Ivan Zhakov [Tue, 30 Jul 2024 00:15:32 +0000 (00:15 +0000)]
Follow-up to r1919413: CMake: Use configure_file() instead of file(write)
to generate modules.c file because configure_file() doesn't change
timestamp of file if contents is the the same.
Joe Orton [Mon, 29 Jul 2024 08:40:42 +0000 (08:40 +0000)]
* modules/dav/fs/repos.c (dav_fs_get_resource): Return a 404 rather
than a 400 where r->path_info is not empty for a file; a valid but
unsatisfiable request to a path which cannot exist,
e.g. /dav/foo.txt/blah where /dav/foo.txt is not a directory.
mod_proxy: Allow for empty UDS URL hostname in ProxyPass workers too.
Using "unix:/udspath|scheme:" or "unix:/udspath|scheme://" for a ProxyPass URL
does not work currently, while it works for SetHandler "proxy:unix:...".
*) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs
in <Location> (incomplete fix in 2.4.62). PR 69160.
When SetHandler "unix:..." is used in a <Location "/path"> block, the path
gets appended (including $DOCUMENT_ROOT somehow) to r->filename hence the
current checks in fixup_uds_filename() to add "localhost" when missing don't
work. Fix them.
Joe Orton [Fri, 26 Jul 2024 09:14:40 +0000 (09:14 +0000)]
CI: Fix OpenSSL tarball download URLs after openssl.org site refresh
CI: Update to latest OpenSSL releases.
CI: Build OpenSSL with RPATH set so that the installed ./bin/openssl works
without LD_LIBRARY_PATH set.
Use LD_RUN_PATH during the httpd build to achieve the same with binaries
from the httpd build, but unset it after so that it doesn't affect running
e.g. php-fpm or perl later. Should fix warning from logs when php-fpm
is executed --
[26-Jul-2024 07:43:34] NOTICE: PHP message: PHP Warning: PHP Startup: Unable to load dynamic library 'curl.so' (tried: /usr/lib/php/20210902/curl.so (/lib/x86_64-linux-gnu/libcurl.so.4: undefined symbol: ENGINE_init, version OPENSSL_3.0.0), /usr/lib/php/20210902/curl.so.so (/usr/lib/php/20210902/curl.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
CI: Test that php-fpm works if available before testing.
CI: For paranoia/future debugging, log the OpenSSL version from compile-time
and run-time as reported by mod_ssl.
Ivan Zhakov [Sun, 21 Jul 2024 07:40:54 +0000 (07:40 +0000)]
CMake: Use TARGET_COMPILE_DEFINITIONS to set preprocessor definitions.
TARGET_COMPILE_DEFINITIONS correctly handle values with spaces, so
DEFINE_WITH_BLANKS() macro can be removed.
Ivan Zhakov [Sat, 20 Jul 2024 13:36:20 +0000 (13:36 +0000)]
* build/build-modules-c.awk: Add AP_DECLARE_DATA to ap_prelinked_modules,
ap_prelinked_modules_symbols and ap_preloaded_modules to match declaration
in ap_config.h. It doesn't change behavior because AP_DECLARE_DATA is
empty on non-Windows platform.
Ivan Zhakov [Sat, 20 Jul 2024 12:15:48 +0000 (12:15 +0000)]
* os/win32/modules.c: Include "ap_config.h" to match the file generated by
build/build-modules-c.awk. It doesn't change the behaviour because ap_config.h
is included by httpd.h.
mod_rewrite: Better question mark tracking to avoid UnsafeAllow3F. PR 69197.
Track in do_expand() whether a '?' in the uri-path comes from a literal in
the substitution string or from an expansion (variable, lookup, ...).
In the former case it's safe to assume that it's the query-string separator
but for the other case it's not (could be a decoded %3f from r->uri).
This allows to avoid [UnsafeAllow3F] for most cases.
Stefan Eissing [Wed, 10 Jul 2024 10:55:23 +0000 (10:55 +0000)]
sync test code with mod-h2
- shutdown server at end of h2 tests
- adapt minimum httpd versions for some tests
- add test_700_20 for load on blocked connections,
disabled for now until mpm_event improves
- build websocket client automatically
mod_proxy: Don't mangle r->filename when ap_proxy_canon_netloc() fails.
ap_proxy_canon_netloc() called from canon_handler hooks modifies its given
url in pace, hence &r->filename[6] passed from ap_proxy_canon_url().
This is not an issue if every canon_handler hook succeeds (or declines)
since r->filename is usually completely rewritten finally, but on failure
it gets truncated.
Avoid this by passing a copy of r->filename from the start, the proxy *url
and r->filename don't need to point to the same data.
* proxy/proxy_util.c(ap_proxy_canon_url):
Pass a copy of r->filename to the canon_handler hooks.
mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for
"balancer:" URLs set via SetHandler, also allowing for "unix:"
sockets with BalancerMember(s). PR 69168.
* modules/proxy/proxy_util.h, modules/proxy/proxy_util.c:
Move proxy_interpolate() from mod_proxy.c to ap_proxy_interpolate(),
exported locally only (non public).
Move proxy_fixup() from mod_proxy.c to ap_proxy_canon_url(), exported
locally only too (non public).
Rollback ap_proxy_fixup_uds_filename() to a local fixup_uds_filename()
usable from proxy_util.c only. The public function will be removed in
a following commit.
* modules/proxy/mod_proxy.h:
Note that ap_proxy_fixup_uds_filename() is deprecated.
