Joe Orton [Wed, 29 Jul 2020 14:16:14 +0000 (14:16 +0000)]
Merge r1879370, r1879757, r1879816, r1880404 from trunk:
Travis changes:
a) add job to check for empty APLOGNO() macros
b) don't install CPAN stuff if SKIP_TESTING is set
c) don't tail the error_log on test suite failure since it's almost
always irrelevant shutdown stuff and obscures the actual failures
d) use coloured grep output when showing segfaults to make them obvious in the
travis error_log output.
e.g. https://travis-ci.org/github/apache/httpd/jobs/703517978#L2537
Try removing the cached ~/perl5 to reset the broken worker
MPM test job.
Actually clear the cache for the worker MPM (missed in r1879757).
Eric Covener [Tue, 28 Jul 2020 12:37:48 +0000 (12:37 +0000)]
Merge r1878788 from trunk:
Try to fix once and for all, our "en" html file generation issues with different Java version.
Switch "en" doc files to UTF-8.
We should also change "en.xml" with:
<target-ext>.html.en.utf8</target-ext>
and run:
./build.sh bootstrap
./build.sh
to be consistent with other languages.
Before making a lot of noise, first give some time to see how this works in RL.
*) core: Drop an invalid Last-Modified header value coming
from a (F)CGI script instead of replacing it with Unix epoch.
Warn the users about Last-Modified header value replacements
and violations of the RFC.
trunk patch: http://svn.apache.org/r1748379
http://svn.apache.org/r1750747
http://svn.apache.org/r1750749
http://svn.apache.org/r1750953
http://svn.apache.org/r1751138
http://svn.apache.org/r1751139
http://svn.apache.org/r1751147
http://svn.apache.org/r1757818
http://svn.apache.org/r1879253
http://svn.apache.org/r1879348
2.4.x: trunk patches work, final view:
http://home.apache.org/~elukey/httpd-2.4.x-core-last_modified_tz_logging.patch
svn merge -c 1748379,1750747,1750749,1750953,1751138,1751139,1751139,1757818,1879253,r1879348 ^/httpd/httpd/trunk .
The code has been tested with a simple PHP script returning different Last-Modified
headers (GMT now, GMT now Europe/Paris, GMT tomorrow, GMT yesterday, PST now).
+1: elukey, jorton, jim
jorton: +1 though I'd say log at WARN or INFO for the APR_BAD_DATE case
rather than "silently" (at normal log-level) dropping the parsed header?
[also nit: wrapping a lone ap_log_rerror(,APLOG_X) call in
if (APLOGrX(..) is unnecessary/redundant]
Graham Leggett [Wed, 15 Jul 2020 14:59:43 +0000 (14:59 +0000)]
*) mod_http2: Fixes LimitRequestFields configuration handling to compensate for
browsers that send request headers as multiple ones to make best use of HTTP/2
compression.
Trunk version of patch:
http://svn.apache.org/r1879832
2.4.x:
svn merge -c 1879832 ^/httpd/httpd/trunk .
+1: icing, rpluem, minfrin
Graham Leggett [Wed, 15 Jul 2020 14:17:17 +0000 (14:17 +0000)]
*) mod_http2: Avoid segfaults in case of handling certain responses for
already aborted connections.
Trunk version of patch:
http://svn.apache.org/r1879544
http://svn.apache.org/r1879546
http://svn.apache.org/r1879547
Backport version for 2.4.x of patch:
https://github.com/apache/httpd/pull/132.diff
+1: rpluem, icing, minfrin
Graham Leggett [Wed, 8 Jul 2020 12:07:38 +0000 (12:07 +0000)]
*) mod_watchdog: Switch to simpler logic to avoid the thread cleanup running
before the thread has started, avoiding mutex operations with undefined
behaviour. [Christophe Jaillet]
Graham Leggett [Wed, 8 Jul 2020 11:53:48 +0000 (11:53 +0000)]
*) mod_http2: connection terminology renamed to master/secondary.
trunk patch: http://svn.apache.org/r1878926
http://svn.apache.org/r1879156
2.4.x patch: https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/h2-master-secondary.patch
+1: icing, ylavic, minfrin
ylavic: nitpicking, mixed "H2_secondary_IN" and "H2_secondary_OUT" case to
register the filters, but not for adding them. IIRC filters names
are case insentive so shouldn't matter, just popped at my eyes..
icing: updated patch and added r1879156 to fix the eye bleed.
jailletc36: CHANGES could also be looked at if it makes sense to update the terminology
also here
Graham Leggett [Wed, 8 Jul 2020 11:39:12 +0000 (11:39 +0000)]
*) core: Drop an invalid Last-Modified header value coming
from a (F)CGI script instead of replacing it with Unix epoch.
