Merge r1931949, r1934628, r1934678, r1934743 from trunk:

author Eric Covener <covener@apache.org>

Tue, 2 Jun 2026 13:20:28 +0000 (13:20 +0000)

committer Eric Covener <covener@apache.org>

Tue, 2 Jun 2026 13:20:28 +0000 (13:20 +0000)
author Eric Covener <covener@apache.org>
Tue, 2 Jun 2026 13:20:28 +0000 (13:20 +0000)
committer Eric Covener <covener@apache.org>
Tue, 2 Jun 2026 13:20:28 +0000 (13:20 +0000)
diff --git a/changes-entries/h2_v2.0.40.txt b/changes-entries/h2_v2.0.40.txt

new file mode 100644 (file)

index 0000000..d8c7718
--- /dev/null
+++ b/changes-entries/h2_v2.0.40.txt
@@ -0,0 +1,6 @@
+  *) mod_http2: update to version 2.0.40
+     Fix error handling on upload requests when server runs out of file
+     handles that left beam bucket callbacks in place, potentially using
+     no longer valid references. Only applies on platforms with pipes
+     and file descriptor limits not healthy for a network server.
+     [Stefan Eissing]
diff --git a/changes-entries/h2_v2.0.41.txt b/changes-entries/h2_v2.0.41.txt

new file mode 100644 (file)

index 0000000..4d7df59
--- /dev/null
+++ b/changes-entries/h2_v2.0.41.txt
@@ -0,0 +1,3 @@
+  *) mod_http2: update to version 2.0.41
+     Fix cookie header accounting against LimitRequestFields.
+     [Stefan Eissing]
diff --git a/changes-entries/h2_v2.0.42.txt b/changes-entries/h2_v2.0.42.txt

new file mode 100644 (file)

index 0000000..b58a606
--- /dev/null
+++ b/changes-entries/h2_v2.0.42.txt
@@ -0,0 +1,4 @@
+  *) mod_http2: update to version 2.0.42
+     Fix excessive file description use for non-TLS frontend connections when
+     sending files. Fixes <https://github.com/icing/mod_h2/issues/325>
+     [Stefan Eissing]
diff --git a/modules/http2/h2_c1_io.c b/modules/http2/h2_c1_io.c

index 5ed4ee818e75cbbd81b5a5b77976123644613992..c239254d3c5e3deb6beff71d879902b0d4cf94fc 100644 (file)
--- a/modules/http2/h2_c1_io.c
+++ b/modules/http2/h2_c1_io.c
@@ -144,32 +144,21 @@ apr_status_t h2_c1_io_init(h2_c1_io *io, h2_session *session)
  
      io->session = session;
      io->output = apr_brigade_create(c->pool, c->bucket_alloc);
-    io->is_tls = ap_ssl_conn_is_ssl(session->c1);
-    io->buffer_output  = io->is_tls;
      io->flush_threshold = 4 * (apr_size_t)h2_config_sgeti64(session->s, H2_CONF_STREAM_MAX_MEM);
  
-    if (io->buffer_output) {
-        /* This is what we start with, 
-         * see https://issues.apache.org/jira/browse/TS-2503 
-         */
-        io->warmup_size = h2_config_sgeti64(session->s, H2_CONF_TLS_WARMUP_SIZE);
-        io->cooldown_usecs = (h2_config_sgeti(session->s, H2_CONF_TLS_COOLDOWN_SECS)
-                              * APR_USEC_PER_SEC);
-        io->cooldown_usecs = 0;
-        io->write_size = (io->cooldown_usecs > 0?
-                          WRITE_SIZE_INITIAL : WRITE_SIZE_MAX);
-    }
-    else {
-        io->warmup_size = 0;
-        io->cooldown_usecs = 0;
-        io->write_size = 0;
-    }
+    /* This is what we start with,
+     * see https://issues.apache.org/jira/browse/TS-2503
+     */
+    io->warmup_size = h2_config_sgeti64(session->s, H2_CONF_TLS_WARMUP_SIZE);
+    io->cooldown_usecs = (h2_config_sgeti(session->s, H2_CONF_TLS_COOLDOWN_SECS)
+                          * APR_USEC_PER_SEC);
+    io->write_size = (io->cooldown_usecs > 0?
+                      WRITE_SIZE_INITIAL : WRITE_SIZE_MAX);
  
      if (APLOGctrace1(c)) {
          ap_log_cerror(APLOG_MARK, APLOG_TRACE4, 0, c,
-                      "h2_c1_io(%ld): init, buffering=%d, warmup_size=%ld, "
-                      "cd_secs=%f", c->id, io->buffer_output,
-                      (long)io->warmup_size,
+                      "h2_c1_io(%ld): init, warmup_size=%ld, "
+                      "cd_secs=%f", c->id, (long)io->warmup_size,
                        ((double)io->cooldown_usecs/APR_USEC_PER_SEC));
      }
  
