Checkout Tools
  • last updated 6 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Merge of r1861338,1862475,1862583,1862865,1863221,1863276 from trunk:

*) mod_http2: core setting "LimitRequestFieldSize" is not additionally checked on

merged header fields, just as HTTP/1.1 does. [Stefan Eissing, Michael Kaufmann]

*) mod_http2: fixed a bug that prevented proper stream cleanup when connection

throttling was in place. Stream resets by clients on streams initiated by them

are counted as possible trigger for throttling. [Stefan Eissing]

*) mod_http2/mpm_event: Fixes the behaviour when a HTTP/2 connection has nothing

more to write with streams ongoing (flow control block). The timeout waiting

for the client to send WINODW_UPDATE was incorrectly KeepAliveTimeout and not

Timeout as it should be. Fixes PR 63534. [Yann Ylavic, Stefan Eissing]

  1. … 12 more files in changeset.
Merge of 1849296,1852038,1852101,1852339,1853171,1853967,1854365,1854963,1854964,1855295,1855411 from trunk:

*) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is

in play, the proper HTTP/2 stream reset did not trigger with H2_ERR_HTTP_1_1_REQUIRED.

Fixed. [Michael Kaufmann]

*) mod_http2: new configuration directive: `H2Padding numbits` to control

padding of HTTP/2 payload frames. 'numbits' is a number from 0-8,

controlling the range of padding bytes added to a frame. The actual number

added is chosen randomly per frame. This applies to HEADERS, DATA and PUSH_PROMISE

frames equally. The default continues to be 0, e.g. no padding. [Stefan Eissing]

*) mod_http2: ripping out all the h2_req_engine internal features now that mod_proxy_http2

has no more need for it. Optional functions are still declared but no longer implemented.

While previous mod_proxy_http2 will work with this, it is recommeneded to run the matching

versions of both modules. [Stefan Eissing]

*) mod_proxy_http2: changed mod_proxy_http2 implementation and fixed several bugs which

resolve PR63170. The proxy module does now a single h2 request on the (reused)

connection and returns. [Stefan Eissing]

*) mod_http2/mod_proxy_http2: proxy_http2 checks correct master connection aborted status

to trigger immediate shutdown of backend connections. This is now always signalled

by mod_http2 when the the session is being released.

proxy_http2 now only sends a PING frame to the backend when there is not already one

in flight. [Stefan Eissing]

*) mod_proxy_http2: fixed an issue where a proxy_http2 handler entered an infinite

loop when encountering certain errors on the backend connection.

See <https://bz.apache.org/bugzilla/show_bug.cgi?id=63170>. [Stefan Eissing]

*) mod_http2: Configuration directives H2Push and H2Upgrade can now be specified per

Location/Directory, e.g. disabling PUSH for a specific set of resources. [Stefan Eissing]

*) mod_http2: HEAD requests to some module such as mod_cgid caused the stream to

terminate improperly and cause a HTTP/2 PROTOCOL_ERROR.

Fixes <https://github.com/icing/mod_h2/issues/167>. [Michael Kaufmann]

  1. … 34 more files in changeset.
Merge r1852038, r1852101 from trunk:

mod_http2: enable re-use of slave connections again.

mod_http2: fixed slave connection keepalives counter.

Submitted by: icing

Reviewed by: icing, ylavic, jim

  1. … 5 more files in changeset.
Merge r1835118 from trunk:

On the trunk:

* silencing gcc uninitialized warning

* refrainning from apr_table_addn() use since pool debug assumptions are in conflict

* adding more assertions

* copy-porting changes to base64 encoding code from mod_md

Submitted by: icing

Reviewed by: icing, minfrin, jim

  1. … 8 more files in changeset.
Merge r1826687, r1827166, r1828210, r1828232, r1828687 from trunk:

Instrument 'bbout'

mod_http2: use proper ARP defined for formatting apr_off_t

On the trunk:

mod_http2: on level trace2, log any unsuccessful HTTP/2 direct connection upgrade

with base64 encoding to unify its appearance in possible bug reports.

