Eric Covener [Tue, 28 Jul 2020 12:37:48 +0000 (12:37 +0000)]
Merge r1878788 from trunk:
Try to fix once and for all, our "en" html file generation issues with different Java version.
Switch "en" doc files to UTF-8.
We should also change "en.xml" with:
<target-ext>.html.en.utf8</target-ext>
and run:
./build.sh bootstrap
./build.sh
to be consistent with other languages.
Before making a lot of noise, first give some time to see how this works in RL.
*) core: Drop an invalid Last-Modified header value coming
from a (F)CGI script instead of replacing it with Unix epoch.
Warn the users about Last-Modified header value replacements
and violations of the RFC.
trunk patch: http://svn.apache.org/r1748379
http://svn.apache.org/r1750747
http://svn.apache.org/r1750749
http://svn.apache.org/r1750953
http://svn.apache.org/r1751138
http://svn.apache.org/r1751139
http://svn.apache.org/r1751147
http://svn.apache.org/r1757818
http://svn.apache.org/r1879253
http://svn.apache.org/r1879348
2.4.x: trunk patches work, final view:
http://home.apache.org/~elukey/httpd-2.4.x-core-last_modified_tz_logging.patch
svn merge -c 1748379,1750747,1750749,1750953,1751138,1751139,1751139,1757818,1879253,r1879348 ^/httpd/httpd/trunk .
The code has been tested with a simple PHP script returning different Last-Modified
headers (GMT now, GMT now Europe/Paris, GMT tomorrow, GMT yesterday, PST now).
+1: elukey, jorton, jim
jorton: +1 though I'd say log at WARN or INFO for the APR_BAD_DATE case
rather than "silently" (at normal log-level) dropping the parsed header?
[also nit: wrapping a lone ap_log_rerror(,APLOG_X) call in
if (APLOGrX(..) is unnecessary/redundant]
Graham Leggett [Wed, 15 Jul 2020 14:59:43 +0000 (14:59 +0000)]
*) mod_http2: Fixes LimitRequestFields configuration handling to compensate for
browsers that send request headers as multiple ones to make best use of HTTP/2
compression.
Trunk version of patch:
http://svn.apache.org/r1879832
2.4.x:
svn merge -c 1879832 ^/httpd/httpd/trunk .
+1: icing, rpluem, minfrin
Graham Leggett [Wed, 15 Jul 2020 14:17:17 +0000 (14:17 +0000)]
*) mod_http2: Avoid segfaults in case of handling certain responses for
already aborted connections.
Trunk version of patch:
http://svn.apache.org/r1879544
http://svn.apache.org/r1879546
http://svn.apache.org/r1879547
Backport version for 2.4.x of patch:
https://github.com/apache/httpd/pull/132.diff
+1: rpluem, icing, minfrin
Graham Leggett [Wed, 8 Jul 2020 12:07:38 +0000 (12:07 +0000)]
*) mod_watchdog: Switch to simpler logic to avoid the thread cleanup running
before the thread has started, avoiding mutex operations with undefined
behaviour. [Christophe Jaillet]
Graham Leggett [Wed, 8 Jul 2020 11:53:48 +0000 (11:53 +0000)]
*) mod_http2: connection terminology renamed to master/secondary.
trunk patch: http://svn.apache.org/r1878926
http://svn.apache.org/r1879156
2.4.x patch: https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/h2-master-secondary.patch
+1: icing, ylavic, minfrin
ylavic: nitpicking, mixed "H2_secondary_IN" and "H2_secondary_OUT" case to
register the filters, but not for adding them. IIRC filters names
are case insentive so shouldn't matter, just popped at my eyes..
icing: updated patch and added r1879156 to fix the eye bleed.
jailletc36: CHANGES could also be looked at if it makes sense to update the terminology
also here
Graham Leggett [Wed, 8 Jul 2020 11:39:12 +0000 (11:39 +0000)]
*) core: Drop an invalid Last-Modified header value coming
from a (F)CGI script instead of replacing it with Unix epoch.
Warn the users about Last-Modified header value replacements
and violations of the RFC.
trunk patch: http://svn.apache.org/r1748379
http://svn.apache.org/r1750747
http://svn.apache.org/r1750749
http://svn.apache.org/r1750953
http://svn.apache.org/r1751138
http://svn.apache.org/r1751139
http://svn.apache.org/r1751147
http://svn.apache.org/r1757818
http://svn.apache.org/r1879253
http://svn.apache.org/r1879348
2.4.x: trunk patches work, final view:
http://home.apache.org/~elukey/httpd-2.4.x-core-last_modified_tz_logging.patch
svn merge -c 1748379,1750747,1750749,1750953,1751138,1751139,1751139,1757818,1879253,r1879348 ^/httpd/httpd/trunk .