* modules/proxy/mod_proxy.c:
Just use ap_proxy_canon_url() from proxy_fixup() and proxy_handler()
for SetHandler URLs.
* modules/proxy/mod_proxy_balancer.c:
Do not canonicalize the path from proxy_balancer_canon() anymore but
rather from balancer_fixup() where the balancer URL is rewritten to
the BalancerMember URL.
The hostname part of the URL is not mandated for UDS though the canon_handler
hooks will require it, so add "localhost" if it's missing (won't be used anyway
for an AF_UNIX socket).
This can trigger with SetHandler "unix:" URLs which are now also fixed up.
Since r1908537 BIO_set_callback_ex is used with OpenSSL >= 3.0 instead of
BIO_set_callback to set the BIO callback. The meaning of parameters and
their range of values in the callback function set by BIO_set_callback_ex
has changed compared to the callback function set by BIO_set_callback
although parameters kept their names. Accommodate for this and adjust the
code accordingly.
Furthermore limit the size of dumps to APR_UINT16_MAX bytes. Given the length
of SSL records of 16k this should not have practical implications.
Yann Ylavic [Tue, 25 Jun 2024 23:49:09 +0000 (23:49 +0000)]
mod_proxy: Fixup UDS filename for mod_proxy called through r->handler.
* modules/proxy/proxy_util.c:
Export ap_proxy_fixup_uds_filename() from fix_uds_filename.
Call it from ap_proxy_pre_request() even for rewritten balancer workers.
Yann Ylavic [Fri, 21 Jun 2024 15:38:47 +0000 (15:38 +0000)]
mpm_event: Follow up to r1918482: CONN_STATE_LINGER* are not the last anymore.
Since CONN_STATE_ASYNC_WAITIO, we cannot check for < or >= CONN_STATE_LINGER
anymore to determine if in an lingering close state, so let's add a new
CONN_STATE_IS_LINGERING_CLOSE() macro for this and use it in mpm_event.
The test for state == CONN_STATE_LINGER in process_lingering_close() is a
bit weak too in order to call ap_start_lingering_close() the first time only,
so have a conn_state->linger_started flag instead.
Yann Ylavic [Fri, 21 Jun 2024 09:48:12 +0000 (09:48 +0000)]
mpm_event,mod_http2,mod_status: Follow up to r1918257: CONN_STATE_ASYNC_WAITIO.
Per discussion on PR #449, have a separate state for returning the connection
to the MPM to wait for an IO (namely CONN_STATE_ASYNC_WAITIO), rather than
(ab)using CONN_STATE_PROCESSING.
This removes the need for AGAIN added in r1918257 (for now), and AP_MPMQ_CAN_AGAIN
is renamed to AP_MPMQ_CAN_WAITIO.
This is also the state that mod_status accounts for, so rename ->processing
to ->wait_io in process_score (shows as "wait-io" in mod_status and mod_lua).
Yann Ylavic [Tue, 18 Jun 2024 14:20:06 +0000 (14:20 +0000)]
mod_proxy: Keep connection alive on addressTTL expiry if the DNS didn't change.
* modules/proxy/proxy_util.c(address_cleanup):
Rename to conn_cleanup() since it also closes the socket, and run
socket_cleanup() first to avoid dangling conn->sock->remote_addr.
* modules/proxy/proxy_util.c(ap_proxy_determine_address):
Compare the new address with the old one and keep the socket alive
if it did not change.
Yann Ylavic [Tue, 11 Jun 2024 14:46:29 +0000 (14:46 +0000)]
mpm_event,mod_http2: Keep compatibility with CONN_STATE_PROCESSING + OK
Before r1918022, returning OK with CONN_STATE_PROCESSING to mpm_event was
handled like/by CONN_STATE_LINGER "to not break old or third-party modules
which might return OK w/o touching the state and expect lingering close,
like with worker or prefork MPMs".
So we need a new return code to be allowed to apply the new POLLIN/POLLOUT
behaviour for CONN_STATE_PROCESSING, thus revive AGAIN as introduced by
Graham some times ago for a nonblocking WIP (moved to a branch/PR since then).
MPM event will advertise its ability to handle CONN_STATE_PROCESSING + AGAIN
with AP_MPMQ_CAN_AGAIN, and mod_http2 can use that to know how to return to
the MPM as expected. When !AP_MPMQ_CAN_AGAIN modules/mod_http2 can still use
CONN_STATE_WRITE_COMPLETION + CONN_SENSE_WANT_READ + c->clogging_input_filters
which will work in mpm_even-2.4.x still.
* include/ap_mmn.h:
Bump MMN minor for AP_MPMQ_CAN_AGAIN and AGAIN.
* include/ap_mpm.h:
Define AP_MPMQ_CAN_AGAIN.
* include/httpd.h:
Define AGAIN.
* modules/http2/h2.h:
No need for H2_USE_STATE_PROCESSING anymore with AP_MPMQ_CAN_AGAIN.
* modules/http2/h2_c1.c:
For !keepalive case return to the MPM using CONN_STATE_PROCESSING + AGAIN
or CONN_STATE_WRITE_COMPLETION + c->clogging_input_filters depending on
AP_MPMQ_CAN_AGAIN only.
* modules/http2/h2_session.c:
Can return to the MPM for h2_send_flow_blocked() provided it's async only.
* server/mpm/event/event.c:
Rework process_socket()'s CONN_STATE_PROCESSING to handle AGAIN and preserve
compatibility. Have a lingering_close label to goto there faster when
process_lingering_close() is to be called. Improve relevant comments.
projects / thirdparty / apache / httpd.git / log