On the trunk:

* mod_http2: calculate unencrypted connection sniffing base64 only when log level is at required height. [Ruediger Pluem]

On the trunk:

mod_http2: accurate reporting of h2 data input/output per request via mod_logio. Fixes

an issue where output sizes where counted n-times on reused slave connections. See

gituhub issue: https://github.com/icing/mod_h2/issues/158

Submitted by: jailletc36, icing, icing, icing, icing

Reviewed by: icing, jim, ylavic

  1. … 17 more files in changeset.
On the 2.4.x branch:

Merged /httpd/httpd/trunk:r1821371,1822502-1822503,1822624

  1. … 54 more files in changeset.
docco fix... correct license/copyright info

  1. … 24 more files in changeset.
On the 2.4.x branch:

Merge of r1813767 from trunk.

mod_http2: avoid unnecessary data retrieval for a trace log. Allow certain

information retrievals on null bucket beams where it makes sense.

  1. … 4 more files in changeset.
Merge r1804096, r1807238, r1809981, r1810088, r1810089 from trunk:

bumping version, removing some unused code, fixes in base64url from mod_md

On the trunk:

*) mod_http2: DoS flow control protection is less agressive as long as active tasks stay

below worker capacity. Intended to fix problems with media streaming.

On the trunk:

mod_http2: v0.10.12, removed optimization for mutex handling in bucket beams that could lead to assertion failure in edge cases.

reverting r1807238 bc not addressing the issue https://github.com/icing/mod_h2/issues/120

mod_http2: non-dev 1.10.12 for backport

Submitted by: icing

Reviewed by: icing, steffenal, ylavic

  1. … 11 more files in changeset.
Merge r1800978 from trunk:

On the trunk:

mod_http2: Simplify ready queue, less memory and better performance. Update

mod_http2 version to 1.10.7.

Submitted by: icing

Reviewed by: icing, jim, ylavic

  1. … 8 more files in changeset.
SECURITY: CVE-2017-9789: Read after free in mod_http2.

When under stress, closing many connections, the HTTP/2

handling code would sometimes access memory after it has

been freed, resulting in potentially erratic behaviour.

Merge r1800689 from trunk:

Disable and give warning when mpm_prefork is encountered.

The server will continue to work, but HTTP/2 will no longer be negotiated.

Submitted by: icing

Reviewed by: icing, ylavic, jim

  1. … 13 more files in changeset.
On the 2.4.x branch:

Merged /httpd/httpd/trunk:r1797745

mod_http2: Fix for possible CPU busy loop introduced in v1.10.3 where a stream may keep

the session in continuous check for state changes that never happen.

  1. … 5 more files in changeset.
On the 2.4.x branch:

Merged /httpd/httpd/trunk:r1791790,1792195

  1. … 8 more files in changeset.
On the 2.4.x branch:

Merged /httpd/httpd/trunk:r1790850,1790855,1791377,1791388,1791669,1791773

  1. … 14 more files in changeset.
On the 2.4.x branch:

Merged /httpd/httpd/trunk:r1789740,1790102,1790113,1790284,1790754,1790826-1790827,1790842

  1. … 20 more files in changeset.
On the 2.4.x branch:

Merged /httpd/httpd/trunk:r1786715,1787051,1787141,1787604,1788672,1788981,1789221,1789224,1789276,1789279,1789395,1789520,1789535,1789692

  1. … 31 more files in changeset.
On the 2.4.x branch:

Merged /httpd/httpd/trunk:r1784571,1785672,1785683,1786512,1786575-1786576

mod_http2/mod_proxy_http2 backport

  1. … 17 more files in changeset.
On the 2.4.x branch:

