Joe Orton [Thu, 29 Feb 2024 15:28:36 +0000 (15:28 +0000)]
* modules/ssl/ssl_engine_pphrase.c (modssl_load_engine_keypair):
Update to avoid GCC warning for no-engine builds where the
SSLModConfigRec is not used. Also log an error for the ENOTIMPL
path.
Joe Orton [Thu, 29 Feb 2024 14:00:55 +0000 (14:00 +0000)]
CI tweaks:
- don't install CPAN modules if NO_TEST_FRAMEWORK is set
- remove the workaround for mod_h2 APR build caching which
should no longer be necessary now caching is fixed
- fix capturing specific perl-framework failures with "TEST -v" mode
Joe Orton [Thu, 29 Feb 2024 13:30:50 +0000 (13:30 +0000)]
CI: Re-enable caching for *fixed* versions of apr/apr-util which
should now work correctly (since the version is in the cache key).
For 1.x branches, CLEAR_CACHE must still be used. [skip ci]
Joe Orton [Thu, 29 Feb 2024 12:11:39 +0000 (12:11 +0000)]
CI: Hopefully fix caching and artifact uploads by creating $JOBID
as a unique key for each job in the matrix, using that as the
cache key and in each artefact upload (otherwise multiple failures
uploading "error_log" overwrite each other).
Yann Ylavic [Tue, 20 Feb 2024 10:37:30 +0000 (10:37 +0000)]
mod_ssl: Follow up to r1913815: szCryptoDevice to NULL when !MODSSL_HAVE_ENGINE_API
Latest OpenSSL versions removed the ENGINE API completely, still provide NULL
SSLModConfigRec::szCryptoDevice since it's used outside MODSSL_HAVE_ENGINE_API.
SSLModConfigRec is a private struct, so no MMN change.
* modules/ssl/ssl_private(SSLModConfigRec):
Provide szCryptoDevice (NULL) even if !MODSSL_HAVE_ENGINE_API.
Joe Orton [Thu, 1 Feb 2024 15:34:22 +0000 (15:34 +0000)]
Minor CI changes:
- Add --enable-reduced-exports test.
- test running apachectl -V in the TEST_INSTALL case
- test running httpd -V in the SKIP_TESTING case
- rejig to exit if SKIP_TESTING, un-nest the if block around testing
(no functional change from this part)
Stefan Eissing [Wed, 17 Jan 2024 08:38:02 +0000 (08:38 +0000)]
*) mod_http2: v2.0.26 with the following fixes:
- Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes
<https://github.com/icing/mod_h2/issues/272>.
- Fixed small memory leak in h2 header bucket free. Thanks to
Michael Kaufmann for finding this and providing the fix.
Yann Ylavic [Tue, 16 Jan 2024 17:40:36 +0000 (17:40 +0000)]
mod_headers: Avoid infinite recursion with the edit* action and empty matches.
Change the recursion used for edit* to a loop using the new ap_regexec_ex()
function taking the current position (offset) in the subject string.
After an empty match do the same thing as pcre2_substitute() (or Perl's /g),
that is: don't allow for another empty match at the same positition by setting
the AP_REG_NOTEMPTY_ATSTART option. If there is a non-empty match use it,
otherwise skip/consume the first character and continue from there.
* modules/metadata/mod_headers.c:
Rename the hdr_edit_r enum for edit* to hdr_edit_all to better express what
is does (and since the action is not recursive anymore).
* modules/metadata/mod_headers.c(push_string, push_match):
New helpers to consume the subject and substitutions in an array of iovec.
* modules/metadata/mod_headers.c(process_regexp):
Implement the new logic, using push_match() and push_string() to fill the
iovec array finally passed to apr_strcatv() for the resulting string.
Yann Ylavic [Tue, 16 Jan 2024 16:51:03 +0000 (16:51 +0000)]
regex: Add ap_regexec_ex() which can take a starting offset to match from.
* include/ap_mmn.h:
Bump MMN minor.
* include/ap_regex.h:
Declare ap_regexec_ex().
* server/util_pcre.c(ap_regexec, ap_regexec_len, ap_regexec_ex):
Reuse existing ap_regexec_len() code to implement ap_regexec_ex() where the
offset is given instead of zero, then implement ap_regexec{,len}() in terms
of ap_regexec_ex().
Joe Orton [Wed, 20 Dec 2023 15:56:15 +0000 (15:56 +0000)]
* modules/http/chunk_filter.c (ap_http_chunk_filter): For a brigade
containing [FLUSH EOS], insert the last-chunk terminator before the
FLUSH rather than between the FLUSH and the EOS.
