Before r1918550 (r1918559 in 2.4.60), "SetHandler proxy:..." configurations
did not pass through proxy_fixup() hence the proxy_canon_handler hooks, leaving
fcgi's SCRIPT_FILENAME environment variable (from r->filename) decoded, or more
exactly not re-encoded.
We still want to call ap_proxy_canon_url() for "fcgi:" to handle/strip the UDS
"unix:" case and check that r->filename is valid and contains no controls, but
proxy_fcgi_canon() will not ap_proxy_canonenc_ex() thus re-encode anymore.
Note that this will do the same for "ProxyPass fcgi:...", there is no reason
that using SetHandler or ProxyPass don't result in the same thing. If an opt
in/out makes sense we should probably look at ProxyFCGIBackendType.
Yann Ylavic [Thu, 1 Aug 2024 11:35:26 +0000 (11:35 +0000)]
mod_proxy: Fix selection of ProxyPassMatch workers with host/port substitution. PR 69233.
With "ProxyPassMatch ^/([^/]+)/(.*)$ https://$1/$2", ap_proxy_get_worker_ex()
should not consider the length of scheme://host part of the given URL because
of the globbing match on the host part.
Fix it by setting worker->s>is_host_matchable when creating a worker with host
substitution and avoiding the min_match check in worker_matches() in this case.
Ivan Zhakov [Tue, 30 Jul 2024 00:15:32 +0000 (00:15 +0000)]
Follow-up to r1919413: CMake: Use configure_file() instead of file(write)
to generate modules.c file because configure_file() doesn't change
timestamp of file if contents is the the same.
Joe Orton [Mon, 29 Jul 2024 08:40:42 +0000 (08:40 +0000)]
* modules/dav/fs/repos.c (dav_fs_get_resource): Return a 404 rather
than a 400 where r->path_info is not empty for a file; a valid but
unsatisfiable request to a path which cannot exist,
e.g. /dav/foo.txt/blah where /dav/foo.txt is not a directory.
mod_proxy: Allow for empty UDS URL hostname in ProxyPass workers too.
Using "unix:/udspath|scheme:" or "unix:/udspath|scheme://" for a ProxyPass URL
does not work currently, while it works for SetHandler "proxy:unix:...".
*) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs
in <Location> (incomplete fix in 2.4.62). PR 69160.
When SetHandler "unix:..." is used in a <Location "/path"> block, the path
gets appended (including $DOCUMENT_ROOT somehow) to r->filename hence the
current checks in fixup_uds_filename() to add "localhost" when missing don't
work. Fix them.
Joe Orton [Fri, 26 Jul 2024 09:14:40 +0000 (09:14 +0000)]
CI: Fix OpenSSL tarball download URLs after openssl.org site refresh
CI: Update to latest OpenSSL releases.
CI: Build OpenSSL with RPATH set so that the installed ./bin/openssl works
without LD_LIBRARY_PATH set.
Use LD_RUN_PATH during the httpd build to achieve the same with binaries
from the httpd build, but unset it after so that it doesn't affect running
e.g. php-fpm or perl later. Should fix warning from logs when php-fpm
is executed --
[26-Jul-2024 07:43:34] NOTICE: PHP message: PHP Warning: PHP Startup: Unable to load dynamic library 'curl.so' (tried: /usr/lib/php/20210902/curl.so (/lib/x86_64-linux-gnu/libcurl.so.4: undefined symbol: ENGINE_init, version OPENSSL_3.0.0), /usr/lib/php/20210902/curl.so.so (/usr/lib/php/20210902/curl.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
CI: Test that php-fpm works if available before testing.
CI: For paranoia/future debugging, log the OpenSSL version from compile-time
and run-time as reported by mod_ssl.
Ivan Zhakov [Sun, 21 Jul 2024 07:40:54 +0000 (07:40 +0000)]
CMake: Use TARGET_COMPILE_DEFINITIONS to set preprocessor definitions.
TARGET_COMPILE_DEFINITIONS correctly handle values with spaces, so
DEFINE_WITH_BLANKS() macro can be removed.
Ivan Zhakov [Sat, 20 Jul 2024 13:36:20 +0000 (13:36 +0000)]
* build/build-modules-c.awk: Add AP_DECLARE_DATA to ap_prelinked_modules,
ap_prelinked_modules_symbols and ap_preloaded_modules to match declaration
in ap_config.h. It doesn't change behavior because AP_DECLARE_DATA is
empty on non-Windows platform.
