Checkout Tools
  • last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Fix an issue on Windows where <IfFile> looks for a file on a non-existent drive (on a USB key that is not plugged for example)

Issue repported by Heather Lotz <knot22 hotmail.com>

  1. … 1 more file in changeset.
After reinstatement of DSO support in APR/APR-util, revert r1837437,

r1837435, r1834553, r1833598, r1833452, r1833383, r1833368.

Undoes the following:

mod_ssl: OpenSSL now initializes fully through APR, use that.

mod_ssl: build with LibreSSL.

LibreSSL seems to be openssl-1.1 API compatible only in version 2.8 (master).

So use that for MODSSL_USE_OPENSSL_PRE_1_1_API instead of 2.7, the two 2.7

compatibility-exceptions are handled explicitely but overall it's simpler.

Regarding CRYPTO_malloc_init vs OPENSSL_malloc_init, libreSSL uses none, the

former used to be a no-op but depends is LIBRESSL_INTERNAL in latest versions,

while the latter has never been (and will never be) defined. So don't call any

with LibreSSL.

Follow up to r1833368: share openssl between modules.

Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto

can use the same crypto library (e.g. openssl), use the new APR crypto loading

API so that they can work together and initialize/terminate the lib either once

for all or on demand and reusable by the others.

Follow up to r1833368: apr_crypto_prng_after_fork() now used a PID.

Make use of the new apr_crypto_rng API if available.

  1. … 5 more files in changeset.
Fix a compilation error when GPROF is defined.
Fix use of StateDir directive after r1852982:

* server/core.c (reset_config): Rename from reset_config_defines;

tie core_state_dir to pconf lifetime in this cleanup.

(core_pre_config): Adjust accordingly.

* modules/md/mod_md_config.c (md_config_post_config): Pick up base_dir

from statedir in post-config phase so StateDir can influence it.

* modules/dav/fs/mod_dav_fs.c (dav_fs_create_server_config): Don't

init lockdb_path here. (dav_fs_post_config): New function; set

lockdb_path based on configured statedir.

  1. … 2 more files in changeset.
Merge consecutive slashes in the URL by default

opt-out w/ `MergeSlashes OFF`.

  1. … 7 more files in changeset.
* server/core.c (core_pre_config): Reset state dir during pre_config.

core: Fix incorrect substitution of env vars in directives containing multiple env vars.

In ap_resolve_env(), the string returned from getenv() should be copied since

the returned string may be statically allocated.

This fixes an issue where the value for the last env var is substituted for all

env vars in a directive containing multiple env vars.

  1. … 1 more file in changeset.
Define "state directory" for storing persistent child-writable state,

with default from config.layout, configurable via DefaultStateDir.

* server/core.c (set_state_dir, ap_state_dir_relative):

New functions.

* config.layout, acinclude.m4, Makefile.in, configure.in: Define

statedir variables, drop davlockdb.

* include/ap_config_layout.h.in: Define DEFAULT_REL_STATEDIR,

DEFAULT_EXP_STATEDIR in place of _DAVLOCKDB.

* include/ap_mmn.h: Bump MMN minor.

  1. … 7 more files in changeset.
core: always allocate filters (ap_filter_t) on f->c->pool.

When filters are allocated on f->r->pool, they may be destroyed any time

underneath themselves which makes it hard for them to be passed the EOR and

forward it (*f can't be dereferenced anymore when the EOR is destroyed, thus

before request filters return).

On the util_filter side, it also makes it impossible to flush pending request

filters when they have set aside the EOR, since f->bb can't be accessed after

it's passed to the f->next.

So we always use f->c->pool to allocate filters and pending brigades, and to

avoid leaks with keepalive requests (long living connections handling multiple

requests), filters and brigades are recycled with a cleanup on f->r->pool.

Recycling is done (generically) with a spare data ring (void pointers), and a

filter(s) context struct is associated with the conn_rec to maintain the rings

by connection, that is:

struct ap_filter_conn_ctx {

struct ap_filter_ring *pending_input_filters;

struct ap_filter_ring *pending_output_filters;

struct ap_filter_spare_ring *spare_containers,

*spare_brigades,

*spare_filters,

*spare_flushes;

int flushing;

};

MMN major bumped (again).

  1. … 7 more files in changeset.
Add StrictHostCheck

.. to allow ucnonfigured hostnames to be rejected.

The checks happen during NVH mapping and checks that the

mapped VH itself has the host as a name or alias.

  1. … 6 more files in changeset.
core: set ap_request_core_filter() last.

Since it may retain data and should run after other "request" filters, use

the last possible position for a "request" filter: AP_FTYPE_CONNECTION - 1.

core: axe data_in_in/output_filter from conn_rec.

They were superseded by ap_filter_should_yield() and ap_run_in/output_pending()

in r1706669 and had poor semantics since then (we can't maintain pending

semantics both by filter and for the whole connection).

Register ap_filter_input_pending() as the default input_pending hook (which

seems to have been forgotten in the first place).

On the MPM event side, we don't need to flush pending output data when the

connection has just been processed, ap_filter_should_yield() is lightweight and

enough to determine whether we should really enter write completion state or go

straight to reading. ap_run_output_pending() is used only when write completion

is in place and needs to be completed before more processing.

