 +0000 (17:17 +0000)]
XML updates.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770508 13f79535-47bb-0310-9956-ffa450edef68

7 years agoRebuild.
Lucien Gentis [Sat, 19 Nov 2016 16:24:35 +0000 (16:24 +0000)]
Rebuild.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770504 13f79535-47bb-0310-9956-ffa450edef68

7 years agoXML updates.
Lucien Gentis [Sat, 19 Nov 2016 16:23:49 +0000 (16:23 +0000)]
XML updates.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770503 13f79535-47bb-0310-9956-ffa450edef68

7 years agodocumentation rebuild
Luca Toscano [Thu, 17 Nov 2016 10:52:21 +0000 (10:52 +0000)]
documentation rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770154 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1769899 from trunk:
Luca Toscano [Thu, 17 Nov 2016 10:51:50 +0000 (10:51 +0000)]
Merge r1769899 from trunk:

Added a note in the mod_headers docs about Content-Type and setifempty

This note has been added as a follow up of a stack overflow post
(thanks to Michael Allan for the research):

http://stackoverflow.com/questions/29398123/apache-2-4-set-mime-type-of-file-without-extension

After a chat in #httpd-dev it seems that the issue boils down to how %{CONTENT_TYPE}
is evaluated in util_expr_eval.c (r->content_type) vs how setifempty is (only a check
of the response headers). This particular behavior might be a bug or feature,
but it is worth to alert our users.

Submitted by: elukey

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770153 13f79535-47bb-0310-9956-ffa450edef68

7 years agoVote and promote
William A. Rowe Jr [Wed, 16 Nov 2016 17:24:11 +0000 (17:24 +0000)]
Vote and promote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770022 13f79535-47bb-0310-9956-ffa450edef68

7 years agoDocumentation rebuild
Luca Toscano [Tue, 15 Nov 2016 16:16:43 +0000 (16:16 +0000)]
Documentation rebuild

This commit also revert my last one about H2PushResource.
After a chat on #http-dev we decided to make it public since
it holds a Compatibility section.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1769853 13f79535-47bb-0310-9956-ffa450edef68

7 years agoRevert introduction of H2PushResource on 2.4 docs
Luca Toscano [Tue, 15 Nov 2016 11:48:01 +0000 (11:48 +0000)]
Revert introduction of H2PushResource on 2.4 docs

The directive will be available only from 2.4.24 onwards,
reverting to avoid confusing users.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1769791 13f79535-47bb-0310-9956-ffa450edef68

7 years agodocumentation rebuild
Luca Toscano [Tue, 15 Nov 2016 11:33:43 +0000 (11:33 +0000)]
documentation rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1769786 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1769637 from trunk:
Luca Toscano [Tue, 15 Nov 2016 11:32:27 +0000 (11:32 +0000)]
Merge r1769637 from trunk:

Unified duplicate warning in mod_proxy ProxyPass documentation.

Also changed terminology to be in sync with:
https://httpd.apache.org/docs/current/mod/directive-dict.html#Context

It was confusing in my opinion to read that ProxyPass wasn't supported
for the <Directory> context (since "directory" semantic is already
overloaded).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1769784 13f79535-47bb-0310-9956-ffa450edef68

7 years agoPromote one patch, propose one historically tangled patch
William A. Rowe Jr [Mon, 14 Nov 2016 19:02:29 +0000 (19:02 +0000)]
Promote one patch, propose one historically tangled patch

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1769677 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1733538 from trunk (follow up to 2.4.21's r1746997):
Yann Ylavic [Mon, 14 Nov 2016 12:09:48 +0000 (12:09 +0000)]
Merge r1733538 from trunk (follow up to 2.4.21's r1746997):

ab: follow up to r1733537: CHANGES entry.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1769610 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1769593 from trunk (mergeinfo for r1769601):
Yann Ylavic [Mon, 14 Nov 2016 12:02:10 +0000 (12:02 +0000)]
Merge r1769593 from trunk (mergeinfo for r1769601):

Updated changelog with the last change of mod_proxy_fcgi

r1759984, r1760018 and r1752347 are all changes related
to a bug fixed for mod_proxy_fcgi.

Submitted by: elukey

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1769609 13f79535-47bb-0310-9956-ffa450edef68

7 years agoMerge r1764046 from trunk (mergeinfo for r1769599):
Yann Ylavic [Mon, 14 Nov 2016 12:00:39 +0000 (12:00 +0000)]
Merge r1764046 from trunk (mergeinfo for r1769599):

Following up on r1764040, add the CHANGES entry.

Submitted by: kotkov

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1769608 13f79535-47bb-0310-9956-ffa450edef68