jorton in httpd

* modules/mappers/mod_rewrite.c: Enhance trace-level logging to log

line numbers accurately for C99 compilers, and remove odd/awkward

double-parentheses using the rewritelog() macro. For non-C99

compilers do_rewritelog() will now be defined - but as a noop - if

REWRITELOG_DISABLED is defined at compile time.

No functional change at runtime apart from the line numbers being


Proposed mod_ssl PKCS#11 cert/key support.


Merge r1865749 from trunk:

PR63688 balancer csrf problems

fix case-sensitive referer check

Submitted By: Armin Abfalterer

Reviewed by: covener, jim, jorton

PR: 63688

Regressions -

Predicted: 1

Delivered: 1

10/10 would buy again.

Remove a stray fixme.

Update mergeinfo, r1296428 was merged to 2.4.x in r1298453

Merge r1846254 from trunk (under "documentation" RTC exception):

* support/htpasswd.c (usage): Fix bcrypt round maximum.

* docs/manual/programs/htpasswd.xml: Document that bcrypt rounds are

capped at 17.

PR: 62078

Update mergeinfo for mod_proxy backports in r1864787.

Tweak text, credit Niels.

When did 80 char max line lengths go out of fashion?

proxy-balancer XSRF/XSS fixes.

* modules/proxy/mod_proxy_balancer.c (balancer_display_page):

Add more HTML-escaping.

Submitted by: Niels Heinen <heinenn>

Bump next-number after r1864695.

* modules/proxy/mod_proxy_balancer.c (balancer_handler): Check Referer

to improve on protection against balancer-manager XSRF attacks

provided by the nonce.

* modules/proxy/proxy_util.c (ap_proxy_share_balancer): Create the

nonce as a pseudo-UUID using the PRNG.


1*stalled, 1*proposed.

Bump next-number after r1864526.
* modules/metadata/mod_remoteip.c (remoteip_process_v2_header,

remoteip_input_filter): Add sanity checks.

Submitted by: jorton, Daniel McCarney <cpu>

Add r1864464 and reset vote.

* modules/filters/mod_proxy_html.c, modules/filters/mod_xml2enc.c:

Fix gcc 9 warnings in code attempting to reduce gcc warnings.

(should have used expat...)

mod_xml2enc.c:26:28: warning: "/*" within comment [-Wcomment]

26 | /* libxml2 includes unicode/*.h files which uses C++ comments */


mod_proxy_html.c:32:28: warning: "/*" within comment [-Wcomment]

32 | /* libxml2 includes unicode/*.h files which uses C++ comments */


mod_cgid: Continuation of r1862968, experimental fd passing support.

Split out CGI bucket implementation from mod_cgi and use in both

mod_cgi and mod_cgid, bringing stderr handling in mod_cgid up to par

with mod_cgi. (There is a lot of code which has been copied between

mod_cgi{,d} so there's scope for further reduction of source

duplication between the modules using this header)

* modules/generators/cgi_common.h: Copied from mod_cgi.c, removed

everything but the CGI bucket implementation with only one change:

(struct cgi_bucket_data, cgi_bucket_create, cgi_bucket_read): Take a

timeout on bucket creation, store and use on reads.

* modules/generators/mod_cgi.c [APR_FILES_AS_SOCKETS]: Include


(cgi_handler): Pass configured timeout to CGI bucket.

* modules/generators/mod_cgid.c: Include cgi_common.h.

(log_script_err): Copy from mod_cgi.c.

(log_script): Use log_script_err.

(send_req): Take fd for stderr.

(cgid_child_errfn): Handle fd-passing case by writing error

to stderr for client to pass through ap_log_rerror.

(cgid_handler): Create pipe for stderr, pass write-end to

server via send_req, use read-end to create CGI bucket. Handle

stderr output in failure paths.

PR: 54221

    • ?
Add experimental support for fd passing in mod_cgid. Attaches CGI

script stderr to the error log specific to the vhost, by passing the

appropriate fd over the AF_UNIX socket from the request handling

thread to the cgid server process.

* modules/generators/config5.m4: Add --enable-cgid-fdpassing.

* modules/generators/mod_cgid.c (sock_readhdr): New function, also

returns auxiliary control data (the stderr fd) if available.

(sock_write): Take optional aux fd argument, send it as control

data. (send_req, get_req): Adjust accordingly to pass/receive the

stderr fd.

(cgid_server): Use passed fd if available, limit the lifetime.

PR: 60692

Merge r1857859 from trunk:

Fix a compilation error when GPROF is defined.

Submitted by: jailletc36

Reviewed by: jfclere, icing, jim

1 done, 1 paused, 1 vote.

Merge r1858565 from trunk:

* modules/cache/mod_socache_shmcb.c (socache_shmcb_init): Describe

error better for anon shm failure case, fixing gcc 9 warning on

passing NULL for '%s'.

Reviewed by: jorton, icing, jim

* include/ssl/mod_ssl.h: Include apr_tables.h and use apr_array_header_t