Checkout Tools
  • last updated 7 hours ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 1777401 is being indexed.

Merge r1542549 from 2.4.x:

Potential rejection of valid MaxMemFree and ThreadStackSize directives

trunk patch:

Submitted by: Mike Rumph <mike.rumph>

Reviewed by: trawick, covener, sf

  1. … 2 more files in changeset.
I really just did that on my test-merge branch??? fueque... reverting r1775787
  1. … 13 more files in changeset.
Resigning my first attempt to get patches through the 2.2.x process, and

revoking my ratification of a list of patches (e.g. -1 as had been applied,

including my own submissions - I will revert in any case, where misordered.)

Proposing that we start with the same branch model as used on 2.4.x to get

through too many many-year-old patches to idly browse through; replay these

in mostly-sequential order, and bring 2.2.x up to 2.4.x in the affected areas

of code, and finally this proposal suggests the same merge as was applied to

2.4.25 GA release, modulo all our new crazy APLOGNO fun.

There is not much to see here, other than to compare rev no's of what had

been applied/proposed reverts to the list of patches on the 2.2.x merge

branch... the interesting data is on that merge branch. But extensive testing

against the resulting code is critical to our hope of offering a last 2.2.x

release to close that chapter. TIA to each and everyone who assists!

  1. … 13 more files in changeset.
Merge r1710095, r1727544 from trunk:

core: Limit to ten the number of tolerated empty lines between request,

and consume them before the pipelining check to avoid possible response

delay when reading the next request without flushing.

Before this commit, the maximum number of empty lines was the same as

configured LimitRequestFields, defaulting to 100, which was way too much.

We now use a fixed/hard limit of 10 (DEFAULT_LIMIT_BLANK_LINES).

check_pipeline() is changed to check for (up to the limit) and comsume the

trailing [CR]LFs so that they won't be interpreted as pipelined requests,

otherwise we would block on the next read without flushing data, and hence

possibly delay pending response(s) until the next/real request comes in or

the keepalive timeout expires.

Finally, when the maximum number of empty line is reached in

read_request_line(), or that request line does not contains at least a method

and an (valid) URI, we can fail early and avoid some failure detected in

further processing.

* Ensure that proto_num and protocol is set in another "error out early" edge

case. This can happen with invalid CONNECT requests as described in the PR.

PR: 58929

Submitted by: ylavic, rpluem

Reviewed by: wrowe, covener, ylavic

  1. … 3 more files in changeset.
Merge r892678, r1100511, r1102124 from trunk:

Reject requests containing (invalid) NULL characters in request line

or request headers.

PR 43039

use APR_STATUS_IS_TIMEUP() instead of direct comparison with APR_TIMEUP.

Use APR_STATUS_IS_... in some more cases.

While this is not strictly necessary everywhere, it makes it much easier

to find the problematic cases.

Submitted by: niq, covener, sf

Reviewed by: wrowe, covener, ylavic

  1. … 3 more files in changeset.
Revert 1757391, sorry for the sloppy commit :-/
  1. … 4 more files in changeset.
Two more closely backports from 2.4.x for proper ErrorDocument behavior
  1. … 4 more files in changeset.
mod_mem_cache: Don't cache incomplete responses when the client

connection is aborted before the body is fully read. PR 45049.

Backports: n/a (2.2.x only)

Submitted by: Nick Pace <nick>, Edward Lu, Yann Ylavic

Reviewed by: ylavic, wrowe, rpluem

  1. … 1 more file in changeset.
Merge r1753228 from trunk:

httpoxy workarounds, first draft patch as published for all 2.2.x+ sources

Submitted by: Dominic Scheirlinck <dominic>, ylavic

Reviewed by: wrowe, rpluem, ylavic

  1. … 4 more files in changeset.
mod_ssl: Free dhparams and ecparams reading certificates at startup.

This fixes issue when SSLCryptoDevice does not get unregistered because

of non-zero refcount during the mod_ssl unload happening on httpd startup.

Submitted by: jkaluza, ylavic

Reviewed by: wrowe, ylavic, jorton

  1. … 1 more file in changeset.
mod_mem_cache: Fix concurrent removal of stale entries which could lead

to a crash.

PR: 43724

Submitted by: ylavic

Reviewed by: covener, wrowe

  1. … 2 more files in changeset.
mod_proxy: Fix a race condition that caused a failed worker to be retried

before the retry period is over

Backports: r1664709, r1697323

Submitted by: rpluem

Reviewed by: wrowe, ylavic

  1. … 2 more files in changeset.
mime.types: Add common extension "m4a" for MPEG 4 Audio.

As a reference see Wikipedia:

Submitted by: Dylan Millikin <dylan.millikin>

PR: 57895

Backports: r1723567

Reviewed by: rjung, wrowe, ylavic

  1. … 3 more files in changeset.
mod_proxy: don't recyle backend announced "Connection: close" connections

to avoid reusing it should the close be effective after some new request

is ready to be sent.

