Checkout
 

jkaluza in httpd

* mod_log_debug docs: Fix the IS_SUBREQ example

Propose r1720129
Propose r1720129
* mod_ssl: Free dhparams when getting DH params. This fixes issue when

SSLCryptoDevice does not get unregistered because of non-zero refcount

during the mod_ssl unload happening on httpd startup.

Propose r1711479.
Fix crash in ap_mpm_pod_check call caused by NULL dereference of its parameter

when starting httpd as single process (httpd -X).

Comment on mod_systemd in STATUS
Vote
mod_ssl: allow enabling of SSLProtocols even though they are disabled by OpenSSL

by default. Show warning in that case.

mod_remoteip: Use r->useragent_addr as the root trusted address for verifying.

This fixes issue resulting in setting of bad useragent_ip when internal

redirection has been generated as response to the request (typically as

result of "ErrorDocument 40x").

In this case, the original request has been handled by mod_remoteip and its

useragent_ip has been changed properly, but when internal redirection

to ErrorDocument has been generated later, the mod_remoteip's handler has been

executed again with *the same* c->client_addr as in the original request. If

c->client_addr IP is trusted, this results in bad useragent_ip being set.

When using r->useragent_addr as the root trusted address instead of

c->client_addr, the internal redirection uses the first non-trusted

IP in this particular case, so it won't change the r->useragent_ip during

the internal redirection to ErrorDocument.

* mod_auth_digest: Use anonymous shm by default, fall back on name-based.

Vote and propose.
* mod_journald: Remove JournaldCustomLog. It is not needed now when

mod_log_config can use mod_journald as errorlog provider.

* mod_journald: use -lsystemd instead of -lsystemd-journald when found

* mod_log_config: Allow using ErrorLog providers for CustomLog.

* mod_dav_fs: set default value of DavLockDB using installation layout

* mod_lua: fix compilation with lua-5.3 (r1668827)

* mod_lua: fix compilation with lua-5.3

* mod_proxy: Allow setting options to globally defined balancer from

ProxyPass used in VirtualHost. Balancers are now merged using the new

merge_balancers method which merges the balancers options.

* mod_access_compat, mod_authz_host: Handle '#' character.

For mod_access_compat, disable '#' in hostname completely.

For mod_authz_host, treat '#' as a comment and ignore everything after that.

This allows better handling of admin errors like

'Require host localhost# Add example.com later'.

* mod_ssl: fix small memory leak in ssl_init_server_certs when ECDH is used.

SSL_CTX_set_tmp_ecdh increases reference count, so we have to call EC_KEY_free,

otherwise eckey will not be freed.

* mod_cache: Preserve the Content-Type in case of 304 response.

304 does not contain Content-Type and mod_mime regenerates

the Content-Type based on the r->filename. This later leads to original

Content-Type to be lost (overwriten by whatever mod_mime generates).

Better documentation for RewriteMap MapTypeOptions (r1664565)

*) mod_rewrite: Add support for starting External Rewriting Programs

as non-root user on UNIX systems by specifying username and group name

as third argument of RewriteMap directive.

* mod_authn_dbd: apr_pstrdup dbd_password and dbd_hash to fix use-after-free

bug with postgresql

Propose ap_errorlog_provider and mod_journald.

Propose r1644031, comment on ScriptLog patch (r1626978).

* mod_proxy_fcgi: Follow up to r1640495. Ignore body data from backend

for 304 responses also when read with the header.

* ap_expr: Fix replace() func when length of "from" != length of "to".

Propose r1609680 and r1641381.