Warn the users about Last-Modified header value replacements
and violations of the RFC.
trunk patch: http://svn.apache.org/r1748379
http://svn.apache.org/r1750747
http://svn.apache.org/r1750749
http://svn.apache.org/r1750953
http://svn.apache.org/r1751138
http://svn.apache.org/r1751139
http://svn.apache.org/r1751147
http://svn.apache.org/r1757818
http://svn.apache.org/r1879253
http://svn.apache.org/r1879348
2.4.x: trunk patches work, final view:
http://home.apache.org/~elukey/httpd-2.4.x-core-last_modified_tz_logging.patch
svn merge -c 1748379,1750747,1750749,1750953,1751138,1751139,1751139,1757818,1879253,r1879348 ^/httpd/httpd/trunk .
The code has been tested with a simple PHP script returning different Last-Modified
headers (GMT now, GMT now Europe/Paris, GMT tomorrow, GMT yesterday, PST now).
+1: elukey, jorton, jim
jorton: +1 though I'd say log at WARN or INFO for the APR_BAD_DATE case
rather than "silently" (at normal log-level) dropping the parsed header?
[also nit: wrapping a lone ap_log_rerror(,APLOG_X) call in
if (APLOGrX(..) is unnecessary/redundant]
Joe Orton [Wed, 8 Jul 2020 07:41:44 +0000 (07:41 +0000)]
Clear cache for the worker job which appears to be in a bad state.
https://travis-ci.org/github/apache/httpd/jobs/705863962
[CTR under Travis exception]
Jim Jagielski [Tue, 7 Jul 2020 16:57:22 +0000 (16:57 +0000)]
Merge r1705539, r1877263, r1877291, r1879445 from trunk:
deduplicate the code handling the directory traversal for the
SSL[Proxy]CACertificatePath and SSLProxyMachineCertificatePath
directives
* modules/ssl/ssl_engine_init.c (ssl_add_version_components,
ssl_init_Module): Use temporary pool for variable lookup results
which don't need to live in pconf.
mod_ssl: Factor out code to read a BIO into a palloc'ed string:
* modules/ssl/ssl_util_ssl.c (modssl_bio_free_read): New function.
(asn1_string_convert): Use it here.
* modules/ssl/ssl_engine_vars.c: Use it throughout.
* modules/ssl/ssl_scache.c (ssl_scache_init): Use <16 character
cname argument for socache ->init() per the API constraint.
Jim Jagielski [Tue, 7 Jul 2020 16:56:32 +0000 (16:56 +0000)]
Merge r1864868 from trunk:
Fix a signed/unsigned comparison that can never match.
-1 is a valid length value (for socket, pipe and cgi buckets for example)
All path I've checked cast the -1 to (apr_size_t) in order for the comparison to work. So do it as well here.
This has been like that in trunk since r708144, about 11 years ago, so I assume that it is not really an issue.
Spotted by gcc 9.1 and -Wextra
Submitted by: jailletc36
Reviewed by: jailletc36, minfrin, jim
Graham Leggett [Sun, 5 Jul 2020 12:55:38 +0000 (12:55 +0000)]
*) Replace apr_psprintf with apr_pstrcat where the format strings only
contain %s to improve efficiency. Leave out error messages as they
are not on a crtical code path and error message become less readable
when taking out the format specifiers.
trunk patch: http://svn.apache.org/1862270
2.4.x patch: svn merge -c 1862270 ^/httpd/httpd/trunk .
+1: minfrin, rpluem, ylavic
Easy patches: synch 2.4.x and trunk
- core: Re-introduce check for sufficient PCRE version.
- core: Fix doc string for QualifyRedirectURL
- mod_proxy: really return an error message on invalid "flusher" value.