The code has been tested with a simple PHP script returning different Last-Modified
headers (GMT now, GMT now Europe/Paris, GMT tomorrow, GMT yesterday, PST now).
+1: elukey, jorton, jim
jorton: +1 though I'd say log at WARN or INFO for the APR_BAD_DATE case
rather than "silently" (at normal log-level) dropping the parsed header?
[also nit: wrapping a lone ap_log_rerror(,APLOG_X) call in
if (APLOGrX(..) is unnecessary/redundant]
Joe Orton [Wed, 8 Jul 2020 07:41:44 +0000 (07:41 +0000)]
Clear cache for the worker job which appears to be in a bad state.
https://travis-ci.org/github/apache/httpd/jobs/705863962
[CTR under Travis exception]
Jim Jagielski [Tue, 7 Jul 2020 16:57:22 +0000 (16:57 +0000)]
Merge r1705539, r1877263, r1877291, r1879445 from trunk:
deduplicate the code handling the directory traversal for the
SSL[Proxy]CACertificatePath and SSLProxyMachineCertificatePath
directives
* modules/ssl/ssl_engine_init.c (ssl_add_version_components,
ssl_init_Module): Use temporary pool for variable lookup results
which don't need to live in pconf.
mod_ssl: Factor out code to read a BIO into a palloc'ed string:
* modules/ssl/ssl_util_ssl.c (modssl_bio_free_read): New function.
(asn1_string_convert): Use it here.
* modules/ssl/ssl_engine_vars.c: Use it throughout.
* modules/ssl/ssl_scache.c (ssl_scache_init): Use <16 character
cname argument for socache ->init() per the API constraint.
Jim Jagielski [Tue, 7 Jul 2020 16:56:32 +0000 (16:56 +0000)]
Merge r1864868 from trunk:
Fix a signed/unsigned comparison that can never match.
-1 is a valid length value (for socket, pipe and cgi buckets for example)
All path I've checked cast the -1 to (apr_size_t) in order for the comparison to work. So do it as well here.
This has been like that in trunk since r708144, about 11 years ago, so I assume that it is not really an issue.
Spotted by gcc 9.1 and -Wextra
Submitted by: jailletc36
Reviewed by: jailletc36, minfrin, jim
Graham Leggett [Sun, 5 Jul 2020 12:55:38 +0000 (12:55 +0000)]
*) Replace apr_psprintf with apr_pstrcat where the format strings only
contain %s to improve efficiency. Leave out error messages as they
are not on a crtical code path and error message become less readable
when taking out the format specifiers.
trunk patch: http://svn.apache.org/1862270
2.4.x patch: svn merge -c 1862270 ^/httpd/httpd/trunk .
+1: minfrin, rpluem, ylavic
Easy patches: synch 2.4.x and trunk
- core: Re-introduce check for sufficient PCRE version.
- core: Fix doc string for QualifyRedirectURL
- mod_proxy: really return an error message on invalid "flusher" value.
- mod_http2: Remove extra and un-needed ""
- mod_ldap: fix a (unlikely) memory leak
- ab: fix a typo
- suexec: Report error string after failure from setgid/initgroups or setuid
- mod_session_crypto: be less specific and don't echo passphrase
- mod_proxy_html: Fix proxy_html_conf.bufsz to have correct type, as
it is used with ap_set_int_slot.
- mod_md: update duplicated APLOGNOs.
Yann Ylavic [Fri, 26 Jun 2020 10:21:19 +0000 (10:21 +0000)]
Merge r1878280 from trunk:
mod_proxy_http: don't strip EOS when spooling request body to file.
To prevent stream_reqbody() from sending the FILE and FLUSH bucket in separate
brigades, and thus apr_file_setaside() to trigger if network congestion occurs
with the backend, restore the EOS in spool_reqbody_cl() which was stripped
when spooling the request body to a file.
Until APR r1878279 is released (and installed by users), apr_file_setaside()
on a temporary file (mktemp) will simply drop the file cleanup, leaking the
fd and inode..
