httpd

Checkout Tools
  • last updated 3 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1772611 is being indexed.

added CVE-2016-8740 description
vote for strict http patch

update after mod_http2 backport
Merge of r771160,1772576 from trunk:

SECURITY: CVE-2016-8740

mod_http2: properly crafted, endless HTTP/2 CONTINUATION frames could be used to exhaust all server's memory.

Reported by: Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State University

mod_http2: wseaking cleanup assertion on streams that have never been scheduled

removing unnecessary calls requiring newer nghttp2 versions
additional testing for frame sceanrios using golang's http2 framer
    • ?
    /test/mod_h2/trunk/test/go/in-headers-many.fuzz
    • ?
    /test/mod_h2/trunk/test/go/test_fuzz.sh
    • ?
    /test/mod_h2/trunk/test/go/in-get.fuzz
    • ?
    /test/mod_h2/trunk/test/go/in-footer.fuzz
    • ?
    /test/mod_h2/trunk/test/go/h2fuzz.go
    • ?
    /test/mod_h2/trunk/test/go/in-headers-endless.fuzz
    • ?
    /test/mod_h2/trunk/test/go/in-footer-endless.fuzz
SECURITY: CVE-2016-8740

mod_http2: properly crafted, endless HTTP/2 CONTINUATION frames could be used to exhaust all server's memory.

Reported by: Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State University

Changes done by Daniel, reviewed by me, adding the html files and meta file to the repo.
    • ?
    /httpd/trunk/docs/manual/howto/htaccess.xml.es
rebuild
Undocumented query string.

mpm-event's doc rebuild
Added some notes in mpm-event's doc page
Propose + 1 minor comment
Missing CHNAGES for r1772489
Fix some style issue.
The default value of 'inherit' should be AP_LUA_INHERIT_UNSET.

With this value, the behavior is the same as 'parent-first' in the 'LuaInherit' directive

If not explicitelly initialized, its value is 0 because of the 'apr_calloc 'in 'create_dir_config'. 0 means 'AP_LUA_INHERIT_NONE'

PR 60419

Remove some spaces to synch with 2.4
update transformation

update transformation

update transformation

Updated Markdown code to the dev guidelines page - part 3
Updated Markdown code to the dev guidelines page - part 2
Updated Markdown code to the dev guidelines page
Merge r1772418 from trunk:

loop in checking response headers

w/ HTTPProtocolOptions Unsafe

loop in checking response headers

w/ HTTPProtocolOptions Unsafe

Add testing hint
mpm-event's doc rebuild
Fixed some wording in mpm-event's doc page
mpm-event's documentation rebuild
Add a section to mpm-event's documentation to advertise new changes

I tried to add a summary of Stefan's last patches just backported to

2.4.x today. I've read all of them and tried to report Stefan's comment

from PR 53555 as much as possible. Please review and let me know if I wrong

something incorrect or not precise enough.