httpd

Checkout Tools
  • last updated 7 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1876884 is being indexed.

and promote

votes

Porpose. [skip ci]

r1876870 isn't under CTR.

So undo for now.

Will add to STATUS.

Revert r1876869 because on trunk server/listen.c

also has a dependency on libsystemd.

Thanks to jorton for pointing it out.

systemd dependencies are only needed by mod_systemd.

They should currently not be needed by httpd directly

or any other binary. So no need to add them to

HTTPD_LIBS.

Should be CTR (build system).

Backport of r1876869 from trunk.

systemd dependencies are only needed by mod_systemd.

They should currently not be needed by httpd directly

or any other binary. So no need to add them to

HTTPD_LIBS.

Add optional options= argument to Listen to add listener-specific

socket options.

Reimplement "use_specific_errors" listener flag under generic

ap_listen_rec flags field holding all listener-specific options.

* include/ap_listen.h: Add AP_LISTEN_* flags.

(ap_listen_rec): Rename use_specific_errors to flags.

* server/listen.c (make_sock): Set APR_SO_FREEBIND if

AP_LISTEN_FREEBIND flag is set on listener; set APR_SO_REUSEPORT

unconditionally if AP_LISTEN_REUSEPORT is set.

(alloc_listener): Take flags argument.

(ap_setup_listeners): Set AP_LISTEN_SPECIFIC_ERRORS flag here.

(ap_set_listener): Parse optional options=... argument, catch

typos and fail if protocol name contains a "=".

(ap_duplicate_listeners): Duplicate flags.

Submitted by: jkaluza, Lubos Uhliarik <luhliari redhat.com>, jorton

PR: 61865

Github: closes #114

config: allow for environment variable substitution fallback to default value.

Make ap_resolve_env() handle the ${VAR?=default value} syntax, and update docs.

* modules/filters/mod_proxy_html.c: Fix proxy_html_conf.bufsz

to have correct type, as it is used with ap_set_int_slot.

sort safe_env_lst

bz 65371

be less specific and don't echo passphrase
* modules/ssl/ssl_engine_io.c (ssl_io_filter_coalesce): Update comment only. [skip ci]

core: follow up to r1876664: allow ErrorDocument to read body when applicable

Unless ap_read_request() failed to read the request line or header, or

Transfer-Encoding is invalid, we can still provide the request body to custom

error handlers (ErrorDocument) that ask it (e.g. internal redirects to CGI).

So this commit splits early failure path (previously die_early label) in two,

die_unusable_input and die_before_hooks, where the latter preserves input

filters (including HTTP_IN).

Also, the code to apply the connection timeout and r->per_dir_config from the

server is now in a new apply_server_config() helper since it's used multiple

times. Note that apr_socket_timeout_set() is a noop if the new timeout is the

same as the one already in place, so there is no need to cache the old timeout

nor use apr_socket_timeout_get(). Likewise, r->server is initially set to

c->base_server so apply_server_config() is overall a noop when no change is

needed.

r1876779 follow-up.

strcmp returns 0 if strings match, i.e. TLS/1.0 is found.

ap_find_token returns 1 if TLS/1.0 is found.

So the test has to be reversed to keep the same behavior

Fix the way we are looking for "TLS/1.0" tokens.

ap_find_token() is more robust than expecting the token to be the first one in the 'Upgrade' header field.

(see modules/ssl/ssl_engine_kernel.c#284)

Put post-release security entries underneath

2.4.43 instead of 2.4.44.

* support/suexec.c (main): Report error string after failure from

setgid/initgroups or setuid.

* support/suexec.c (safe_strtol): New function.

(main): Use ^ to be avoid using atoi(); try to catch more string to

integer and integer to uid/gid conversion errors/surprises.

PR: 33207

mod_ssl: axe useless X509_free (NULL arg).
fr doc rebuild.

fr doc XML files updates.

gdbinit: print bucket fd when available.
gdbinit: more address colomn space for 64bit.
mod_watchdog: use a single "wd_running" pool in wd_worker() thread.

Clear the pool where appropriate instead of multiple create/destroy.

core, h2: common ap_parse_request_line() and ap_check_request_header() code.

Extract parsing/validation code from read_request_line() and ap_read_request()

into ap_parse_request_line() and ap_check_request_header() helpers such that

mod_http2 can validate its HTTP/1 request with the same/configured policy.

vote and propose [skip ci]

core, h2: send EOR for early HTTP request failure.

The core output filters depend on EOR being sent at some point for correct

accounting of setaside limits and lifetime.

Rework ap_read_request() early failure (including in post_read_request() hooks)

so that it always sends the EOR after ap_die().

Apply the same scheme in h2_request_create_rec() which is the HTTP/2 to HTTP/1

counterpart.

* Vote [skip ci]

vote mod_http2 PR64330