  1. … 6 more files in changeset.
core: Add ReadBufferSize, FlushMaxThreshold and FlushMaxPipelined directives.

ReadBufferSize allows to configure the size of read buffers, for now it's

mainly used for file buckets reads (apr_bucket_file_set_buf_size), but it could

be used to replace AP_IOBUFSIZE in multiple places.

FlushMaxThreshold and FlushMaxPipelined allow to configure the hardcoded

THRESHOLD_MAX_BUFFER and MAX_REQUESTS_IN_PIPELINE from "util_filter.c".

The former sets the maximum size above which pending data are forcibly flushed

to the network (blocking eventually), and the latter sets the number of

pipelined/pending responses above which they are flushed regardless of whether

a pipelined request is immediately available (zero disables pipelining).

Larger ReadBufferSize and FlushMaxThreshold can trade memory consumption for

performances with the capacity of today's networks.

  1. … 3 more files in changeset.
util_filter: Axe conn_rec->empty brigade.

Since it's internal util_filter use, we shouldn't expose it in conn_rec and

can replace it with a pooled brigade provided by ap_reuse_brigade_from_pool().

  1. … 3 more files in changeset.
util_filter: keep filters with aside buckets in order.

Read or write of filter's pending data must happen in the same order as the

filter chain, thus we can't use an apr_hash_t to maintain the pending filters

since it provides no garantee on this matter.

Instead use an APR_RING maintained in c->pending_filters, and since both the

name (was c->filters) and the type changed, MAJOR is bumped (trunk only code

anyway so far).

  1. … 4 more files in changeset.
Follow up to r1833368: apr_crypto_prng_after_fork() changed its args.

Once again :p

Follow up to r1833368: share openssl between modules.

Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto

can use the same crypto library (e.g. openssl), use the new APR crypto loading

API so that they can work together and initialize/terminate the lib either once

for all or on demand and reusable by the others.

  1. … 3 more files in changeset.
Follow up to r1833368: fix "mixed declarations and code" warning (buildbot).

Follow up to r1833368: apr_crypto_prng_after_fork() now used a PID.
Make use of the new apr_crypto_rng API if available.

core: Create a conn_config_t structure to hold an extendable core config rather

than consuming the whole pointer with the connection socket.

  1. … 5 more files in changeset.
regex: Allow to configure global/default options for regexes.

Like caseless matching or extended format, which may be useful as default

behaviour the whole configuration.

  1. … 3 more files in changeset.
Follow up to r1740928: including NOT_IN_PROXY in NOT_IN_DIR_LOC_FILE is both

incomplete and not backportable, fix it by introducing NOT_IN_DIR_CONTEXT and

restoring NOT_IN_DIR_LOC_FILE to its previous value.

Per ap_check_cmd_context(), NOT_IN_DIR_LOC_FILE actually/really means "not in

any directory context", while the definition itself does not include all the

existing directory contexts (e.g. <Limit>, or <Proxy> before r1740928).

This is a bit of a misnomer, at least, so instead of (ab)using it by adding the

missing contexts (in an incompatible way), let's define NOT_IN_DIR_CONTEXT to

really exclude all directory context (i.e. NOT_IN_DIR_LOC_FILE + NOT_IN_LIMIT +

NOT_IN_PROXY) and use it wherever NOT_IN_DIR_LOC_FILE was used.

This is by itself a major MMN bump (modules not compiled with this commit and

having directives checked against NOT_IN_DIR_LOC_FILE won't be caught the same

way by NOT_IN_DIR_CONTEXT in the new ap_check_cmd_context() code), but with the

below change, 2.4.x should work as before:

- if ((forbidden & NOT_IN_DIR_CONTEXT) == NOT_IN_DIR_CONTEXT) {

+ if ((forbidden & NOT_IN_DIR_LOC_FILE) == NOT_IN_DIR_LOC_FILE) {

if (cmd->path != NULL) {

return apr_pstrcat(cmd->pool, cmd->cmd->name, gt,

- " cannot occur within directory context", NULL);

+ " cannot occur within <Directory/Location/Files/Proxy> "

+ "section", NULL);

}

...

}

  1. … 7 more files in changeset.
core: Disallow Methods' registration at run time (.htaccess), they may be

used only if registered at init time (httpd.conf).

Calling ap_method_register() in children processes is not the right scope

since it won't be shared for all requests.

  1. … 1 more file in changeset.
Be explicit and safe (const) with the strings stored in ap_server_config_defines.

Follow up to r1713043.

allow quoted paths in <IfFile>

The boilerplate code for config sections conflicts with TAKE1

because of the trailing stuff to terminate the opening tag.

Change from TAKE1 to RAW_ARGS and call ap_getword_conf()

directly.

  1. … 1 more file in changeset.
On the trunk:

core: avoid socket timeout settings etc. on slave connections.

print r->uri during failure

in a subrequest, r->the_request will be the one from r->main,

and it's not what we're checking above.

* server/config.c, include/http_config.h (ap_build_cont_config,

ap_soak_end_container): Constify directive arguments - existing

callers pass string literals.

* server/core.c (start_cond_section): Remove casts needed for above.

  1. … 2 more files in changeset.
* server/core.c (start_cond_section): Comment & variable name fixes,

no functional change.