Merged /httpd/httpd/trunk:r1784002,1784366,1784372

  1. … 8 more files in changeset.
On the 2.4.x branch:

merge of r1783683,1783693,1783756,1783759-1783760,1783762,1783912,1783996 from trunk

  1. … 8 more files in changeset.
On the 2.4.x branch:

merge of r1780598,1781304,1782875,1782944,1782958,1782975 from trunk

  1. … 22 more files in changeset.
On the 2.4.x branch: merge r1778630,1779459,1779525,1779528,1779738 from trunk

*) mod_http2: rework of stream resource cleanup to avoid a crash in a close

of a lingering connection. Prohibit special file bucket beaming for

shared buckets. Files sent in stream output now use the stream pool

as read buffer, reducing memory footprint of connections.

[Yann Ylavic, Stefan Eissing]

  1. … 19 more files in changeset.
On the 2.4.x branch: merge of r1701609-1705681 from trunk.

*) mod_http2: streaming of request output now reacts timely to data

from other streams becoming available. Same for new incoming requests.

  1. … 12 more files in changeset.
On the 2.4.x branch:

Merge r1775813 from trunk:

Fix mod_h2/github issue #126: correct lifetime of data sent on temp pools

* modules/http2/h2_bucket_beam.c

- ignore send pools that are sub-pools of the existing one

- added h2_beam_send_from() to allow explicit registering of the

correct pool for the sending

* modules/http2/h2_bucket_beam.h

- add prototype for h2_beam_send_from()

* modules/http2/h2_mplx.c

- adding logging of output beam state

* modules/http2/h2_stream.c

- register stream pool for sending data on input beam

* modules/http2/h2_task.c

- register task pool on output beam on creation

- adding trace logging

* modules/http2/h2_proxy_session.c

- fixing a type in a comment while we're at it

  1. … 7 more files in changeset.
Merge of r771160,1772576 from trunk:

SECURITY: CVE-2016-8740

mod_http2: properly crafted, endless HTTP/2 CONTINUATION frames could be used to exhaust all server's memory.

Reported by: Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State University

mod_http2: wseaking cleanup assertion on streams that have never been scheduled

  1. … 5 more files in changeset.
Merge of r1767936,1768160,1769192,1769550 from trunk:

mod_http2: new directive 'H2PushResource' to enable early pushes before

processing of the main request starts. Resources are announced to the

client in Link headers on a 103 early hint response.

All responses with status code <400 are inspected for Link header and

trigger pushes accordingly. 304 still does prevent pushes.

'H2PushResource' can mark resources as 'critical' which gives them higher

priority than the main resource. This leads to preferred scheduling for

processing and, when content is available, will send it first. 'critical'

is also recognized on Link headers.

mod_proxy_http2: uris in Link headers are now mapped back to a suitable

local url when available. Relative uris with an absolute path are mapped

as well. This makes reverse proxy mapping available for resources

announced in this header.

With 103 interim responses being forwarded to the main client connection,

this effectively allows early pushing of resources by a reverse proxied

backend server.

adding support for newly proposed 103 status code.

  1. … 22 more files in changeset.
Merge of r1767803 from trunk.

mod_http2: fix for beam double cleanup crashes introduced in 1.7.7

  1. … 5 more files in changeset.
Merge of r1766857,1767128,1767180,1767181,1767553 from trunk

mod_http2/mod_proxy_http2 improvments as in CHANGES

  1. … 22 more files in changeset.
Merge of r1765328,1766424,1766691,1766851 from trunk:

mod_http2: v1.7.7, connection shutdown revisited, AP_DEBUG_ASSERT transformed to real asserts

  1. … 21 more files in changeset.
Merge of r1766308 from trunk:

mod_http2: fixed potential crash in beam memory handling introduced in 1.7.x changes

  1. … 11 more files in changeset.
Merge of r1764236 from trunk:

mod_proxy_http2: renaming duplicate symbol clash between h2_proxy_util and h2_util externals

  1. … 17 more files in changeset.