Ivan Zhakov [Sat, 20 Jul 2024 12:15:48 +0000 (12:15 +0000)]
* os/win32/modules.c: Include "ap_config.h" to match the file generated by
build/build-modules-c.awk. It doesn't change the behaviour because ap_config.h
is included by httpd.h.
mod_rewrite: Better question mark tracking to avoid UnsafeAllow3F. PR 69197.
Track in do_expand() whether a '?' in the uri-path comes from a literal in
the substitution string or from an expansion (variable, lookup, ...).
In the former case it's safe to assume that it's the query-string separator
but for the other case it's not (could be a decoded %3f from r->uri).
This allows to avoid [UnsafeAllow3F] for most cases.
Stefan Eissing [Wed, 10 Jul 2024 10:55:23 +0000 (10:55 +0000)]
sync test code with mod-h2
- shutdown server at end of h2 tests
- adapt minimum httpd versions for some tests
- add test_700_20 for load on blocked connections,
disabled for now until mpm_event improves
- build websocket client automatically
mod_proxy: Don't mangle r->filename when ap_proxy_canon_netloc() fails.
ap_proxy_canon_netloc() called from canon_handler hooks modifies its given
url in pace, hence &r->filename[6] passed from ap_proxy_canon_url().
This is not an issue if every canon_handler hook succeeds (or declines)
since r->filename is usually completely rewritten finally, but on failure
it gets truncated.
Avoid this by passing a copy of r->filename from the start, the proxy *url
and r->filename don't need to point to the same data.
* proxy/proxy_util.c(ap_proxy_canon_url):
Pass a copy of r->filename to the canon_handler hooks.
mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for
"balancer:" URLs set via SetHandler, also allowing for "unix:"
sockets with BalancerMember(s). PR 69168.
* modules/proxy/proxy_util.h, modules/proxy/proxy_util.c:
Move proxy_interpolate() from mod_proxy.c to ap_proxy_interpolate(),
exported locally only (non public).
Move proxy_fixup() from mod_proxy.c to ap_proxy_canon_url(), exported
locally only too (non public).
Rollback ap_proxy_fixup_uds_filename() to a local fixup_uds_filename()
usable from proxy_util.c only. The public function will be removed in
a following commit.
* modules/proxy/mod_proxy.h:
Note that ap_proxy_fixup_uds_filename() is deprecated.
* modules/proxy/mod_proxy.c:
Just use ap_proxy_canon_url() from proxy_fixup() and proxy_handler()
for SetHandler URLs.
* modules/proxy/mod_proxy_balancer.c:
Do not canonicalize the path from proxy_balancer_canon() anymore but
rather from balancer_fixup() where the balancer URL is rewritten to
the BalancerMember URL.
The hostname part of the URL is not mandated for UDS though the canon_handler
hooks will require it, so add "localhost" if it's missing (won't be used anyway
for an AF_UNIX socket).
This can trigger with SetHandler "unix:" URLs which are now also fixed up.
Since r1908537 BIO_set_callback_ex is used with OpenSSL >= 3.0 instead of
BIO_set_callback to set the BIO callback. The meaning of parameters and
their range of values in the callback function set by BIO_set_callback_ex
has changed compared to the callback function set by BIO_set_callback
although parameters kept their names. Accommodate for this and adjust the
code accordingly.
Furthermore limit the size of dumps to APR_UINT16_MAX bytes. Given the length
of SSL records of 16k this should not have practical implications.
Yann Ylavic [Tue, 25 Jun 2024 23:49:09 +0000 (23:49 +0000)]
mod_proxy: Fixup UDS filename for mod_proxy called through r->handler.
* modules/proxy/proxy_util.c:
Export ap_proxy_fixup_uds_filename() from fix_uds_filename.
Call it from ap_proxy_pre_request() even for rewritten balancer workers.
Yann Ylavic [Fri, 21 Jun 2024 15:38:47 +0000 (15:38 +0000)]
mpm_event: Follow up to r1918482: CONN_STATE_LINGER* are not the last anymore.
Since CONN_STATE_ASYNC_WAITIO, we cannot check for < or >= CONN_STATE_LINGER
anymore to determine if in an lingering close state, so let's add a new
CONN_STATE_IS_LINGERING_CLOSE() macro for this and use it in mpm_event.
The test for state == CONN_STATE_LINGER in process_lingering_close() is a
bit weak too in order to call ap_start_lingering_close() the first time only,
so have a conn_state->linger_started flag instead.
projects / thirdparty / apache / httpd.git / log
