Yann Ylavic [Thu, 14 Mar 2024 14:54:59 +0000 (14:54 +0000)]
mod_crypto: Fix warnings about signed bit fields.
The non-zero value for one bit field is -1:
mod_crypto.c|565 col 18| error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
|| ctx->encrypt = 1;
|| ^ ~
mod_crypto.c|746 col 22| error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
|| ctx->clength = 1;
|| ^ ~
mod_crypto.c|903 col 35| error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
|| ctx->seen_eos = 1;
|| ^ ~
mod_crypto.c|960 col 22| error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
|| ctx->clength = 1;
|| ^ ~
Use unsigned bit fields for struct crypto_ctx's members seen_eos, encrypt and clength.
Eric Covener [Mon, 11 Mar 2024 20:35:27 +0000 (20:35 +0000)]
event: avoid possible hang in clean_child_exit
If the pthread_create failure isn't on the first worker thread,
another one is likely to hold the queue mutex already. The cleanup
of pchild will try to cleanup the queue and block on destroying
the condition.
Joe Orton [Thu, 29 Feb 2024 15:28:36 +0000 (15:28 +0000)]
* modules/ssl/ssl_engine_pphrase.c (modssl_load_engine_keypair):
Update to avoid GCC warning for no-engine builds where the
SSLModConfigRec is not used. Also log an error for the ENOTIMPL
path.
Joe Orton [Thu, 29 Feb 2024 14:00:55 +0000 (14:00 +0000)]
CI tweaks:
- don't install CPAN modules if NO_TEST_FRAMEWORK is set
- remove the workaround for mod_h2 APR build caching which
should no longer be necessary now caching is fixed
- fix capturing specific perl-framework failures with "TEST -v" mode
Joe Orton [Thu, 29 Feb 2024 13:30:50 +0000 (13:30 +0000)]
CI: Re-enable caching for *fixed* versions of apr/apr-util which
should now work correctly (since the version is in the cache key).
For 1.x branches, CLEAR_CACHE must still be used. [skip ci]
Joe Orton [Thu, 29 Feb 2024 12:11:39 +0000 (12:11 +0000)]
CI: Hopefully fix caching and artifact uploads by creating $JOBID
as a unique key for each job in the matrix, using that as the
cache key and in each artefact upload (otherwise multiple failures
uploading "error_log" overwrite each other).
Yann Ylavic [Tue, 20 Feb 2024 10:37:30 +0000 (10:37 +0000)]
mod_ssl: Follow up to r1913815: szCryptoDevice to NULL when !MODSSL_HAVE_ENGINE_API
Latest OpenSSL versions removed the ENGINE API completely, still provide NULL
SSLModConfigRec::szCryptoDevice since it's used outside MODSSL_HAVE_ENGINE_API.
SSLModConfigRec is a private struct, so no MMN change.
* modules/ssl/ssl_private(SSLModConfigRec):
Provide szCryptoDevice (NULL) even if !MODSSL_HAVE_ENGINE_API.
Joe Orton [Thu, 1 Feb 2024 15:34:22 +0000 (15:34 +0000)]
Minor CI changes:
- Add --enable-reduced-exports test.
- test running apachectl -V in the TEST_INSTALL case
- test running httpd -V in the SKIP_TESTING case
- rejig to exit if SKIP_TESTING, un-nest the if block around testing
(no functional change from this part)
Stefan Eissing [Wed, 17 Jan 2024 08:38:02 +0000 (08:38 +0000)]
*) mod_http2: v2.0.26 with the following fixes:
- Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes
<https://github.com/icing/mod_h2/issues/272>.
- Fixed small memory leak in h2 header bucket free. Thanks to
Michael Kaufmann for finding this and providing the fix.
Yann Ylavic [Tue, 16 Jan 2024 17:40:36 +0000 (17:40 +0000)]
mod_headers: Avoid infinite recursion with the edit* action and empty matches.
Change the recursion used for edit* to a loop using the new ap_regexec_ex()
function taking the current position (offset) in the subject string.
After an empty match do the same thing as pcre2_substitute() (or Perl's /g),
that is: don't allow for another empty match at the same positition by setting
the AP_REG_NOTEMPTY_ATSTART option. If there is a non-empty match use it,
otherwise skip/consume the first character and continue from there.
* modules/metadata/mod_headers.c:
Rename the hdr_edit_r enum for edit* to hdr_edit_all to better express what
is does (and since the action is not recursive anymore).
