Stefan Eissing [Tue, 13 Jun 2023 14:36:43 +0000 (14:36 +0000)]
*) mod_http2: fixed a bug that could lead to a crash in main connection
output handling. This occured only when the last request on a HTTP/2
connection had been processed and the session decided to shut down.
This could lead to an attempt to send a final GOAWAY while the previous
write was still in progress. See PR 66646.
Stefan Eissing [Fri, 9 Jun 2023 15:02:21 +0000 (15:02 +0000)]
*) mod_http2: fixed a bug in flushing pending data on an already closed
connection that could lead to a busy loop, preventing the HTTP/2 session
to close down successfully. Fixed PR 66624.
Giovanni Bechis [Tue, 6 Jun 2023 22:02:37 +0000 (22:02 +0000)]
mod_ext_filter: check exit status of filter processes
Whenever a filter process returns a non-zero exit status, or is killed
by a signal, return a HTTP 500 error, and log the reason.
Ran top-level make update-log-msg-tags to update APLOGNO numbers.
Stefan Eissing [Thu, 1 Jun 2023 12:21:03 +0000 (12:21 +0000)]
*) core: add `final_resp_passed` flag to request_rec to allow
ap_die() to judge if it can send out a response. Bump mmn.
Enable test cases that check errors during response body to
appear as error on client side.
Stefan Eissing [Thu, 1 Jun 2023 10:38:53 +0000 (10:38 +0000)]
* mod_proxy_http2: fixed using the wrong "bucket_alloc" from the backend
connection when sending data on the frontend one. This caused crashes
or infinite loops in rare situations.
* mod_proxy_http2: fixed a bug in retry/response handling that could lead
to wrong status codes or HTTP messages send at the end of response bodies
exceeding the announced content-length.
* mod_proxy_http2: fix retry handling to not leak temporary errors.
On detecting that that an existing connection was shutdown by the other
side, a 503 response leaked even though the request was retried on a
fresh connection.
* mod_http2: fixed a bug that did cleanup of consumed and pending buckets in
the wrong order when a bucket_beam was destroyed.
Stefan Eissing [Mon, 22 May 2023 14:10:17 +0000 (14:10 +0000)]
*) mod_proxy_http2: fix retry handling to not leak temporary errors.
On detecting that that an existing connection was shutdown by the other
side, a 503 response leaked even though the request was retried on a
fresh connection.
When we are at flush_max_threshold and the next bucket is a metadata (i.e. next->length == 0), we still need to re-check for flush_max_threshold and associated optimisation (is_in_memory_bucket()) when we process this metadata bucket in the next iteration of the loop.
Graham Leggett [Fri, 19 May 2023 10:29:02 +0000 (10:29 +0000)]
mod_authnz_ldap.c: Make sure the authentication variables are set in
all cases where another module is the source of the authentication,
and that authenticated user is looked up in LDAP.
Stefan Eissing [Fri, 12 May 2023 11:28:59 +0000 (11:28 +0000)]
*) mod_http2: v2.0.15 with the following fixes and improvements
- New directive 'H2EarlyHint name value' to add headers to a response,
picked up already when a "103 Early Hints" response is sent. 'name' and
'value' must comply to the HTTP field restrictions.
This directive can be repeated several times and header fields of the
same names add. Sending a 'Link' header with 'preload' relation will
also cause a HTTP/2 PUSH if enabled and supported by the client.
- Fixed an issue where requests were not logged and accounted in a timely
fashion when the connection returns to "keepalive" handling, e.g. when
the request served was the last outstanding one.
This led to late appearance in access logs with wrong duration times
reported.
- Accurately report the bytes sent for a request in the '%O' Log format.
This addresses #203, a long outstanding issue where mod_h2 has reported
numbers over-eagerly from internal buffering and not what has actually
been placed on the connection.
The numbers are now the same with and without H2CopyFiles enabled.
Stefan Eissing [Tue, 2 May 2023 08:36:02 +0000 (08:36 +0000)]
*) mod_tls: updating to rustls-ffi version 0.9.2 or higher.
Checking in configure for proper version installed. Code
fixes for changed clienthello member name.
* In the reverse proxy case when we only want to keep encoded slashes untouched
we can have decoded '%''s in the URI that got sent to us in the original URL
as %25. Don't error out in this case but just fall through and have them
encoded to %25 when forwarding to the backend.
* If we fail to connect to all looked up IP's from the worker lookup cache it
might be caused by a change on DNS side. Try another DNS lookup in this case
and in case this causes a successful connection trigger a refresh of the
worker lookup cache.
mod_status: Remove duplicate keys "BusyWorkers" and "IdleWorkers".
Resolve inconsistency between the previous two occurrences by
counting workers in state SERVER_GRACEFUL no longer as busy,
but instead in a new counter "GracefulWorkers" (or on HTML
view as "workers gracefully restarting"). Also add the graceful
counter as a new column to the existing HTML per process table
for async MPMs.
PR 63300
Graham Leggett [Tue, 25 Apr 2023 17:52:18 +0000 (17:52 +0000)]
*) mod_autht_jwt: New module to handle RFC 7519 JWT tokens within
bearer tokens, both as part of the aaa framework, and as a way to
generate tokens and pass them to backend servers and services.
*) mod_auth_bearer: New module to handle RFC 6750 Bearer tokens, using
the token_checker hook.
*) mod_autht_core: New module to handle provider aliases for token
authentication.
* For retriggering a DNS lookup worker->cp->addr should be set to NULL and thus
we need to avoid a race that worker->cp->addr switches to NULL after we
checked it to be non NULL but before we assign it to conn->addr in an else
tree which would leave conn->addr to NULL and likely cause a segfault later.
Joe Orton [Wed, 19 Apr 2023 13:58:53 +0000 (13:58 +0000)]
CI tests are failing (since r1909135), set a lower timeout since
the default is a rather extreme 6hrs. Worst cases seem to be
around 10 minutes currently. [skip ci]
Graham Leggett [Fri, 14 Apr 2023 14:07:49 +0000 (14:07 +0000)]
mod_alias: When an alias is declared inside a Location, make sure
the balance of the URL is preserved to match the alias declared
outside a location. Fixes an error where all requests are mapped
to the root of the location.
Giovanni Bechis [Wed, 5 Apr 2023 06:38:18 +0000 (06:38 +0000)]
Fix possible NULL pointer dereference casued by apreq_param_make()
The function apreq_param_make() will return NULL on failure. However
NULL check are forgetten before derenference, which could lead to
NULL pointer dereference.
Adding NULL check to all use of apreq_param_make().
Giovanni Bechis [Tue, 4 Apr 2023 21:43:46 +0000 (21:43 +0000)]
Fix a possible NULL pointer dereference of ap_runtime_dir_relative()
ap_runtime_dir_relative() will return NULL on failure. However cgid_init()
does not check the return value of ap_runtime_dir_relative() and use it
directly.
projects / thirdparty / apache / httpd.git / log
