Checkout Tools
  • last updated 2 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Merge r1865749 from trunk:

PR63688 balancer csrf problems

fix case-sensitive referer check

Submitted By: Armin Abfalterer

Reviewed by: covener, jim, jorton

PR: 63688

  1. … 1 more file in changeset.
Log change in the correct version
Updates for announcement of 2.4.41
  1. … 1 more file in changeset.
Post 2.4.41 tag updates
  1. … 3 more files in changeset.
Tweak text, credit Niels.

Merge of r1864693,1864695,1864703 from trunk;

*) mod_proxy: Improve XSRF/XSS protection. [Joe Orton]

  1. … 3 more files in changeset.
Merge r1709121 from trunk:

mod_session: Introduce SessionExpiryUpdateInterval which allows to

configure the session/cookie expiry's update interval. PR 57300.

Submitted by: Paul Spangler <paul.spangler ni.com>

Reviewed/Committed by: ylavic

  1. … 7 more files in changeset.
When did 80 char max line lengths go out of fashion?

Merged /httpd/httpd/trunk:r1864428 from trunk

*) mod_ssl: reverting a 2.4.40 change where a superfluous SSLCertificateChainFile configuration

  1. … 2 more files in changeset.
Merged /httpd/httpd/trunk:r1864435,1864438,1864450-1864451,1864464 from trunk:

*) modules/filters: PR 63633: Fix broken compilation when using old GCC (<4.2.x).

  1. … 5 more files in changeset.
Rearrange long mod_md CHANGES entry in an attempt

to give it a better structure. I hope I got it right.

Also dropped misleading reference to missing mod_ssl

backport.

Post 2.4.40 tag updates
  1. … 3 more files in changeset.
Merge of r1864192 from trunk:

*) core, rewrite: Set PCRE_DOTALL by default

  1. … 4 more files in changeset.
Merge of r1864191 from trunk:

*) core, proxy: remove request URL and headers from error docs

[Eric Covener]

  1. … 6 more files in changeset.
Merge of r1861338,1862475,1862583,1862865,1863221,1863276 from trunk:

*) mod_http2: core setting "LimitRequestFieldSize" is not additionally checked on

merged header fields, just as HTTP/1.1 does. [Stefan Eissing, Michael Kaufmann]

*) mod_http2: fixed a bug that prevented proper stream cleanup when connection

throttling was in place. Stream resets by clients on streams initiated by them

are counted as possible trigger for throttling. [Stefan Eissing]

*) mod_http2/mpm_event: Fixes the behaviour when a HTTP/2 connection has nothing

more to write with streams ongoing (flow control block). The timeout waiting

for the client to send WINODW_UPDATE was incorrectly KeepAliveTimeout and not

Timeout as it should be. Fixes PR 63534. [Yann Ylavic, Stefan Eissing]

  1. … 12 more files in changeset.
Add CHANGES for r1864005

(backport of r1856829 from trunk).

Add CHANGES for r1864000

(backport of r1853560 from trunk).

Merged /httpd/httpd/trunk:r1851621,1852128,1862075

*) mod_ssl/mod_md: reversing dependency by letting mod_ssl offer hooks for

adding certificates and keys to a virtual host. An additional hook allows

answering special TLS connections as used in ACME challenges.

Adding 2 new hooks for init/get of OCSP stapling status information when

other modules want to provide those. Falls back to own implementation with

same behaviour as before.

  1. … 6 more files in changeset.
mod_proxy_hcheck: mod_proxy_hcheck: mute "run from watchdog" message.

This is way too verbose (every 100ms) to be logged at any LogLevel.

Backport of r1853992 from trunk.

Proposed by: rjung

Backported by: rjung

Reviewed by: rjung, jailletc36, jim

  1. … 3 more files in changeset.
remove useless mail address for a comitter
Merge of r1847430,r1853302 from trunk:

*) core: Split out the ability to parse wildcard files and directories

from the Include/IncludeOptional directives into a generic set of

functions ap_dir_nofnmatch() and ap_dir_fnmatch().

