Checkout Tools
  • last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1758672 is being indexed.

Merge r1710095, r1727544 from trunk:

core: Limit to ten the number of tolerated empty lines between request,

and consume them before the pipelining check to avoid possible response

delay when reading the next request without flushing.

Before this commit, the maximum number of empty lines was the same as

configured LimitRequestFields, defaulting to 100, which was way too much.

We now use a fixed/hard limit of 10 (DEFAULT_LIMIT_BLANK_LINES).

check_pipeline() is changed to check for (up to the limit) and comsume the

trailing [CR]LFs so that they won't be interpreted as pipelined requests,

otherwise we would block on the next read without flushing data, and hence

possibly delay pending response(s) until the next/real request comes in or

the keepalive timeout expires.

Finally, when the maximum number of empty line is reached in

read_request_line(), or that request line does not contains at least a method

and an (valid) URI, we can fail early and avoid some failure detected in

further processing.

* Ensure that proto_num and protocol is set in another "error out early" edge

case. This can happen with invalid CONNECT requests as described in the PR.

PR: 58929

Submitted by: ylavic, rpluem

Reviewed by: wrowe, covener, ylavic

  1. … 3 more files in changeset.
Merge r892678, r1100511, r1102124 from trunk:

Reject requests containing (invalid) NULL characters in request line

or request headers.

PR 43039

use APR_STATUS_IS_TIMEUP() instead of direct comparison with APR_TIMEUP.

Use APR_STATUS_IS_... in some more cases.

While this is not strictly necessary everywhere, it makes it much easier

to find the problematic cases.

Submitted by: niq, covener, sf

Reviewed by: wrowe, covener, ylavic

  1. … 3 more files in changeset.
Revert 1757391, sorry for the sloppy commit :-/
  1. … 4 more files in changeset.
Two more closely backports from 2.4.x for proper ErrorDocument behavior
  1. … 4 more files in changeset.
mod_mem_cache: Don't cache incomplete responses when the client

connection is aborted before the body is fully read. PR 45049.

Backports: n/a (2.2.x only)

Submitted by: Nick Pace <nick simplylogic.net>, Edward Lu, Yann Ylavic

Reviewed by: ylavic, wrowe, rpluem

  1. … 1 more file in changeset.
Merge r1753228 from trunk:

httpoxy workarounds, first draft patch as published for all 2.2.x+ sources

Submitted by: Dominic Scheirlinck <dominic vendhq.com>, ylavic

Reviewed by: wrowe, rpluem, ylavic

  1. … 4 more files in changeset.
mod_ssl: Free dhparams and ecparams reading certificates at startup.

This fixes issue when SSLCryptoDevice does not get unregistered because

of non-zero refcount during the mod_ssl unload happening on httpd startup.

Submitted by: jkaluza, ylavic

Reviewed by: wrowe, ylavic, jorton

  1. … 1 more file in changeset.
mod_mem_cache: Fix concurrent removal of stale entries which could lead

to a crash.

PR: 43724

Submitted by: ylavic

Reviewed by: covener, wrowe

  1. … 2 more files in changeset.
mod_proxy: Fix a race condition that caused a failed worker to be retried

before the retry period is over

Backports: r1664709, r1697323

Submitted by: rpluem

Reviewed by: wrowe, ylavic

  1. … 2 more files in changeset.
mime.types: Add common extension "m4a" for MPEG 4 Audio.

As a reference see Wikipedia:

https://en.wikipedia.org/wiki/MPEG-4_Part_14#.MP4_versus_.M4A

Submitted by: Dylan Millikin <dylan.millikin gmail.com>

PR: 57895

Backports: r1723567

Reviewed by: rjung, wrowe, ylavic

  1. … 3 more files in changeset.
mod_proxy: don't recyle backend announced "Connection: close" connections

to avoid reusing it should the close be effective after some new request

is ready to be sent.

Backports: r1678763, r1703807, r1703813, r1678763

Submitted by: ylavic

Reviewed by: rpluem, wrowe

  1. … 2 more files in changeset.
mod_substitute: Allow to configure the patterns merge order with the new

SubstituteInheritBefore on|off directive (with default in 2.2 of 'off)

Backports: r1684900, r1687539, r1687680, r1688331, r1688339, r1688340, r1688343,

r1697013, r1697015

PR: 57641

Submitted by:

[Marc.Stern <Marc.Stern approach.be>, Yann Ylavic, William Rowe]

  1. … 4 more files in changeset.
abs: Include OPENSSL_Applink when compiling on Windows, to resolve

failures under Visual Studio 2015 and other mismatched MSVCRT flavors.

PR: 59630

Submitted by: Jan Ehrhardt <phpdev ehrhardt.nl>

  1. … 2 more files in changeset.
Note that 2.2.1, 2.2.28 were not released.

* Fix a regression with 2.2.31 that caused inherited workers to

use a different scoreboard slot then the original one.

This has no trunk revision since this a 2.2.x issue only and trunk

code is different.

PR: 58267

Reviewed by: rpluem, jkaluza, ylavic

  1. … 5 more files in changeset.
And we are at .32-dev
  1. … 3 more files in changeset.
Approve and commit symbols export, with simplified CHANGES
  1. … 3 more files in changeset.
On to 2.2.31-dev
  1. … 3 more files in changeset.
Add CHANGES entry for r1678698.
Merge r1688274 from trunk.

http: Fix LimitRequestBody checks when there is no more bytes to read.

