From: Yann Ylavic Date: Thu, 2 Mar 2023 15:24:08 +0000 (+0000) Subject: Sync changes [skip ci] X-Git-Tag: 2.5.0-alpha2-ci-test-only~85 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c9b8075bc1ce8e88f6df067ecb737f078b8ea23;p=thirdparty%2Fapache%2Fhttpd.git Sync changes [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1907983 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index b0b1d5e83da..45af2a73d33 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,88 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_http2: field values (headers and trailers) are stripped of + leading/trailing whitespace (space +htab) before being processed + or send in a response. This is compatible behaviour to HTTP/1.1 + parsers that strip incoming headers of such characters. + [Stefan Eissing] + + *) build: Use 'command -v' instead of 'which' which is more portable. + PR 66130 [Sam James ] + + *) mod_dav: Allow to disable lock discovery via an DAVLockDiscovery + expression (per-request). PR 66313. [Emmanuel Dreyfus ] + + *) mod_ssl: when a proxy connection had handled a request using SSL, an + error was logged when "SSLProxyEngine" was only configured in the + location/proxy section and not the overall server. The connection + continued to work, the error log was in error. Fixed PR66190. + [Stefan Eissing] + + *) mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when + some dollar substitution (backreference) happens in the hostname or port + part of the URL. [Yann Ylavic] + + *) rotatelogs: Add -T flag to allow subsequent rotated logfiles to be + truncated without the initial logfile being truncated. [Eric Covener] + + *) mod_md: a new directive `MDStoreLocks` can be used on cluster + setups with a shared file system for `MDStoreDir` to order + activation of renewed certificates when several cluster nodes are + restarted at the same time. Store locks are not enabled by default. + Restored curl_easy cleanup behaviour from v2.4.14 and refactored + the use of curl_multi for OCSP requests to work with that. + Fixes . + + *) mod_proxy_ajp: Report an error if the AJP backend sends an invalid number + of headers. [Ruediger Pluem] + + *) mod_proxy_http2: apply the standard httpd content type handling + to responses from the backend, as other proxy modules do. Fixes PR 66391. + Thanks to Jérôme Billiras for providing the patch. + [Stefan Eissing] + + *) mod_http2: fixed trailer handling. Empty response bodies + prevented trailers from being sent to a client. See + for how + this affected gRPC use. + [Stefan Eissing] + + *) mod_proxy_http2: use only the ':authority' header to forward 'Host' + information to a backend. Deduce ':authority' from what the client + sent when 'ProxyPreserveHost' is on. + [Stefan Eissing] + + *) core: Improve the AH00124 error message about too many redirects by logging + the URI of the request. PR 66403 [Ruediger Pluem] + + *) mod_proxy_uwsgi: Stricter backend HTTP response parsing/validation. + [Yann Ylavic] + + *) mod_http2: new directive 'H2MaxDataFrameLen n' to limit the maximum + amount of response body bytes put into a single HTTP/2 DATA frame. + Setting this to 0 places no limit (but the max size allowed by the + protocol is observed). + The module, by default, tries to use the maximum size possible, which is + somewhat around 16KB. This sets the maximum. When less response data is + available, smaller frames will be sent. + + *) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors + reported in access logs and error documents. The processing of the + reset was correct, only unneccesary reporting was caused. + [Stefan Eissing] + + *) mod_proxy: Fix double encoding of the uri-path of the request forwarded + to the origin server, when using mapping=encoded|servlet. [Yann Ylavic] + + *) mod_dav: Open the lock database read-only when possible. + PR 36636 [Wilson Felipe , manu] + + *) mod_ldap: LDAPConnectionPoolTTL should accept negative values in order to + allow connections of any age to be reused. Up to now, a negative value + was handled as an error when parsing the configuration file. PR 66421. + [nailyk , Christophe Jaillet] + *) mod_proxy_hcheck: Re-enable workers in standard ERROR state. PR 66302. [Alessandro Cavaliere ] diff --git a/changes-entries/DAVLockDiscovery.txt b/changes-entries/DAVLockDiscovery.txt deleted file mode 100644 index 1696d604651..00000000000 --- a/changes-entries/DAVLockDiscovery.