Yann Ylavic [Fri, 26 Jun 2020 10:18:16 +0000 (10:18 +0000)]
Merge r1879179, r1879180 from trunk:
EVP_PKEY_up_ref(): fix ref count locking type for proxy EVP pkey
When enabling client authentication for proxy (SSLProxyMachineCertificateFile),
the client certificate callback function ssl_callback_proxy_cert uses another
reference count locking type then one that is used by the caller function when
trying to free the private key afterwards by using EVP_PKEY_free.
This can lead to a race-condition on pkey->references resulting in a double
free error.
On my system, the error occurs sporadically when threaded health checking
(mod_watchdog) forces two threads competing for the client's private key.
For example, see following two backtraces of a coredump where thread 1 and
thread 15 both run into CRYPTO_free(). Actually, the private key should never
be freed during run-time nor should two threads ever enter CRYPTO_free()
concurrently.
(gdb) t 1
[Switching to thread 1 (Thread 0xb2cfbb40 (LWP 16054))]
#0 0xf7f3f329 in __kernel_vsyscall ()
(gdb) bt
#0 0xf7f3f329 in __kernel_vsyscall ()
#1 0xf7cec9e7 in raise () from /lib32/libc.so.6
#2 0xf7cedfb9 in abort () from /lib32/libc.so.6
#3 0xf7d2a14d in ?? () from /lib32/libc.so.6
#4 0xf7d2fd27 in ?? () from /lib32/libc.so.6
#5 0xf7d3047d in ?? () from /lib32/libc.so.6
#6 0x08499c70 in CRYPTO_free (str=0x93376b0) at mem.c:434
#7 0x084cc063 in EVP_PKEY_free (x=0x93376b0) at p_lib.c:406
#8 0x08463917 in ssl3_send_client_certificate (s=0xad21f070) at s3_clnt.c:3475
#9 0x0845d62c in ssl3_connect (s=0xad21f070) at s3_clnt.c:426
#10 0x08484213 in SSL_connect (s=0xad21f070) at ssl_lib.c:1008
#11 0x0846f9c8 in ssl23_get_server_hello (s=0xad21f070) at s23_clnt.c:832
#12 0x0846ea45 in ssl23_connect (s=0xad21f070) at s23_clnt.c:231
#13 0x08484213 in SSL_connect (s=0xad21f070) at ssl_lib.c:1008
#14 0x08261e73 in ssl_io_filter_handshake (filter_ctx=0xb4d3f450) at ssl_engine_io.c:1245
#15 0x08263ba6 in ssl_io_filter_output (f=0xb4d3f480, bb=0xacc079a0) at ssl_engine_io.c:1760
#16 0x080ea2c9 in ap_pass_brigade (next=0xb4d3f480, bb=0xacc079a0) at util_filter.c:590
#17 0x08263b07 in ssl_io_filter_coalesce (f=0xb4d3f468, bb=0xacc079a0) at ssl_engine_io.c:1728
#18 0x080ea2c9 in ap_pass_brigade (next=0xb4d3f468, bb=0xacc079a0) at util_filter.c:590
#19 0x08251658 in hc_send (r=0xacc069b0, out=0x8c25ec8 "GET /hcheck HTTP/1.0\r\nHost: XXX\r\n\r\n", bb=0xacc079a0) at mod_proxy_hcheck.c:664
#20 0x08251eb3 in hc_check_http (baton=0xacc068d8) at mod_proxy_hcheck.c:806
#21 0x08252653 in hc_check (thread=0x8cc6b10, b=0xacc068d8) at mod_proxy_hcheck.c:870
#22 0x08383185 in thread_pool_func (t=0x8cc6b10, param=0x8c245e0) at misc/apr_thread_pool.c:266
#23 0x083baef6 in dummy_worker (opaque=0x8cc6b10) at threadproc/unix/thread.c:142
#24 0xf7ec615f in start_thread () from /lib32/libpthread.so.0
#25 0xf7da862e in clone () from /lib32/libc.so.6
(gdb) t 15
[Switching to thread 15 (Thread 0xb44feb40 (LWP 16049))]
#0 0xf7dd90a5 in _dl_addr () from /lib32/libc.so.6
(gdb) bt
#0 0xf7dd90a5 in _dl_addr () from /lib32/libc.so.6
#1 0xf7db610c in backtrace_symbols_fd () from /lib32/libc.so.6
#2 0xf7cd89ab in ?? () from /lib32/libc.so.6
#3 0xf7d2a148 in ?? () from /lib32/libc.so.6
#4 0xf7d2fd27 in ?? () from /lib32/libc.so.6