- mod_http2: Remove extra and un-needed ""
- mod_ldap: fix a (unlikely) memory leak
- ab: fix a typo
- suexec: Report error string after failure from setgid/initgroups or setuid
- mod_session_crypto: be less specific and don't echo passphrase
- mod_proxy_html: Fix proxy_html_conf.bufsz to have correct type, as
it is used with ap_set_int_slot.
- mod_md: update duplicated APLOGNOs.
Yann Ylavic [Fri, 26 Jun 2020 10:21:19 +0000 (10:21 +0000)]
Merge r1878280 from trunk:
mod_proxy_http: don't strip EOS when spooling request body to file.
To prevent stream_reqbody() from sending the FILE and FLUSH bucket in separate
brigades, and thus apr_file_setaside() to trigger if network congestion occurs
with the backend, restore the EOS in spool_reqbody_cl() which was stripped
when spooling the request body to a file.
Until APR r1878279 is released (and installed by users), apr_file_setaside()
on a temporary file (mktemp) will simply drop the file cleanup, leaking the
fd and inode..
Yann Ylavic [Fri, 26 Jun 2020 10:18:16 +0000 (10:18 +0000)]
Merge r1879179, r1879180 from trunk:
EVP_PKEY_up_ref(): fix ref count locking type for proxy EVP pkey
When enabling client authentication for proxy (SSLProxyMachineCertificateFile),
the client certificate callback function ssl_callback_proxy_cert uses another
reference count locking type then one that is used by the caller function when
trying to free the private key afterwards by using EVP_PKEY_free.
This can lead to a race-condition on pkey->references resulting in a double
free error.
On my system, the error occurs sporadically when threaded health checking
(mod_watchdog) forces two threads competing for the client's private key.
For example, see following two backtraces of a coredump where thread 1 and
thread 15 both run into CRYPTO_free(). Actually, the private key should never
be freed during run-time nor should two threads ever enter CRYPTO_free()
concurrently.
(gdb) t 1
[Switching to thread 1 (Thread 0xb2cfbb40 (LWP 16054))]
#0 0xf7f3f329 in __kernel_vsyscall ()
(gdb) bt
#0 0xf7f3f329 in __kernel_vsyscall ()
#1 0xf7cec9e7 in raise () from /lib32/libc.so.6
#2 0xf7cedfb9 in abort () from /lib32/libc.so.6
#3 0xf7d2a14d in ?? () from /lib32/libc.so.6
#4 0xf7d2fd27 in ?? () from /lib32/libc.so.6
#5 0xf7d3047d in ?? () from /lib32/libc.so.6
#6 0x08499c70 in CRYPTO_free (str=0x93376b0) at mem.c:434
#7 0x084cc063 in EVP_PKEY_free (x=0x93376b0) at p_lib.c:406
#8 0x08463917 in ssl3_send_client_certificate (s=0xad21f070) at s3_clnt.c:3475
#9 0x0845d62c in ssl3_connect (s=0xad21f070) at s3_clnt.c:426
#10 0x08484213 in SSL_connect (s=0xad21f070) at ssl_lib.c:1008
#11 0x0846f9c8 in ssl23_get_server_hello (s=0xad21f070) at s23_clnt.c:832
#12 0x0846ea45 in ssl23_connect (s=0xad21f070) at s23_clnt.c:231
#13 0x08484213 in SSL_connect (s=0xad21f070) at ssl_lib.c:1008
#14 0x08261e73 in ssl_io_filter_handshake (filter_ctx=0xb4d3f450) at ssl_engine_io.c:1245
#15 0x08263ba6 in ssl_io_filter_output (f=0xb4d3f480, bb=0xacc079a0) at ssl_engine_io.c:1760
#16 0x080ea2c9 in ap_pass_brigade (next=0xb4d3f480, bb=0xacc079a0) at util_filter.c:590