* modules/metadata/mod_headers.c(push_string, push_match):
New helpers to consume the subject and substitutions in an array of iovec.
* modules/metadata/mod_headers.c(process_regexp):
Implement the new logic, using push_match() and push_string() to fill the
iovec array finally passed to apr_strcatv() for the resulting string.
Yann Ylavic [Tue, 16 Jan 2024 16:51:03 +0000 (16:51 +0000)]
regex: Add ap_regexec_ex() which can take a starting offset to match from.
* include/ap_mmn.h:
Bump MMN minor.
* include/ap_regex.h:
Declare ap_regexec_ex().
* server/util_pcre.c(ap_regexec, ap_regexec_len, ap_regexec_ex):
Reuse existing ap_regexec_len() code to implement ap_regexec_ex() where the
offset is given instead of zero, then implement ap_regexec{,len}() in terms
of ap_regexec_ex().
Joe Orton [Wed, 20 Dec 2023 15:56:15 +0000 (15:56 +0000)]
* modules/http/chunk_filter.c (ap_http_chunk_filter): For a brigade
containing [FLUSH EOS], insert the last-chunk terminator before the
FLUSH rather than between the FLUSH and the EOS.
Joe Orton [Thu, 7 Dec 2023 18:29:15 +0000 (18:29 +0000)]
* modules/dav/main/util.c (dav_validate_resource_state): Fix error
message formatting if an unauthenticated user tries to use an
authenticated user's lock token (cosmetic fix only).
Joe Orton [Thu, 7 Dec 2023 18:25:35 +0000 (18:25 +0000)]
mod_dav_fs: Add global mutex around use of lockdb use, since
apr_dbm does not provide thread-safe locking:
* modules/dav/fs/mod_dav_fs.c (dav_fs_get_server_conf):
Replaces dav_get_lockdb_path.
(dav_fs_pre_config, dav_fs_child_init): New hooks.
(dav_fs_post_config): Create & store the mutex here.
(register_hooks): Register new hooks.
* modules/dav/fs/repos.h: Expose new dav_fs_server_conf struct.
* modules/dav/fs/lock.c (dav_fs_lockdb_cleanup): New cleanup
which unlocks and closes the dbm handle.
(dav_fs_really_open_lockdb): Lock the mutex here, register a
cleanup.
(dav_fs_open_lockdb): Adjust to use dav_fs_get_server_conf.
(dav_fs_close_lockdb): Run the cleanup here.
Joe Orton [Tue, 5 Dec 2023 15:26:22 +0000 (15:26 +0000)]
mod_ssl: Add support for loading keys from OpenSSL 3.x providers via
the STORE API. Separates compile-time support for the STORE API
(supported in 3.x) from support for the ENGINE API (deprecated in
3.x).
* modules/ssl/ssl_private.h: Define MODSSL_HAVE_OPENSSL_STORE for
OpenSSL 3.0+.
* modules/ssl/ssl_engine_pphrase.c (modssl_load_store_uri,
modssl_load_keypair_store): New functions.
(modssl_load_keypair_engine): Renamed from modssl_load_keypair_engine.
(modssl_load_engine_keypair): Reimplement to use new STORE-based
functions if SSLCryptoDevice was not configured, or else old
ENGINE implementation.
* modules/ssl/ssl_util.c (modssl_is_engine_id): Match pkcs11: URIs
also for the OpenSSL 3.x STORE API.
* modules/ssl/ssl_engine_init.c (ssl_init_server_certs): Tweak log
message on error paths for the provider/STORE case.
Graham Leggett [Sun, 19 Nov 2023 10:45:05 +0000 (10:45 +0000)]
Apply earlier fix to the ldapsearch case:
Arrange for backend LDAP connections to be returned
to the pool by a fixup hook rather than staying locked
until the end of (a potentially slow) request.
Yann Ylavic [Sat, 18 Nov 2023 13:49:04 +0000 (13:49 +0000)]
mod_proxy: Follow up to r1912245: ap_proxy_ prefix for extern functions.
Even if they are not part of the API (not in mod_proxy.h) hence requires no
MMN bump, {get,set,increment_,decrement_}busy_count() being AP_PROXY_DECLARE()d
could name-collide with a third-party module's functions.
Rename them using the ap_proxy_ prefix, with an underscore after the verb for
for all of them too (for consistency), that is:
ap_proxy_{get,set,increment,decrement}_busy_count()
projects / thirdparty / apache / httpd.git / log
