Stefan Eissing [Wed, 17 Jan 2024 08:38:02 +0000 (08:38 +0000)]
*) mod_http2: v2.0.26 with the following fixes:
- Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes
<https://github.com/icing/mod_h2/issues/272>.
- Fixed small memory leak in h2 header bucket free. Thanks to
Michael Kaufmann for finding this and providing the fix.
Yann Ylavic [Tue, 16 Jan 2024 17:40:36 +0000 (17:40 +0000)]
mod_headers: Avoid infinite recursion with the edit* action and empty matches.
Change the recursion used for edit* to a loop using the new ap_regexec_ex()
function taking the current position (offset) in the subject string.
After an empty match do the same thing as pcre2_substitute() (or Perl's /g),
that is: don't allow for another empty match at the same positition by setting
the AP_REG_NOTEMPTY_ATSTART option. If there is a non-empty match use it,
otherwise skip/consume the first character and continue from there.
* modules/metadata/mod_headers.c:
Rename the hdr_edit_r enum for edit* to hdr_edit_all to better express what
is does (and since the action is not recursive anymore).
* modules/metadata/mod_headers.c(push_string, push_match):
New helpers to consume the subject and substitutions in an array of iovec.
* modules/metadata/mod_headers.c(process_regexp):
Implement the new logic, using push_match() and push_string() to fill the
iovec array finally passed to apr_strcatv() for the resulting string.
Yann Ylavic [Tue, 16 Jan 2024 16:51:03 +0000 (16:51 +0000)]
regex: Add ap_regexec_ex() which can take a starting offset to match from.
* include/ap_mmn.h:
Bump MMN minor.
* include/ap_regex.h:
Declare ap_regexec_ex().
* server/util_pcre.c(ap_regexec, ap_regexec_len, ap_regexec_ex):
Reuse existing ap_regexec_len() code to implement ap_regexec_ex() where the
offset is given instead of zero, then implement ap_regexec{,len}() in terms
of ap_regexec_ex().
Joe Orton [Wed, 20 Dec 2023 15:56:15 +0000 (15:56 +0000)]
* modules/http/chunk_filter.c (ap_http_chunk_filter): For a brigade
containing [FLUSH EOS], insert the last-chunk terminator before the
FLUSH rather than between the FLUSH and the EOS.
Joe Orton [Thu, 7 Dec 2023 18:29:15 +0000 (18:29 +0000)]
* modules/dav/main/util.c (dav_validate_resource_state): Fix error
message formatting if an unauthenticated user tries to use an
authenticated user's lock token (cosmetic fix only).
Joe Orton [Thu, 7 Dec 2023 18:25:35 +0000 (18:25 +0000)]
mod_dav_fs: Add global mutex around use of lockdb use, since
apr_dbm does not provide thread-safe locking:
* modules/dav/fs/mod_dav_fs.c (dav_fs_get_server_conf):
Replaces dav_get_lockdb_path.
(dav_fs_pre_config, dav_fs_child_init): New hooks.
(dav_fs_post_config): Create & store the mutex here.
(register_hooks): Register new hooks.
* modules/dav/fs/repos.h: Expose new dav_fs_server_conf struct.
* modules/dav/fs/lock.c (dav_fs_lockdb_cleanup): New cleanup
which unlocks and closes the dbm handle.
(dav_fs_really_open_lockdb): Lock the mutex here, register a
cleanup.
(dav_fs_open_lockdb): Adjust to use dav_fs_get_server_conf.
(dav_fs_close_lockdb): Run the cleanup here.
Joe Orton [Tue, 5 Dec 2023 15:26:22 +0000 (15:26 +0000)]
mod_ssl: Add support for loading keys from OpenSSL 3.x providers via
the STORE API. Separates compile-time support for the STORE API
(supported in 3.x) from support for the ENGINE API (deprecated in
3.x).
* modules/ssl/ssl_private.h: Define MODSSL_HAVE_OPENSSL_STORE for
OpenSSL 3.0+.
* modules/ssl/ssl_engine_pphrase.c (modssl_load_store_uri,
modssl_load_keypair_store): New functions.
(modssl_load_keypair_engine): Renamed from modssl_load_keypair_engine.
(modssl_load_engine_keypair): Reimplement to use new STORE-based
functions if SSLCryptoDevice was not configured, or else old
ENGINE implementation.
* modules/ssl/ssl_util.c (modssl_is_engine_id): Match pkcs11: URIs
also for the OpenSSL 3.x STORE API.
* modules/ssl/ssl_engine_init.c (ssl_init_server_certs): Tweak log
message on error paths for the provider/STORE case.
Graham Leggett [Sun, 19 Nov 2023 10:45:05 +0000 (10:45 +0000)]
Apply earlier fix to the ldapsearch case:
Arrange for backend LDAP connections to be returned
to the pool by a fixup hook rather than staying locked
until the end of (a potentially slow) request.
