httpd

Checkout Tools
  • last updated 5 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1801066 is being indexed.

Bypass apr_table.set usage for now...

It's undocumented, afaict, and not really implemented

well at present

Merge r1800978 from trunk:

On the trunk:

mod_http2: Simplify ready queue, less memory and better performance. Update

mod_http2 version to 1.10.7.

Submitted by: icing

Reviewed by: icing, jim, ylavic

Vote, promote.
This is required for SSL as well.

vote on http2 backport

propose backport

On the trunk:

mod_http2: Simplify ready queue, less memory and better performance. Update

mod_http2 version to 1.10.7.

Progress indicator
Fix negotiation type parsing to be strict about "*", "*/*" and "type/*"

comparisons.

Submitted by: wrowe, Robert Święcki <robert swiecki.net>

Backports: r1800917

Reviewed by: wrowe, jchampion, ylavic

Correct string scope to prevent duplicated values for subsequent tokens.

Submitted by: wrowe

Backports: r1800919

Reviewed by: wrowe, jchampion, ylavic

Vote, promote.
Fix negotiation type parsing to be strict about "*", "*/*" and "type/*"

comparisons.

Submitted by: wrowe, Robert Święcki <robert swiecki.net>

Backports: r1800917

Reviewed by: wrowe, jim, jchampion

SECURITY: CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest.

The value placeholder in [Proxy-]Authorization headers type 'Digest' was not

initialized or reset before or between successive key=value assignments by

mod_auth_digest. Providing an initial key with no '=' assignment could reflect

the stale value of uninitialized pool memory used by the prior request, leading

to leakage of potentially confidential information, and a segfault.

Submitted by: wrowe

Backports: r1800919

Reviewed by: wrowe, jim, jchampion

Vote.
Vote/promote another.
mod_negotiation: add Accept variant tests

Also remove the duplicated config in the comments.

mod_lua: add apr_table compatibility test

We might back this out later, if we decide not to keep the

(undocumented) global variable.

Vote/promote one.
vote

Two more string parsing oddities for consideration
Correct string scope to prevent duplicated values for subsequent tokens.

Fix negotiation type parsing to be strict about "*", "*/*" and "type/*"

comparisons.

Submitted by: wrowe, Robert Święcki <robert swiecki.net>

mod_lua: add some tests for the header table functionality
Mark backported patch 1800173 in commit 1800215
Merge r1800788 from trunk:

Add mod_proxy_hcheck to generated httpd.spec file. PR 60506.

Submitted by: ylavic

Reviewed by: ylavic, rpluem, jim

promote

vote on rpm change

* Vote
Backported.

mod_lua: Improve compatibility with Lua 5.1, 5.2 and 5.3.

PR58188, PR60831, PR61245.

CTR

The following lua 5.2 and 5.3 compat change

should be checked for runtime correctness

by someone more knowledgeable about lua.

Index: modules/lua/lua_apr.c

--- modules/lua/lua_apr.c (original)

+++ modules/lua/lua_apr.c Tue Jul 4 20:48:43 2017

@@ -82,7 +82,11 @@ static const luaL_Reg lua_table_methods[

int ap_lua_init(lua_State *L, apr_pool_t *p)

{

luaL_newmetatable(L, "Apr.Table");

+#if LUA_VERSION_NUM < 502

luaL_register(L, "apr_table", lua_table_methods);

+#else

+ luaL_newlib(L, lua_table_methods);

+#endif

lua_pushstring(L, "__index");

lua_pushstring(L, "get");

lua_gettable(L, 2);