Joe Orton [Thu, 7 Dec 2023 18:29:15 +0000 (18:29 +0000)]
* modules/dav/main/util.c (dav_validate_resource_state): Fix error
message formatting if an unauthenticated user tries to use an
authenticated user's lock token (cosmetic fix only).
Joe Orton [Thu, 7 Dec 2023 18:25:35 +0000 (18:25 +0000)]
mod_dav_fs: Add global mutex around use of lockdb use, since
apr_dbm does not provide thread-safe locking:
* modules/dav/fs/mod_dav_fs.c (dav_fs_get_server_conf):
Replaces dav_get_lockdb_path.
(dav_fs_pre_config, dav_fs_child_init): New hooks.
(dav_fs_post_config): Create & store the mutex here.
(register_hooks): Register new hooks.
* modules/dav/fs/repos.h: Expose new dav_fs_server_conf struct.
* modules/dav/fs/lock.c (dav_fs_lockdb_cleanup): New cleanup
which unlocks and closes the dbm handle.
(dav_fs_really_open_lockdb): Lock the mutex here, register a
cleanup.
(dav_fs_open_lockdb): Adjust to use dav_fs_get_server_conf.
(dav_fs_close_lockdb): Run the cleanup here.
Joe Orton [Tue, 5 Dec 2023 15:26:22 +0000 (15:26 +0000)]
mod_ssl: Add support for loading keys from OpenSSL 3.x providers via
the STORE API. Separates compile-time support for the STORE API
(supported in 3.x) from support for the ENGINE API (deprecated in
3.x).
* modules/ssl/ssl_private.h: Define MODSSL_HAVE_OPENSSL_STORE for
OpenSSL 3.0+.
* modules/ssl/ssl_engine_pphrase.c (modssl_load_store_uri,
modssl_load_keypair_store): New functions.
(modssl_load_keypair_engine): Renamed from modssl_load_keypair_engine.
(modssl_load_engine_keypair): Reimplement to use new STORE-based
functions if SSLCryptoDevice was not configured, or else old
ENGINE implementation.
* modules/ssl/ssl_util.c (modssl_is_engine_id): Match pkcs11: URIs
also for the OpenSSL 3.x STORE API.
* modules/ssl/ssl_engine_init.c (ssl_init_server_certs): Tweak log
message on error paths for the provider/STORE case.
Graham Leggett [Sun, 19 Nov 2023 10:45:05 +0000 (10:45 +0000)]
Apply earlier fix to the ldapsearch case:
Arrange for backend LDAP connections to be returned
to the pool by a fixup hook rather than staying locked
until the end of (a potentially slow) request.
Yann Ylavic [Sat, 18 Nov 2023 13:49:04 +0000 (13:49 +0000)]
mod_proxy: Follow up to r1912245: ap_proxy_ prefix for extern functions.
Even if they are not part of the API (not in mod_proxy.h) hence requires no
MMN bump, {get,set,increment_,decrement_}busy_count() being AP_PROXY_DECLARE()d
could name-collide with a third-party module's functions.
Rename them using the ap_proxy_ prefix, with an underscore after the verb for
for all of them too (for consistency), that is:
ap_proxy_{get,set,increment,decrement}_busy_count()
Yann Ylavic [Thu, 16 Nov 2023 14:58:52 +0000 (14:58 +0000)]
Follow up to r1874101: Axe useless LIBRESSL_VERSION_NUMBER check.
Since the fix to MODSSL_USE_OPENSSL_PRE_1_1_API in r1908537, we are sure that
!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL
in this block.
Yann Ylavic [Thu, 16 Nov 2023 10:27:30 +0000 (10:27 +0000)]
ci: Disable ASan's LeakSanitizer.
The tool sometimes/somehow crashes in CI, though I can't reproduce locally.
Possibly an issue with the gcc toolchain used there.. disable for now as it
makes the tests fail.
Yann Ylavic [Wed, 15 Nov 2023 22:09:05 +0000 (22:09 +0000)]
mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set. PR 68080
Also, always allow for "SSLCryptoDevice builtin" even if the ENGINE API is not
available, OPENSSL_NO_ENGINE or more generally with the new API (providers)
available since OpenSSL >= 3.
* ssl_private.h: Set MODSSL_HAVE_ENGINE_API to 0 if OPENSSL_NO_ENGINE.
* mod_ssl.c, ssl_engine_config.c: Don't depend on HAVE_OPENSSL_ENGINE_H and
HAVE_ENGINE_INIT to provide [ssl_cmd_]SSLCryptoDevice.
projects / thirdparty / apache / httpd.git / log
