Checkout Tools
  • last updated 7 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Merge r1879878 from trunk:

Avoid NULL pointer dereferences for empty environment variable values

Submitted by: rpluem

Reviewed by: jailletc36, covener, gbechis, jim

Merge r1609680, r1609688, r1641381, r1826289, r1826313, r1878467, r1878994, r1879000, r1879001, r1879002, r1879361 from trunk:

mod_proxy: add ap_proxy_define_match_worker() and use it for ProxyPassMatch

and ProxyMatch section to distinguish between normal workers and workers

with regex substitutions in the name. Implement handling of such workers

in ap_proxy_get_worker(). PR 43513

mod_proxy: better check for worker->s->is_name_matchable

Return a match whenever we get to the end of the worker name, regardless

of whether there is URL left.

ProxyPassMatch had been using the default worker in trunk.

Follow up to r1609680: simpler/faster ap_proxy_strcmp_ematch().

No functional change.

Follow up to r1609680: further simplify/optimize ap_proxy_strcmp_ematch().

While at it, same treatment for its mother ap_strcmp_match().

make sure the $n of the regular expressions is not included the name of the worker.

for example, the example:

ProxyPassMatch "^(/.*\.gif)$" "$1"

was giving:

AH00526: Syntax error on line nnn of bla/conf/httpd.conf:

ProxyPass Unable to parse URL:$1

ap_proxy_define_match_worker: don't copy the url unnecessarily.

And save a few cycles, when the duplication is needed, by not copying

the ignored part.

ap_proxy_define_match_worker: disable connection reuse by default.

To avoid compat issues with dns/connection reuse now that a worker with

dollar substitution can be elected.

CHANGES entry for ap_proxy_define_match_worker().

Oups, axe spurious copypasta.

mod_proxy: unfail mixed ProxyPass/<Proxy> and ProxyPassMatch/<ProxyMatch>.

It is not a failure in current 2.4.x, so to ease backport and to avoid compat

breakage simply warn about the second directive being ignored.

This commit can be reverted in trunk if we want next versions to fail in this


[Reverted by r1879363]

Submitted by: jkaluza, covener, ylavic, ylavic, jfclere, ylavic, ylavic, ylavic, ylavic, ylavic

Reviewed by: ylavic, minfrin (with an MMN bump), jim (agree w/ minfrin)



Remove problematic version check for OpenSSL < 1.0.2

This addresses several concerns;

- There is no valid release of OpenSSL < 1.0.2 to incorporate security fixes,

particularly on Windows, and particularly as vetted by the project.

- File structure of opensslv.h has changed in such as a way as to completely

invalidate the CMake FindOpenSSL macros, so 3.0.0 cannot be determined.

Add proposal.

vote [skip ci]

improve Lua 5.4 handling

more similar to trunk

fix quotes, simplify path, add a high port


add 2.4 examples of mixed http/ws

cover overlapp scenario which is straightfoward in trunk

(as long you get it in the right order)

wstunnel flexibility

old vote

r1880670 put these in the wrong section

Make fixed version less ambiguous and move retroactive CVE down to the 2.4.25 area
Support building against Lua 5.4 by adjusting to the 3-arg form of


* modules/lua/config.m4 (CHECK_LUA): Check for lua5.4 paths.

* modules/lua/mod_lua.c (lua_output_filter_handle,

lua_input_filter_handle): Check that exactly one item is on the

stack as indicated by lua_resume().

Submitted by: Lubos Uhliarik <luhliari>, jorton

PR: 64591

Github: closes #130, closes #133, closes #134

One last fix
Update disclosed vulnerabilities
add CVE

Fix bad find/replace
Updates for announcement of 2.4.46
Updates for announcement of 2.4.46
Add simplest possible test for lua output filtering.

    • ?
Fail for more abort() errors in error_log.

Fail if a core dump is produced, and dump the backtrace if so.

(e.g. during parent or child process shutdown, core dumps will

not show up as test case failures so would not otherwise be caught)

update transformations.
update for sync with English doc.
Update docs for SSLRandomSeed deprecation in r1877467. [skip ci]

Nominate. [skip ci]