  1. … 6 more files in changeset.
Merged /httpd/httpd/trunk:r1861448,1862013,1862041,1862052,1862785

*) mod_md: new features

- supports the ACMEv2 protocol

- new challenge method 'tls-alpn-01' implemented, needs mod_ssl patch to become available

- supports command configuration to setup/teardown 'dns-01' challenges

- supports wildcard certificates when dns challenges are configured

- ACMEv2 is the new default and will be used on the next certificate renewal,

unless another MDCertificateAuthority is configured

- challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer

- a domain exposes its status at https://<domain>/.httpd/certificate-status

- Managed Domains are now in Apache's 'server-status' page

- A new handler 'md-status' exposes verbose status information in JSON format

- new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a

Managed Domain that uses static files. Auto-renewal is turned off for those.

- new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and

'errored'. New 'MDWarnWindow' directive to configure when expiration warnings

shall be issued.

- ACMEv2 endpoints use the GET via empty POST way of accessing resources, see

announcement by Let's Encrypt:

https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380

  1. … 53 more files in changeset.
Merge r1491700, r1862200 from trunk:

According to comment in 'magic_rsl_add' and to the way 'magic_rsl_printf' manages its buffer, I think that this memory should be apr_pstrdup'ed.

This has been like that forever, but seems broken to me.

Untested.

* docs/conf/magic: Allow mod_mime_magic to return "audio/x-wav" for

WAV files, and omit returning "audio/unknown" for other RIFF

format files. Having a MIME type defined on a continuation line

*and* the preceding top-level match breaks mod_mime_magic, which

treats the second result "printed" as the MIME encoding. Neither

audio/x-wav nor audio/unknown are IANA registered, though Firefox

and Chrome both appear to recognize the former. Since the RIFF

format can contain non-audio media, returning audio/unknown as

a fallback for all RIFF files appears to be bogus anyway.

Submitted by: Àngel Ollé Blázquez <aollebla redhat.com>

Submitted by: jailletc36

Reviewed by: jorton, jim, icing

  1. … 3 more files in changeset.
*) mod_proxy_http2: fixing a potential NULL pointer use in logging.

[Christophe Jaillet <christophe.jaillet wanadoo.fr>, Dr Silvio Cesare InfoSect]

  1. … 3 more files in changeset.
* Fix flow
Merge r1842010, r1841225, r1862039, r1862040, r1862042 from trunk:

* dav_stream_response processes data that has been allocated from the propdb

pool. Hence close the propdb *after* dav_stream_response which clears thei

probdb pool.

* Doing a PROPFIND on a large collection e.g. 50.000 elements can easily

consume 1 GB of memory as the subrequests and propdb pools are not

destroyed and cleared after each element was handled.

Do this now. There is one case in dav_get_props where elem->priv

lives longer then the propdb pool. In this case allocate from r->pool.

Furthermore also recycle propdb's which allows to clear the propdb's

pools instead of destroying them and creating them again.

Simplify handling of short-lived pool for dav_propdb in mod_dav. No

functional change.

* modules/dav/main/props.c (dav_popen_propdb): Rename from

dav_open_propdb, take a pool argument.

(dav_open_propdb): Reimplement in terms of above, using

r->pool.

(dav_propfind_walker): Switch to using dav_open_propdb

with scratchpool.

* modules/dav/main/props.c (dav_do_prop_subreq): Allocate escaped URI

out of propdb pool, fixing small per-resource leak during a PROPFIND

walk.

Submitted by: jorton, rpluem

* modules/dav/main/mod_dav.c (dav_send_multistatus): Tag the pool.

Reviewed by: rpluem, jorton, jim

  1. … 6 more files in changeset.
Note that rotatelogs -D was added in 2.4.34.

PR: 46669

Merge of r1861337 from trunk:

mod_proxy_http2: adding support for handling trailers in both directions. PR 63502.

  1. … 4 more files in changeset.
Add a missing PR
Only describe functional/user-visible changes in CHANGES, svn

logs are sufficient for describing code cleanups.