Submitted by: Michael Kaufmann <mail michael-kaufmann.ch>

Committed by: ylavic

Reviewed by: ylavic, mrumph, wrowe

  1. … 3 more files in changeset.
Merge r1685345, r1685347, r1685349 and r1685350 from trunk.

core: Allow spaces after chunk-size for compatibility with implementations

using a pre-filled buffer.

Submitted by: ylavic, trawick

Reviewed by: ylavic, wrowe, minfrin

  1. … 3 more files in changeset.
SECURITY: CVE-2015-3183 (cve.mitre.org)

core: Fix chunk header parsing defect.

Remove apr_brigade_flatten(), buffering and duplicated code from

the HTTP_IN filter, parse chunks in a single pass with zero copy.

Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext

authorized characters.

Submitted by: minfrin, ylavic

Reviewed by: ylavic, wrowe, minfrin

Reported by: regilero <regis.leroy makina-corpus.com>

Backports: 1484852, 1684513

  1. … 2 more files in changeset.
Add PR to CHANGES entry.
Merge r1585090 from trunk:

Bring SNI behavior into better conformance with RFC 6066:

- no longer send a warning-level unrecognized_name(112) alert

when no matching vhost is found (PR 56241)

<not backported to 2.2.x>

- at startup, only issue warnings about IP/port conflicts and name-based

SSL vhosts when running with an OpenSSL without TLS extension support

(almost 5 years after SNI was added to 2.2.x, the

"[...] only work for clients with TLS server name indication support"

warning feels obsolete)

</not backported to 2.2.x>

Proposed by: kbrand

Reviewed by: ylavic, jorton, wrowe

  1. … 3 more files in changeset.
core, modules: Avoid error response/document handling by the core if some

handler or input filter already did it while reading the request (causing

a double response body).

Submitted by: ylavic

Backports: r1482522 (partial, ap_map_http_request_error() things only!),

r1529988, r1529991, r1643537, r1643543, r1657897, r1665625,

r1665721, r1674056

Reviewed by: ylavic, wrowe, covener

  1. … 20 more files in changeset.
Merge r1551685, r1652929 from trunk.

r1551685 | trawick | 2013-12-17 21:25:54 +0100 (Tue, 17 Dec 2013) | 5 lines

FreeBSD: Disable IPv4-mapped listening sockets by default for versions

5+ instead of just for FreeBSD 5.

PR: 53824

r1652929 | ylavic | 2015-01-19 09:06:56 +0100 (Mon, 19 Jan 2015) | 4 lines

Fix --enable-v4-mapped configuration on *BSD. PR 53824.

Submitted by: olli hauer <ohauer gmx.de>

Committed by: ylavic

Reviewed by: ylavic, trawick, rjung

Backported by: ylavic

  1. … 3 more files in changeset.
Merged r979120 from trunk.

r979120 | rjung | 2010-07-25 23:08:15 +0200 (Sun, 25 Jul 2010) | 26 lines

Adding sub second timestamps and request end time to mod_log_config.

Add special format tokens to %{...}t. The extended syntax allows the

form: "WHICH:WHAT".

WHICH is either:

- "begin": use the time when the request started

- "end": take "now" as the time

You can omit WHICH, default is "begin".

If you omit WHICH, the separating column is not allowed.

WHAT is either:

- "sec": timestamp in Unix seconds

- "msec": timestamp in Unix milliseconds

- "msec_frac": millisecond fraction of the Unix timestamp,

3 digits, 0-padded

- "usec": timestamp in Unix microseconds

- "usec_frac": microsecond fraction of the Unix timestamp

6 digits, 0-padded

- anything different from those tokens: use strftime()

You can omit WHAT, default is the formatted timestamp as

used by the Common Log Format.

The implementation uses a new request_config for mod_log_config

to pass the request end time around between different calls to

log formatters, but the end time is only generated if needed.

Reviewed by: rjung, wrowe, ylavic

Backported by: ylavic

  1. … 4 more files in changeset.
Merge r1665215, r1665218 from trunk.

r1665215 | ylavic | 2015-03-09 13:45:56 +0100 (Mon, 09 Mar 2015) | 8 lines

mod_proxy: use the original (non absolute) form of the request-line's URI

for requests embedded in CONNECT payloads used to connect SSL backends via

a ProxyRemote forward-proxy. PR 55892.

Submitted by: Hendrik Harms <hendrik.harms gmail com>

Reviewed by: wrowe, ylavic

Committed by: ylavic

r1665218 | ylavic | 2015-03-09 13:54:38 +0100 (Mon, 09 Mar 2015) | 1 line

mod_proxy: follow up to r1665215: CHANGES entry.

Reviewed by: ylavic, wrowe, rjung

Backported by: ylavic

  1. … 3 more files in changeset.
mod_log_config: Backport get_request_end_time().

This makes data consistent if a log format uses

multiple %{...}T and/or %D.

The end time of a request is only taken once and

the same time is used for each log field.

Backport of r979120 (partial) plus r1467765 from trunk

resp. r979120 (partial) plus r1467981 from 2.4.x.

Committed By: rjung

Reviewed By: rjung, trawick, wrowe

Backported By: rjung

  1. … 2 more files in changeset.
mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for

internationalization.

Backports: 1611165,1611169

Reviewed by: wrowe, gsmith

  1. … 3 more files in changeset.