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) mod_dav: Allow to disable lock discovery via an DAVLockDiscovery - expression (per-request). PR 66313. [Emmanuel Dreyfus ] diff --git a/changes-entries/DAVReadOnly_in_dav_method_propfind.txt b/changes-entries/DAVReadOnly_in_dav_method_propfind.txt deleted file mode 100644 index b018ae89503..00000000000 --- a/changes-entries/DAVReadOnly_in_dav_method_propfind.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) mod_dav: Open the lock database read-only when possible. - PR 36636 [Wilson Felipe , manu] diff --git a/changes-entries/ajp_invalid_number_of_headers.txt b/changes-entries/ajp_invalid_number_of_headers.txt deleted file mode 100644 index 86573046089..00000000000 --- a/changes-entries/ajp_invalid_number_of_headers.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) mod_proxy_ajp: Report an error if the AJP backend sends an invalid number - of headers. [Ruediger Pluem] diff --git a/changes-entries/enablereuse.txt b/changes-entries/enablereuse.txt deleted file mode 100644 index b8e1a3f617b..00000000000 --- a/changes-entries/enablereuse.txt +++ /dev/null @@ -1,3 +0,0 @@ - *) mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when - some dollar substitution (backreference) happens in the hostname or port - part of the URL. [Yann Ylavic] diff --git a/changes-entries/h2-rst-access-500-fix.txt b/changes-entries/h2-rst-access-500-fix.txt deleted file mode 100644 index d165fa3bc8b..00000000000 --- a/changes-entries/h2-rst-access-500-fix.txt +++ /dev/null @@ -1,4 +0,0 @@ - *) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors - reported in access logs and error documents. The processing of the - reset was correct, only unneccesary reporting was caused. - [Stefan Eissing] diff --git a/changes-entries/h2_header_strictness.txt b/changes-entries/h2_header_strictness.txt deleted file mode 100644 index 7cac6147e01..00000000000 --- a/changes-entries/h2_header_strictness.txt +++ /dev/null @@ -1,5 +0,0 @@ - *) mod_http2: field values (headers and trailers) are stripped of - leading/trailing whitespace (space +htab) before being processed - or send in a response. This is compatible behaviour to HTTP/1.1 - parsers that strip incoming headers of such characters. - [Stefan Eissing] diff --git a/changes-entries/h2_max_data_frame_len.txt b/changes-entries/h2_max_data_frame_len.txt deleted file mode 100644 index f32f6e076e4..00000000000 --- a/changes-entries/h2_max_data_frame_len.txt +++ /dev/null @@ -1,7 +0,0 @@ - *) mod_http2: new directive 'H2MaxDataFrameLen n' to limit the maximum - amount of response body bytes put into a single HTTP/2 DATA frame. - Setting this to 0 places no limit (but the max size allowed by the - protocol is observed). - The module, by default, tries to use the maximum size possible, which is - somewhat around 16KB. This sets the maximum. When less response data is - available, smaller frames will be sent. diff --git a/changes-entries/h2_proxy_content_type.txt b/changes-entries/h2_proxy_content_type.txt deleted file mode 100644 index d35f7c2ea71..00000000000 --- a/changes-entries/h2_proxy_content_type.txt +++ /dev/null @@ -1,4 +0,0 @@ - *) mod_proxy_http2: apply the standard httpd content type handling - to responses from the backend, as other proxy modules do. Fixes PR 66391. - Thanks to Jérôme Billiras for providing the patch. - [Stefan Eissing] \ No newline at end of file diff --git a/changes-entries/h2_proxy_host.txt b/changes-entries/h2_proxy_host.txt deleted file mode 100644 index bbf34d648ce..00000000000 --- a/changes-entries/h2_proxy_host.txt +++ /dev/null @@ -1,4 +0,0 @@ - *) mod_proxy_http2: use only the ':authority' header to forward 'Host' - information to a backend. Deduce ':authority' from what the client - sent when 'ProxyPreserveHost' is on. - [Stefan Eissing] \ No newline at end of file diff --git a/changes-entries/h2_trailers.txt b/changes-entries/h2_trailers.txt deleted file mode 100644 index eb5453371a0..00000000000 --- a/changes-entries/h2_trailers.txt +++ /dev/null @@ -1,5 +0,0 @@ - *) mod_http2: fixed trailer handling. Empty response bodies - prevented trailers from being sent to a client. See - for how - this affected gRPC use. - [Stefan Eissing] \ No newline at end of file diff --git a/changes-entries/mapping_encode.txt b/changes-entries/mapping_encode.txt deleted file mode 100644 index fc7e6e50086..00000000000 --- a/changes-entries/mapping_encode.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) mod_proxy: Fix double encoding of the uri-path of the request forwarded - to the origin server, when using mapping=encoded|servlet. [Yann Ylavic] diff --git a/changes-entries/md_locks_and_fix.txt b/changes-entries/md_locks_and_fix.txt deleted file mode 100644 index c70ef1fc286..00000000000 --- a/changes-entries/md_locks_and_fix.txt +++ /dev/null @@ -1,8 +0,0 @@ - *) mod_md: a new directive `MDStoreLocks` can be used on cluster - setups with a shared file system for `MDStoreDir` to order - activation of renewed certificates when several cluster nodes are - restarted at the same time. Store locks are not enabled by default. - - Restored curl_easy cleanup behaviour from v2.4.14 and refactored - the use of curl_multi for OCSP requests to work with that. - Fixes . diff --git a/changes-entries/pr66130.txt b/changes-entries/pr66130.txt deleted file mode 100644 index f3254688f43..00000000000 --- a/changes-entries/pr66130.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) build: Use 'command -v' instead of 'which' which is more portable. - PR 66130 [Sam James ] diff --git a/changes-entries/pr66403.txt b/changes-entries/pr66403.txt deleted file mode 100644 index 551f38fd21b..00000000000 --- a/changes-entries/pr66403.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) core: Improve the AH00124 error message about too many redirects by logging - the URI of the request. PR 66403 [Ruediger Pluem] diff --git a/changes-entries/pr66421.txt b/changes-entries/pr66421.txt deleted file mode 100644 index 94d4c42adad..00000000000 --- a/changes-entries/pr66421.txt +++ /dev/null @@ -1,4 +0,0 @@ - *) mod_ldap: LDAPConnectionPoolTTL should accept negative values in order to - allow connections of any age to be reused. Up to now, a negative value - was handled as an error when parsing the configuration file. PR 66421. - [nailyk , Christophe Jaillet] diff --git a/changes-entries/proxy_uwsgi_response_validation.txt b/changes-entries/proxy_uwsgi_response_validation.txt deleted file mode 100644 index 2cdb6c6300e..00000000000 --- a/changes-entries/proxy_uwsgi_response_validation.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) mod_proxy_uwsgi: Stricter backend HTTP response parsing/validation. - [Yann Ylavic] diff --git a/changes-entries/rotatlogs_truncate_rotated.txt b/changes-entries/rotatlogs_truncate_rotated.txt deleted file mode 100644 index 2cc69366ea8..00000000000 --- a/changes-entries/rotatlogs_truncate_rotated.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) rotatelogs: Add -T flag to allow subsequent rotated logfiles to be - truncated without the initial logfile being truncated. [Eric Covener] diff --git a/changes-entries/ssl_proxy_bind.txt b/changes-entries/ssl_proxy_bind.txt deleted file mode 100644 index 4eba294bd8f..00000000000 --- a/changes-entries/ssl_proxy_bind.txt +++ /dev/null @@ -1,5 +0,0 @@ - *) mod_ssl: when a proxy connection had handled a request using SSL, an - error was logged when "SSLProxyEngine" was only configured in the - location/proxy section and not the overall server. The connection - continued to work, the error log was in error. Fixed PR66190. - [Stefan Eissing]