#5 0xf7d3047d in ?? () from /lib32/libc.so.6
#6 0x08499c70 in CRYPTO_free (str=0x93376b0) at mem.c:434
#7 0x084cc063 in EVP_PKEY_free (x=0x93376b0) at p_lib.c:406
#8 0x08463917 in ssl3_send_client_certificate (s=0xacf1baa0) at s3_clnt.c:3475
#9 0x0845d62c in ssl3_connect (s=0xacf1baa0) at s3_clnt.c:426
#10 0x08484213 in SSL_connect (s=0xacf1baa0) at ssl_lib.c:1008
#11 0x0846f9c8 in ssl23_get_server_hello (s=0xacf1baa0) at s23_clnt.c:832
#12 0x0846ea45 in ssl23_connect (s=0xacf1baa0) at s23_clnt.c:231
#13 0x08484213 in SSL_connect (s=0xacf1baa0) at ssl_lib.c:1008
#14 0x08261e73 in ssl_io_filter_handshake (filter_ctx=0xb4d37430) at ssl_engine_io.c:1245
#15 0x08263ba6 in ssl_io_filter_output (f=0xb4d37460, bb=0xad101588) at ssl_engine_io.c:1760
#16 0x080ea2c9 in ap_pass_brigade (next=0xb4d37460, bb=0xad101588) at util_filter.c:590
#17 0x08263b07 in ssl_io_filter_coalesce (f=0xb4d37448, bb=0xad101588) at ssl_engine_io.c:1728
#18 0x080ea2c9 in ap_pass_brigade (next=0xb4d37448, bb=0xad101588) at util_filter.c:590
#19 0x08251658 in hc_send (r=0xad100598, out=0x8c25898 "GET /hcheck HTTP/1.0\r\nHost: XXX\r\n\r\n", bb=0xad101588) at mod_proxy_hcheck.c:664
#20 0x08251eb3 in hc_check_http (baton=0xad1004c0) at mod_proxy_hcheck.c:806
#21 0x08252653 in hc_check (thread=0x8cc6ab0, b=0xad1004c0) at mod_proxy_hcheck.c:870
#22 0x08383185 in thread_pool_func (t=0x8cc6ab0, param=0x8c245e0) at misc/apr_thread_pool.c:266
#23 0x083baef6 in dummy_worker (opaque=0x8cc6ab0) at threadproc/unix/thread.c:142
#24 0xf7ec615f in start_thread () from /lib32/libpthread.so.0
#25 0xf7da862e in clone () from /lib32/libc.so.6
Joe Orton [Thu, 25 Jun 2020 13:21:17 +0000 (13:21 +0000)]
Merge r1878993, r1879103 from trunk:
For diagnosing weird non-x86 failures, dump /etc/hosts in future runs.
Add workaround for IPv6 configuration on non-x86 hosts which
appears to fix the connection failures. Almost certainly a bug
here, not at all sure where.
Joe Orton [Wed, 17 Jun 2020 11:18:59 +0000 (11:18 +0000)]
Merge r1877250, r1878502, r1878654, r1878660, r1878663, r1878889 from trunk:
[under CTR for Travis integration]
Add gcc-10 job, drop gcc-9 config from allow_failures (seems stable again).
Use -O2 for all gcc -Werror jobs otherwise warnings triggered under e.g.
aggressive inlining are not found.
Build with LDAP support for APR 1.x.
Dump end of error_log for test run failures.
Tail more error_log for failed test suite runs in Travis.
Disable all Travis notifications for forks (hopefully).
Add Travis job which runs slapd in a container to allow testing
mod_authnz_ldap, per new test case added in r1878655.
* test/travis_Dockerfile_slapd: New dockerfile for running slapd.
Update Travis LDAP testing to use new container setup script
provided by test framework.
Ruediger Pluem [Mon, 8 Jun 2020 07:30:49 +0000 (07:30 +0000)]
Merge r1878433 from trunk:
*) mod_proxy_http2: the "ping" proxy parameter
(see <https://httpd.apache.org/docs/2.4/mod/mod_proxy.html>) is now used
when checking the liveliness of a new or reused h2 connection to the backend.
With short durations, this makes load-balancing more responsive. The module
will hold back requests until ping conditions are met, using features of the
HTTP/2 protocol alone. [Ruediger Pluem, Stefan Eissing]
projects / thirdparty / apache / httpd.git / log
