httpd

Checkout Tools
  • last updated 8 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1801085 is being indexed.

Tag HEAD of 2.4.x as 2.4.27
Get ready to tag 2.4.27

make COMPATIBILITY entries explicit

more meat re: lua compatibility "break"

CHANGES: note mod_lua compatibility break
mod_lua: revert apr_table compatibility test

Don't keep the code if we're not keeping apr_table; it's just cruft.

make easier to uncomment out

Bypass apr_table.set usage for now...

It's undocumented, afaict, and not really implemented

well at present

Merge r1800978 from trunk:

On the trunk:

mod_http2: Simplify ready queue, less memory and better performance. Update

mod_http2 version to 1.10.7.

Submitted by: icing

Reviewed by: icing, jim, ylavic

Vote, promote.
This is required for SSL as well.

vote on http2 backport

propose backport

On the trunk:

mod_http2: Simplify ready queue, less memory and better performance. Update

mod_http2 version to 1.10.7.

Progress indicator
Fix negotiation type parsing to be strict about "*", "*/*" and "type/*"

comparisons.

Submitted by: wrowe, Robert Święcki <robert swiecki.net>

Backports: r1800917

Reviewed by: wrowe, jchampion, ylavic

Correct string scope to prevent duplicated values for subsequent tokens.

Submitted by: wrowe

Backports: r1800919

Reviewed by: wrowe, jchampion, ylavic

Vote, promote.
Fix negotiation type parsing to be strict about "*", "*/*" and "type/*"

comparisons.

Submitted by: wrowe, Robert Święcki <robert swiecki.net>

Backports: r1800917

Reviewed by: wrowe, jim, jchampion

SECURITY: CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest.

The value placeholder in [Proxy-]Authorization headers type 'Digest' was not

initialized or reset before or between successive key=value assignments by

mod_auth_digest. Providing an initial key with no '=' assignment could reflect

the stale value of uninitialized pool memory used by the prior request, leading

to leakage of potentially confidential information, and a segfault.

Submitted by: wrowe

Backports: r1800919

Reviewed by: wrowe, jim, jchampion

Vote.
Vote/promote another.
mod_negotiation: add Accept variant tests

Also remove the duplicated config in the comments.

mod_lua: add apr_table compatibility test

We might back this out later, if we decide not to keep the

(undocumented) global variable.

Vote/promote one.
vote

Two more string parsing oddities for consideration
Correct string scope to prevent duplicated values for subsequent tokens.

Fix negotiation type parsing to be strict about "*", "*/*" and "type/*"

comparisons.

Submitted by: wrowe, Robert Święcki <robert swiecki.net>

mod_lua: add some tests for the header table functionality