@@ -366,25 +355,19 @@ apr_status_t h2_c1_io_add_data(h2_c1_io *io, const char *data, size_t length)
      ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, io->session->c1,
                    "h2_c1_io(%ld): adding %ld data bytes",
                    io->session->c1->id, (long)length);
-    if (io->buffer_output) {
-        while (length > 0) {
-            remain = assure_scratch_space(io);
-            if (remain >= length) {
-                memcpy(io->scratch + io->slen, data, length);
-                io->slen += length;
-                length = 0;
-            }
-            else {
-                memcpy(io->scratch + io->slen, data, remain);
-                io->slen += remain;
-                data += remain;
-                length -= remain;
-            }
+    while (length > 0) {
+        remain = assure_scratch_space(io);
+        if (remain >= length) {
+            memcpy(io->scratch + io->slen, data, length);
+            io->slen += length;
+            length = 0;
+        }
+        else {
+            memcpy(io->scratch + io->slen, data, remain);
+            io->slen += remain;
+            data += remain;
+            length -= remain;
          }
-    }
-    else {
-        status = apr_brigade_write(io->output, NULL, NULL, data, length);
-        io->buffered_len += length;
      }
      return status;
  }
@@ -403,7 +386,7 @@ apr_status_t h2_c1_io_append(h2_c1_io *io, apr_bucket_brigade *bb)
              APR_BUCKET_REMOVE(b);
              APR_BRIGADE_INSERT_TAIL(io->output, b);
          }
-        else if (io->buffer_output) {
+        else {
              apr_size_t remain = assure_scratch_space(io);
              if (b->length > remain) {
                  apr_bucket_split(b, remain);
@@ -423,13 +406,6 @@ apr_status_t h2_c1_io_append(h2_c1_io *io, apr_bucket_brigade *bb)
                  continue;
              }
          }
-        else {
-            /* no buffering, forward buckets setaside on flush */
-            apr_bucket_setaside(b, io->session->c1->pool);
-            APR_BUCKET_REMOVE(b);
-            APR_BRIGADE_INSERT_TAIL(io->output, b);
-            io->buffered_len += b->length;
-        }
      }
  cleanup:
      return rv;
diff --git a/modules/http2/h2_c1_io.h b/modules/http2/h2_c1_io.h

index c4dac38e1ee4b3e68b68174c53e00c16251e129c..60bd722242e7efbafefa041e45721942b4924116 100644 (file)
--- a/modules/http2/h2_c1_io.h
+++ b/modules/http2/h2_c1_io.h
@@ -30,7 +30,6 @@ typedef struct {
      struct h2_session *session;
      apr_bucket_brigade *output;
  
-    int is_tls;
      int unflushed;
      apr_time_t cooldown_usecs;
      apr_int64_t warmup_size;
@@ -40,7 +39,6 @@ typedef struct {
      apr_int64_t bytes_read;
      apr_int64_t bytes_written;
      
-    int buffer_output;
      apr_off_t buffered_len;
      apr_off_t flush_threshold;
      unsigned int is_flushed : 1;
diff --git a/modules/http2/h2_config.c b/modules/http2/h2_config.c

index 94fd8d22420f52c56f4f0ae27ae6b2d76b827273..c9ad42eca5d692d60868cf7b3d438c157cb9fb9e 100644 (file)
--- a/modules/http2/h2_config.c
+++ b/modules/http2/h2_config.c
@@ -106,7 +106,7 @@ static h2_config defconf = {
      1,                      /* modern TLS only */
      -1,                     /* HTTP/1 Upgrade support */
      1024*1024,              /* TLS warmup size */
-    1,                      /* TLS cooldown secs */
+    0,                      /* TLS cooldown secs */
      1,                      /* HTTP/2 server push enabled */
      NULL,                   /* map of content-type to priorities */
      256,                    /* push diary size */
diff --git a/modules/http2/h2_mplx.c b/modules/http2/h2_mplx.c