Backports: r1678763, r1703807, r1703813, r1678763

Submitted by: ylavic

Reviewed by: rpluem, wrowe

  1. … 2 more files in changeset.
mod_substitute: Allow to configure the patterns merge order with the new

SubstituteInheritBefore on|off directive (with default in 2.2 of 'off)

Backports: r1684900, r1687539, r1687680, r1688331, r1688339, r1688340, r1688343,

r1697013, r1697015

PR: 57641

Submitted by:

[Marc.Stern <Marc.Stern>, Yann Ylavic, William Rowe]

  1. … 4 more files in changeset.
abs: Include OPENSSL_Applink when compiling on Windows, to resolve

failures under Visual Studio 2015 and other mismatched MSVCRT flavors.

PR: 59630

Submitted by: Jan Ehrhardt <phpdev>

  1. … 2 more files in changeset.
Note that 2.2.1, 2.2.28 were not released.

* Fix a regression with 2.2.31 that caused inherited workers to

use a different scoreboard slot then the original one.

This has no trunk revision since this a 2.2.x issue only and trunk

code is different.

PR: 58267

Reviewed by: rpluem, jkaluza, ylavic

  1. … 5 more files in changeset.
And we are at .32-dev
  1. … 3 more files in changeset.
Approve and commit symbols export, with simplified CHANGES
  1. … 3 more files in changeset.
On to 2.2.31-dev
  1. … 3 more files in changeset.
Add CHANGES entry for r1678698.
Merge r1688274 from trunk.

http: Fix LimitRequestBody checks when there is no more bytes to read.

Submitted by: Michael Kaufmann <mail>

Committed by: ylavic

Reviewed by: ylavic, mrumph, wrowe

  1. … 3 more files in changeset.
Merge r1685345, r1685347, r1685349 and r1685350 from trunk.

core: Allow spaces after chunk-size for compatibility with implementations

using a pre-filled buffer.

Submitted by: ylavic, trawick

Reviewed by: ylavic, wrowe, minfrin

  1. … 3 more files in changeset.
SECURITY: CVE-2015-3183 (

core: Fix chunk header parsing defect.

Remove apr_brigade_flatten(), buffering and duplicated code from

the HTTP_IN filter, parse chunks in a single pass with zero copy.

Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext

authorized characters.

Submitted by: minfrin, ylavic

Reviewed by: ylavic, wrowe, minfrin

Reported by: regilero <regis.leroy>

Backports: 1484852, 1684513

  1. … 2 more files in changeset.
Add PR to CHANGES entry.
Merge r1585090 from trunk:

Bring SNI behavior into better conformance with RFC 6066:

- no longer send a warning-level unrecognized_name(112) alert

when no matching vhost is found (PR 56241)

<not backported to 2.2.x>

- at startup, only issue warnings about IP/port conflicts and name-based

SSL vhosts when running with an OpenSSL without TLS extension support

(almost 5 years after SNI was added to 2.2.x, the

"[...] only work for clients with TLS server name indication support"

warning feels obsolete)

</not backported to 2.2.x>

Proposed by: kbrand

Reviewed by: ylavic, jorton, wrowe

  1. … 3 more files in changeset.
core, modules: Avoid error response/document handling by the core if some

handler or input filter already did it while reading the request (causing

a double response body).

Submitted by: ylavic

Backports: r1482522 (partial, ap_map_http_request_error() things only!),

r1529988, r1529991, r1643537, r1643543, r1657897, r1665625,

r1665721, r1674056

Reviewed by: ylavic, wrowe, covener

  1. … 20 more files in changeset.
Merge r1551685, r1652929 from trunk.

r1551685 | trawick | 2013-12-17 21:25:54 +0100 (Tue, 17 Dec 2013) | 5 lines

FreeBSD: Disable IPv4-mapped listening sockets by default for versions

5+ instead of just for FreeBSD 5.

PR: 53824

r1652929 | ylavic | 2015-01-19 09:06:56 +0100 (Mon, 19 Jan 2015) | 4 lines

Fix --enable-v4-mapped configuration on *BSD. PR 53824.

Submitted by: olli hauer <ohauer>

Committed by: ylavic

Reviewed by: ylavic, trawick, rjung

Backported by: ylavic

  1. … 3 more files in changeset.
Merged r979120 from trunk.

r979120 | rjung | 2010-07-25 23:08:15 +0200 (Sun, 25 Jul 2010) | 26 lines

Adding sub second timestamps and request end time to mod_log_config.

Add special format tokens to %{...}t. The extended syntax allows the

form: "WHICH:WHAT".

WHICH is either:

- "begin": use the time when the request started

- "end": take "now" as the time

You can omit WHICH, default is "begin".

If you omit WHICH, the separating column is not allowed.

WHAT is either:

- "sec": timestamp in Unix seconds

- "msec": timestamp in Unix milliseconds

- "msec_frac": millisecond fraction of the Unix timestamp,

3 digits, 0-padded

- "usec": timestamp in Unix microseconds

- "usec_frac": microsecond fraction of the Unix timestamp

6 digits, 0-padded

- anything different from those tokens: use strftime()

You can omit WHAT, default is the formatted timestamp as

used by the Common Log Format.

The implementation uses a new request_config for mod_log_config

to pass the request end time around between different calls to

log formatters, but the end time is only generated if needed.

Reviewed by: rjung, wrowe, ylavic

Backported by: ylavic

  1. … 4 more files in changeset.