From: Joe Orton Date: Tue, 22 Nov 2016 09:04:49 +0000 (+0000) Subject: Merge to current 2.4.x. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d98a47b90adeacb4a88790cbfce25e3a67f66ebe;p=thirdparty%2Fapache%2Fhttpd.git Merge to current 2.4.x. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1770812 13f79535-47bb-0310-9956-ffa450edef68 --- d98a47b90adeacb4a88790cbfce25e3a67f66ebe diff --cc CHANGES index e68815ee43c,4faf997abc4..9e502d0c1a4 --- a/CHANGES +++ b/CHANGES @@@ -2,8 -2,34 +2,36 @@@ Changes with Apache 2.4.24 + *) mod_ssl: Add support for OpenSSL 1.1.0. [Rainer Jung] + + *) mod_dir: Responses that go through "FallbackResource" might appear to + hang due to unterminated chunked encoding. PR58292. [Eric Covener] + + *) mod_dav: Fix a potential cause of unbounded memory usage or incorrect + behavior in a routine that sends 's to the output filters. + [Evgeny Kotkov] + + *) mod_http2: new directive 'H2PushResource' to enable early pushes before + processing of the main request starts. Resources are announced to the + client in Link headers on a 103 early hint response. + All responses with status code <400 are inspected for Link header and + trigger pushes accordingly. 304 still does prevent pushes. + 'H2PushResource' can mark resources as 'critical' which gives them higher + priority than the main resource. This leads to preferred scheduling for + processing and, when content is available, will send it first. 'critical' + is also recognized on Link headers. [Stefan Eissing] + + *) mod_proxy_http2: uris in Link headers are now mapped back to a suitable + local url when available. Relative uris with an absolute path are mapped + as well. This makes reverse proxy mapping available for resources + announced in this header. + With 103 interim responses being forwarded to the main client connection, + this effectively allows early pushing of resources by a reverse proxied + backend server. [Stefan Eissing] + + *) mod_proxy_http2: adding support for newly proposed 103 status code. + [Stefan Eissing] + *) mpm_unix: Apache fails to start if previously crashed then restarted with the same PID (e.g. in container). PR 60261. [Val , Yann Ylavic] diff --cc modules/ssl/ssl_engine_io.c index 59a35764b01,82953ad0ac8..b463e1ab079 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@@ -838,7 -784,12 +843,12 @@@ static apr_status_t ssl_filter_write(ap return APR_EGENERAL; } + /* We rely on SSL_get_error() after the write, which requires an empty error + * queue before the write in order to work properly. + */ + ERR_clear_error(); + - outctx = (bio_filter_out_ctx_t *)filter_ctx->pbioWrite->ptr; + outctx = (bio_filter_out_ctx_t *)BIO_get_data(filter_ctx->pbioWrite); res = SSL_write(filter_ctx->pssl, (unsigned char *)data, len); if (res < 0) { @@@ -1309,11 -1260,16 +1319,16 @@@ static apr_status_t ssl_io_filter_hands return APR_SUCCESS; } + /* We rely on SSL_get_error() after the accept, which requires an empty + * error queue before the accept in order to work properly. + */ + ERR_clear_error(); + if ((n = SSL_accept(filter_ctx->pssl)) <= 0) { bio_filter_in_ctx_t *inctx = (bio_filter_in_ctx_t *) - (filter_ctx->pbioRead->ptr); + BIO_get_data(filter_ctx->pbioRead); bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *) - (filter_ctx->pbioWrite->ptr); + BIO_get_data(filter_ctx->pbioWrite); apr_status_t rc = inctx->rc ? inctx->rc : outctx->rc ; ssl_err = SSL_get_error(filter_ctx->pssl, n);