index 8053f60c9a28e29d4e071aa1724e16dd5b972b40..c50e15ccd5d8f317bbace70af4d8ac985768471e 100644 (file)
--- a/modules/http2/h2_mplx.c
+++ b/modules/http2/h2_mplx.c
@@ -880,9 +880,6 @@ static apr_status_t c2_setup_io(h2_mplx *m, conn_rec *c2, h2_stream *stream, h2_
      memset(&conn_ctx->pipe_in, 0, sizeof(conn_ctx->pipe_in));
      if (stream->input) {
          conn_ctx->beam_in = stream->input;
-        h2_beam_on_send(stream->input, c2_beam_input_write_notify, c2);
-        h2_beam_on_received(stream->input, c2_beam_input_read_notify, c2);
-        h2_beam_on_consumed(stream->input, c1_input_consumed, stream);
  #if H2_USE_PIPES
          action = "create input write pipe";
          rv = apr_file_pipe_create_pools(&conn_ctx->pipe_in[H2_PIPE_OUT],
@@ -891,6 +888,9 @@ static apr_status_t c2_setup_io(h2_mplx *m, conn_rec *c2, h2_stream *stream, h2_
                                          c2->pool, c2->pool);
          if (APR_SUCCESS != rv) goto cleanup;
  #endif
+        h2_beam_on_send(stream->input, c2_beam_input_write_notify, c2);
+        h2_beam_on_received(stream->input, c2_beam_input_read_notify, c2);
+        h2_beam_on_consumed(stream->input, c1_input_consumed, stream);
          h2_beam_on_eagain(stream->input, c2_beam_input_read_eagain, c2);
          if (!h2_beam_empty(stream->input))
              c2_beam_input_write_notify(c2, stream->input);
diff --git a/modules/http2/h2_util.c b/modules/http2/h2_util.c

index b377ff77f1b1955c07475f99b50a7bf3e0095af8..b3039451f398fa5abaf76f5d9317d48bf54d804b 100644 (file)
--- a/modules/http2/h2_util.c
+++ b/modules/http2/h2_util.c
@@ -1708,6 +1708,8 @@ static apr_status_t req_add_header(apr_table_t *headers, apr_pool_t *pool,
               && !ap_cstr_casecmpn("cookie", (const char *)nv->name, nv->namelen)) {
          existing = apr_table_get(headers, "cookie");
          if (existing) {
+            if (!nv->valuelen)
+                return APR_SUCCESS;
              /* Cookie header come separately in HTTP/2, but need
               * to be merged by "; " (instead of default ", ")
               */
@@ -1719,6 +1721,8 @@ static apr_status_t req_add_header(apr_table_t *headers, apr_pool_t *pool,
              apr_table_setn(headers, "Cookie",
                             apr_psprintf(pool, "%s; %.*s", existing,
                                          (int)nv->valuelen, nv->value));
+            /* Treat the merge as an "add" to not escape LimitRequestFields */
+            *pwas_added = 1;
              return APR_SUCCESS;
          }
      }
diff --git a/modules/http2/h2_version.h b/modules/http2/h2_version.h

index 077e778e1269013f1bf3f34547999162e998fb58..b7627bb6fc5c7d655450a30f2855d1f1d93843dd 100644 (file)
--- a/modules/http2/h2_version.h
+++ b/modules/http2/h2_version.h
@@ -27,7 +27,7 @@
   * @macro
   * Version number of the http2 module as c string
   */
-#define MOD_HTTP2_VERSION "2.0.39"
+#define MOD_HTTP2_VERSION "2.0.42"
  
  /**
   * @macro
@@ -35,7 +35,7 @@
   * release. This is a 24 bit number with 8 bits for major number, 8 bits
   * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
   */
-#define MOD_HTTP2_VERSION_NUM 0x020027
+#define MOD_HTTP2_VERSION_NUM 0x02002a
  
  
  #endif /* mod_h2_h2_version_h */
author	Eric Covener <covener@apache.org>
	Tue, 2 Jun 2026 13:20:28 +0000 (13:20 +0000)
committer	Eric Covener <covener@apache.org>
	Tue, 2 Jun 2026 13:20:28 +0000 (13:20 +0000)
changes-entries/h2_v2.0.40.txt	[new file with mode: 0644]	patch \| blob
changes-entries/h2_v2.0.41.txt	[new file with mode: 0644]	patch \| blob
changes-entries/h2_v2.0.42.txt	[new file with mode: 0644]	patch \| blob
modules/http2/h2_c1_io.c		patch \| blob \| blame \| history
modules/http2/h2_c1_io.h		patch \| blob \| blame \| history
modules/http2/h2_config.c		patch \| blob \| blame \| history
modules/http2/h2_mplx.c		patch \| blob \| blame \| history
modules/http2/h2_util.c		patch \| blob \| blame \| history
modules/http2/h2_version.h		patch \| blob \| blame \| history