#17 0x08263b07 in ssl_io_filter_coalesce (f=0xb4d3f468, bb=0xacc079a0) at ssl_engine_io.c:1728
#18 0x080ea2c9 in ap_pass_brigade (next=0xb4d3f468, bb=0xacc079a0) at util_filter.c:590
#19 0x08251658 in hc_send (r=0xacc069b0, out=0x8c25ec8 "GET /hcheck HTTP/1.0\r\nHost: XXX\r\n\r\n", bb=0xacc079a0) at mod_proxy_hcheck.c:664
#20 0x08251eb3 in hc_check_http (baton=0xacc068d8) at mod_proxy_hcheck.c:806
#21 0x08252653 in hc_check (thread=0x8cc6b10, b=0xacc068d8) at mod_proxy_hcheck.c:870
#22 0x08383185 in thread_pool_func (t=0x8cc6b10, param=0x8c245e0) at misc/apr_thread_pool.c:266
#23 0x083baef6 in dummy_worker (opaque=0x8cc6b10) at threadproc/unix/thread.c:142
#24 0xf7ec615f in start_thread () from /lib32/libpthread.so.0
#25 0xf7da862e in clone () from /lib32/libc.so.6
(gdb) t 15
[Switching to thread 15 (Thread 0xb44feb40 (LWP 16049))]
#0 0xf7dd90a5 in _dl_addr () from /lib32/libc.so.6
(gdb) bt
#0 0xf7dd90a5 in _dl_addr () from /lib32/libc.so.6
#1 0xf7db610c in backtrace_symbols_fd () from /lib32/libc.so.6
#2 0xf7cd89ab in ?? () from /lib32/libc.so.6
#3 0xf7d2a148 in ?? () from /lib32/libc.so.6
#4 0xf7d2fd27 in ?? () from /lib32/libc.so.6
#5 0xf7d3047d in ?? () from /lib32/libc.so.6
#6 0x08499c70 in CRYPTO_free (str=0x93376b0) at mem.c:434
#7 0x084cc063 in EVP_PKEY_free (x=0x93376b0) at p_lib.c:406
#8 0x08463917 in ssl3_send_client_certificate (s=0xacf1baa0) at s3_clnt.c:3475
#9 0x0845d62c in ssl3_connect (s=0xacf1baa0) at s3_clnt.c:426
#10 0x08484213 in SSL_connect (s=0xacf1baa0) at ssl_lib.c:1008
#11 0x0846f9c8 in ssl23_get_server_hello (s=0xacf1baa0) at s23_clnt.c:832
#12 0x0846ea45 in ssl23_connect (s=0xacf1baa0) at s23_clnt.c:231
#13 0x08484213 in SSL_connect (s=0xacf1baa0) at ssl_lib.c:1008
#14 0x08261e73 in ssl_io_filter_handshake (filter_ctx=0xb4d37430) at ssl_engine_io.c:1245
#15 0x08263ba6 in ssl_io_filter_output (f=0xb4d37460, bb=0xad101588) at ssl_engine_io.c:1760
#16 0x080ea2c9 in ap_pass_brigade (next=0xb4d37460, bb=0xad101588) at util_filter.c:590
#17 0x08263b07 in ssl_io_filter_coalesce (f=0xb4d37448, bb=0xad101588) at ssl_engine_io.c:1728
#18 0x080ea2c9 in ap_pass_brigade (next=0xb4d37448, bb=0xad101588) at util_filter.c:590
#19 0x08251658 in hc_send (r=0xad100598, out=0x8c25898 "GET /hcheck HTTP/1.0\r\nHost: XXX\r\n\r\n", bb=0xad101588) at mod_proxy_hcheck.c:664
#20 0x08251eb3 in hc_check_http (baton=0xad1004c0) at mod_proxy_hcheck.c:806
#21 0x08252653 in hc_check (thread=0x8cc6ab0, b=0xad1004c0) at mod_proxy_hcheck.c:870
#22 0x08383185 in thread_pool_func (t=0x8cc6ab0, param=0x8c245e0) at misc/apr_thread_pool.c:266
#23 0x083baef6 in dummy_worker (opaque=0x8cc6ab0) at threadproc/unix/thread.c:142
#24 0xf7ec615f in start_thread () from /lib32/libpthread.so.0
#25 0xf7da862e in clone () from /lib32/libc.so.6
Joe Orton [Thu, 25 Jun 2020 13:21:17 +0000 (13:21 +0000)]
Merge r1878993, r1879103 from trunk:
For diagnosing weird non-x86 failures, dump /etc/hosts in future runs.
Add workaround for IPv6 configuration on non-x86 hosts which
appears to fix the connection failures. Almost certainly a bug
here, not at all sure where.
projects / thirdparty / apache / httpd.git / log
