httpd

Checkout Tools
  • last updated 5 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1800997 is being indexed.

propose backport

On the trunk:

mod_http2: Simplify ready queue, less memory and better performance. Update

mod_http2 version to 1.10.7.

Progress indicator
Fix negotiation type parsing to be strict about "*", "*/*" and "type/*"

comparisons.

Submitted by: wrowe, Robert Święcki <robert swiecki.net>

Backports: r1800917

Reviewed by: wrowe, jchampion, ylavic

Correct string scope to prevent duplicated values for subsequent tokens.

Submitted by: wrowe

Backports: r1800919

Reviewed by: wrowe, jchampion, ylavic

Vote, promote.
Fix negotiation type parsing to be strict about "*", "*/*" and "type/*"

comparisons.

Submitted by: wrowe, Robert Święcki <robert swiecki.net>

Backports: r1800917

Reviewed by: wrowe, jim, jchampion

SECURITY: CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest.

The value placeholder in [Proxy-]Authorization headers type 'Digest' was not

initialized or reset before or between successive key=value assignments by

mod_auth_digest. Providing an initial key with no '=' assignment could reflect

the stale value of uninitialized pool memory used by the prior request, leading

to leakage of potentially confidential information, and a segfault.

Submitted by: wrowe

Backports: r1800919

Reviewed by: wrowe, jim, jchampion

Vote.
Vote/promote another.
mod_negotiation: add Accept variant tests

Also remove the duplicated config in the comments.

mod_lua: add apr_table compatibility test

We might back this out later, if we decide not to keep the

(undocumented) global variable.

Vote/promote one.
vote

Two more string parsing oddities for consideration
Correct string scope to prevent duplicated values for subsequent tokens.

Fix negotiation type parsing to be strict about "*", "*/*" and "type/*"

comparisons.

Submitted by: wrowe, Robert Święcki <robert swiecki.net>

mod_lua: add some tests for the header table functionality
Mark backported patch 1800173 in commit 1800215
Merge r1800788 from trunk:

Add mod_proxy_hcheck to generated httpd.spec file. PR 60506.

Submitted by: ylavic

Reviewed by: ylavic, rpluem, jim

promote

vote on rpm change

* Vote
Backported.

mod_lua: Improve compatibility with Lua 5.1, 5.2 and 5.3.

PR58188, PR60831, PR61245.

CTR

The following lua 5.2 and 5.3 compat change

should be checked for runtime correctness

by someone more knowledgeable about lua.

Index: modules/lua/lua_apr.c

--- modules/lua/lua_apr.c (original)

+++ modules/lua/lua_apr.c Tue Jul 4 20:48:43 2017

@@ -82,7 +82,11 @@ static const luaL_Reg lua_table_methods[

int ap_lua_init(lua_State *L, apr_pool_t *p)

{

luaL_newmetatable(L, "Apr.Table");

+#if LUA_VERSION_NUM < 502

luaL_register(L, "apr_table", lua_table_methods);

+#else

+ luaL_newlib(L, lua_table_methods);

+#endif

lua_pushstring(L, "__index");

lua_pushstring(L, "get");

lua_gettable(L, 2);

Fix another mod_lua compile error.

Compilation now tested against Lus 5.1, 5.2

and 5.3. The libs were compiled with COMPAT

flags set, but mod_lua no longer sets them

so it should compile and run with non-COMPAT

libs as well.

Fix new compilation breakage in mod_lua.

Mostly revert the configure compat check for

lua from r1785753. This should now no longer

be needed.

Fix last compat issue with Lua 5.2 and 5.3.

Patch taken from PR58188 which picked it from

openSUSE.

Still needs testing.

More mod_lua compat for Lua 5.1, 5.2, 5.3.

One last use of luaL_register() with a non-NULL

"name" argument remaining.

Not tested yet.