Yann Ylavic [Sat, 18 Nov 2023 13:49:04 +0000 (13:49 +0000)]
mod_proxy: Follow up to r1912245: ap_proxy_ prefix for extern functions.
Even if they are not part of the API (not in mod_proxy.h) hence requires no
MMN bump, {get,set,increment_,decrement_}busy_count() being AP_PROXY_DECLARE()d
could name-collide with a third-party module's functions.
Rename them using the ap_proxy_ prefix, with an underscore after the verb for
for all of them too (for consistency), that is:
ap_proxy_{get,set,increment,decrement}_busy_count()
Yann Ylavic [Thu, 16 Nov 2023 14:58:52 +0000 (14:58 +0000)]
Follow up to r1874101: Axe useless LIBRESSL_VERSION_NUMBER check.
Since the fix to MODSSL_USE_OPENSSL_PRE_1_1_API in r1908537, we are sure that
!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL
in this block.
Yann Ylavic [Thu, 16 Nov 2023 10:27:30 +0000 (10:27 +0000)]
ci: Disable ASan's LeakSanitizer.
The tool sometimes/somehow crashes in CI, though I can't reproduce locally.
Possibly an issue with the gcc toolchain used there.. disable for now as it
makes the tests fail.
Yann Ylavic [Wed, 15 Nov 2023 22:09:05 +0000 (22:09 +0000)]
mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set. PR 68080
Also, always allow for "SSLCryptoDevice builtin" even if the ENGINE API is not
available, OPENSSL_NO_ENGINE or more generally with the new API (providers)
available since OpenSSL >= 3.
* ssl_private.h: Set MODSSL_HAVE_ENGINE_API to 0 if OPENSSL_NO_ENGINE.
* mod_ssl.c, ssl_engine_config.c: Don't depend on HAVE_OPENSSL_ENGINE_H and
HAVE_ENGINE_INIT to provide [ssl_cmd_]SSLCryptoDevice.
Stefan Eissing [Tue, 31 Oct 2023 10:24:11 +0000 (10:24 +0000)]
* mod_md: Fix the reported "until" validity of a certificate in the status
handler. [Rainer Jung]
Fix possible NULL deref when logging the error that an authentication
resource could not be retrieved from the ACME server. [Stefan Eissing]
Joe Orton [Mon, 16 Oct 2023 13:10:16 +0000 (13:10 +0000)]
Fix h2 build broken in r1913019:
* modules/http2: Make WebSockets support conditional also
on APR 1.7.x since apr_encode.h is required. Restore
#include "apr_encode.h" removed in previous commit.
Joe Orton [Tue, 3 Oct 2023 12:58:16 +0000 (12:58 +0000)]
mod_dav_fs: add DAVLockDBType directive.
* modules/dav/fs/dbm.c (dav_dbm_open_direct): Take a dbmtype argument
and use it to select the apr_dbm driver type.
(dav_dbm_open): Continue to use the "default" propdb type to open
the property databases.
* modules/dav/fs/lock.c: Store and pass through the lockdb_type
through.
* modules/dav/fs/mod_dav_fs.c (dav_get_lockdb_path): Return the dbm
type via an output argument.
(dav_fs_cmd_davlockdbtype): New config directive.
(dav_fs_merge_server_config): Merge the dbm type.
(dav_fs_post_config): Set the default lockdb type.
* modules/dav/fs/repos.h: Update prototypes as above; internal API
only so no compat concerns.
Joe Orton [Thu, 28 Sep 2023 08:11:30 +0000 (08:11 +0000)]
* modules/dav/fs/dbm.c (dav_dbm_open_direct): Test against
APR_MAJOR_VERSION, APU_MAJOR_VERSION is not defined for APR trunk
since the #include <apu_version.h> is conditional on APR < 2.
Joe Orton [Fri, 22 Sep 2023 09:31:22 +0000 (09:31 +0000)]
* modules/dav/fs/dbm.c (dav_fs_dbm_error, dav_dbm_open_direct): Remove
error message references to "property" databases since these
functions are used for both propdbs and the lock database.
mod_proxy: Allocate and pnitialize the workers and balancers on pconf.
On ungraceful restart, pchild might be destroyed without waiting for the MPM
threads, just before exit()ing but still there is a window where threads may
be using its data still.
Avoid possible exit path crashes by basing the workers/balancers on pconf,
which is not destroyed in children processes.
While at it, avoid the duplication of the generic "forward" worker for each
server(_rec), there can be a single instance like the generic "reverse"
worker.
mod_proxy: Add ap_proxy_worker_get_name() and deprecate ap_proxy_worker_name().
The latter requires a pool and returns a non constant string although it may
return worker shared data.
By computing the worker "UDS" name at init time we can return a constant name
in any case with no need for a pool, that's the new ap_proxy_worker_get_name().
projects / thirdparty / apache / httpd.git / log
