From 83ab7e7e1cec3c51d707e743065f4f28aaaca5e0 Mon Sep 17 00:00:00 2001 From: Jim Jagielski Date: Tue, 7 Jan 2025 15:00:40 +0000 Subject: [PATCH] *) Easy patches: synch 2.4.x and trunk - server: Use apr_size_t instead of int to harden against overflows - mod_http2: DOXYGEN has nothing to do here, just remove this strange "#if defined(DOXYGEN)" - test: make the compiler happy when using --enable-maintainer-mode - mod_proxy: Fix format string type check - mod_http2: Fix comment, no functional change - : Remove unnecessary APLOGNO() use in TRACE-level logging - mod_cache_socache: Update comment only, to remove reference to session cache - mod_dav: Fix error message formatting if an unauthenticated user tries to use an authenticated user's lock token - : trigger ci - server: Fix typo in comment git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1922956 13f79535-47bb-0310-9956-ffa450edef68 --- ABOUT_APACHE | 2 +- CHANGES | 9 +++++++ STATUS | 28 ---------------------- changes-entries/md_v2.4.29.txt | 5 ---- changes-entries/modssl-engine-fallback.txt | 2 -- include/ap_socache.h | 7 +++--- modules/dav/main/util.c | 2 +- modules/http2/h2_proxy_session.c | 2 +- modules/http2/h2_ws.c | 2 +- modules/ldap/util_ldap.c | 2 +- modules/lua/mod_lua.c | 6 ++--- modules/proxy/ajp_header.c | 2 +- modules/proxy/proxy_util.c | 2 +- server/util_expr_parse.c | 2 +- server/util_script.c | 4 ++-- test/clients/h2ws.c | 3 +-- 16 files changed, 27 insertions(+), 53 deletions(-) delete mode 100644 changes-entries/md_v2.4.29.txt delete mode 100644 changes-entries/modssl-engine-fallback.txt diff --git a/ABOUT_APACHE b/ABOUT_APACHE index 490b806739d..2443b128515 100644 --- a/ABOUT_APACHE +++ b/ABOUT_APACHE @@ -128,7 +128,7 @@ group of volunteers who vote on changes to the distributed server), then you need to start by subscribing to the dev@httpd.apache.org mailing list. One warning though: traffic is high, 1000 to 1500 messages/month. To subscribe to the list, send an email to dev-subscribe@httpd.apache.org. -We recommend reading the list for a while before trying to jump in to +We recommend reading the list for a while before trying to jump in to development. NOTE: The developer mailing list (dev@httpd.apache.org) is not diff --git a/CHANGES b/CHANGES index feb65d99ff1..58003794350 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,15 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.63 + *) mod_md: update to version 2.4.29 + - Fixed HTTP-01 challenges to not carry a final newline, as some ACME + server fail to ignore it. [Michael Kaufmann (@mkauf)] + - Fixed missing label+newline in server-status plain text output when + MDStapling is enabled. + + *) mod_ssl: Restore support for loading PKCS#11 keys via ENGINE + without "SSLCryptoDevice" configured. [Joe Orton] + *) mod_authnz_ldap: Fix possible memory corruption if the AuthLDAPSubGroupAttribute directive is configured. [Joe Orton] diff --git a/STATUS b/STATUS index 29340bb68c1..8d701cfebe4 100644 --- a/STATUS +++ b/STATUS @@ -157,34 +157,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) Easy patches: synch 2.4.x and trunk - - server: Use apr_size_t instead of int to harden against overflows - - mod_http2: DOXYGEN has nothing to do here, just remove this - strange "#if defined(DOXYGEN)" - - test: make the compiler happy when using --enable-maintainer-mode - - mod_proxy: Fix format string type check - - mod_http2: Fix comment, no functional change - - : Remove unnecessary APLOGNO() use in TRACE-level logging - - mod_cache_socache: Update comment only, to remove reference to - session cache - - mod_dav: Fix error message formatting if an unauthenticated user - tries to use an authenticated user's lock token - - : trigger ci - - server: Fix typo in comment - trunk patch: - https://svn.apache.org/r1903680 - https://svn.apache.org/r1912663 - https://svn.apache.org/r1917013 - https://svn.apache.org/r1912941 - https://svn.apache.org/r1913078 - https://svn.apache.org/r1913338 - https://svn.apache.org/r1914035 - https://svn.apache.org/r1914439 - https://svn.apache.org/r1915270 - https://svn.apache.org/r1915543 - 2.4.x patch: svn merge -c 1903680,1912663,1917013,1912941,1913078,1913338,1914035,1914439,1915270,1915543 ^/httpd/httpd/trunk . - +1: jailletc36, covener, jorton, jim - *) Add the ldap-search option to mod_authnz_ldap, allowing authorization to be based on arbitrary expressions that do not include the username. Make sure that when ldap searches are too long, we explicitly log the diff --git a/changes-entries/md_v2.4.29.txt b/changes-entries/md_v2.4.29.txt deleted file mode 100644 index 09323cd9483..00000000000 --- a/changes-entries/md_v2.4.29.txt +++ /dev/null @@ -1,5 +0,0 @@ - *) mod_md: update to version 2.4.29 - - Fixed HTTP-01 challenges to not carry a final newline, as some ACME - server fail to ignore it. [Michael Kaufmann (@mkauf)] - - Fixed missing label+newline in server-status plain text output when - MDStapling is enabled. diff --git a/changes-entries/modssl-engine-fallback.txt b/changes-entries/modssl-engine-fallback.txt deleted file mode 100644 index 6e56641d0e5..00000000000 --- a/changes-entries/modssl-engine-fallback.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) mod_ssl: Restore support for loading PKCS#11 keys via ENGINE - without "SSLCryptoDevice" configured. [Joe Orton] diff --git a/include/ap_socache.h b/include/ap_socache.h index e404d2d4631..5721edc0134 100644 --- a/include/ap_socache.h +++ b/include/ap_socache.h @@ -94,9 +94,10 @@ typedef struct ap_socache_provider_t { unsigned int flags; /** - * Create a session cache based on the given configuration string. - * The instance pointer returned in the instance parameter will be - * passed as the first argument to subsequent invocations. + * Create a small object cache based on the given configuration + * string. The instance pointer returned in the instance + * parameter will be passed as the first argument to subsequent + * invocations. * * @param instance Output parameter to which instance object is written. * @param arg User-specified configuration string. May be NULL to diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c index 3f7822fc931..50af1832307 100644 --- a/modules/dav/main/util.c +++ b/modules/dav/main/util.c @@ -1268,7 +1268,7 @@ static dav_error * dav_validate_resource_state(apr_pool_t *p, const char *errmsg; errmsg = apr_pstrcat(p, "User \"", - r->user, + r->user ? r->user : "[none]", "\" submitted a locktoken created " "by user \"", lock->auth_user, "\".", NULL); diff --git a/modules/http2/h2_proxy_session.c b/modules/http2/h2_proxy_session.c index db223012766..3faa691c71f 100644 --- a/modules/http2/h2_proxy_session.c +++ b/modules/http2/h2_proxy_session.c @@ -789,7 +789,7 @@ static apr_status_t session_start(h2_proxy_session *session) apr_socket_t *s; s = ap_get_conn_socket(session->c); -#if (!defined(WIN32) && !defined(NETWARE)) || defined(DOXYGEN) +#if !defined(WIN32) && !defined(NETWARE) if (s) { ap_sock_disable_nagle(s); } diff --git a/modules/http2/h2_ws.c b/modules/http2/h2_ws.c index 396e6e1e319..37152250759 100644 --- a/modules/http2/h2_ws.c +++ b/modules/http2/h2_ws.c @@ -44,7 +44,7 @@ #if H2_USE_WEBSOCKETS -#include "apr_encode.h" /* H2_USE_WEBSOCKETS is conditional on APR 1.6+ */ +#include "apr_encode.h" /* H2_USE_WEBSOCKETS is conditional on APR 1.7+ */ static ap_filter_rec_t *c2_ws_out_filter_handle; diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c index 4747d826ae2..3795fd42806 100644 --- a/modules/ldap/util_ldap.c +++ b/modules/ldap/util_ldap.c @@ -423,7 +423,7 @@ static int uldap_connection_init(request_rec *r, if (ldc->ChaseReferrals != AP_LDAP_CHASEREFERRALS_SDKDEFAULT) { /* Set options for rebind and referrals. */ - ap_log_error(APLOG_MARK, APLOG_TRACE4, 0, r->server, APLOGNO(01278) + ap_log_error(APLOG_MARK, APLOG_TRACE4, 0, r->server, "LDAP: Setting referrals to %s.", ((ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) ? "On" : "Off")); apr_ldap_set_option(r->pool, ldc->ldap, diff --git a/modules/lua/mod_lua.c b/modules/lua/mod_lua.c index 303890ef498..ed5c839fe9a 100644 --- a/modules/lua/mod_lua.c +++ b/modules/lua/mod_lua.c @@ -204,7 +204,7 @@ static ap_lua_vm_spec *create_vm_spec(apr_pool_t **lifecycle_pool, else { spec->file = r->filename; } - ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, APLOGNO(02313) + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "%s details: scope: %s, file: %s, func: %s", what, scope_to_string(spec->scope), spec->file, function ? function : "-"); @@ -289,7 +289,7 @@ static int lua_handler(request_rec *r) ) { return DECLINED; } - ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, APLOGNO(01472) + ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "handling [%s] in mod_lua", r->filename); /* XXX: This seems wrong because it may generate wrong headers for HEAD requests */ @@ -309,7 +309,7 @@ static int lua_handler(request_rec *r) ap_lua_release_state(L, spec, r); return HTTP_INTERNAL_SERVER_ERROR; } - ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r, APLOGNO(01474) "got a vm!"); + ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r, "got a vm!"); lua_getglobal(L, "handle"); if (!lua_isfunction(L, -1)) { ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, APLOGNO(01475) diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c index 0266a7dafc2..00db324e426 100644 --- a/modules/proxy/ajp_header.c +++ b/modules/proxy/ajp_header.c @@ -230,7 +230,7 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg, ap_log_rerror(APLOG_MARK, APLOG_TRACE8, 0, r, "Into ajp_marshal_into_msgb"); if ((method = sc_for_req_method_by_id(r)) == UNKNOWN_METHOD) { - ap_log_rerror(APLOG_MARK, APLOG_TRACE8, 0, r, APLOGNO(02437) + ap_log_rerror(APLOG_MARK, APLOG_TRACE8, 0, r, "ajp_marshal_into_msgb - Sending unknown method %s as request attribute", r->method); method = SC_M_JK_STORED; diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index 07621daed1a..1fc6bd6bca6 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -4030,7 +4030,7 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, worker->s->error_time = apr_time_now(); worker->s->status |= PROXY_WORKER_IN_ERROR; ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00959) - "ap_proxy_connect_backend disabling worker for (%s:%hu) " + "ap_proxy_connect_backend disabling worker for (%s:%d) " "for %" APR_TIME_T_FMT "s", worker->s->hostname_ex, (int)worker->s->port, apr_time_sec(worker->s->retry)); diff --git a/server/util_expr_parse.c b/server/util_expr_parse.c index ac4a3234490..f63076c4590 100644 --- a/server/util_expr_parse.c +++ b/server/util_expr_parse.c @@ -1326,7 +1326,7 @@ YYSTYPE yylval; goto yysetstate; - /* TODO: comppiler warning that this is unused, and it seems to */ + /* TODO: compiler warning that this is unused, and it seems to */ (void)yynerrs; /*------------------------------------------------------------. | yynewstate -- Push a new state, which is found in yystate. | diff --git a/server/util_script.c b/server/util_script.c index 1fa4276caef..72175e75824 100644 --- a/server/util_script.c +++ b/server/util_script.c @@ -466,7 +466,7 @@ AP_DECLARE(int) ap_scan_script_header_err_core_ex(request_rec *r, char *buffer, { char x[MAX_STRING_LEN]; char *w, *l; - int p; + apr_size_t p; int cgi_status = HTTP_UNSET; apr_table_t *merge; apr_table_t *cookie_table; @@ -837,7 +837,7 @@ static int getsfunc_STRING(char *w, int len, void *pvastrs) { struct vastrs *strs = (struct vastrs*) pvastrs; const char *p; - int t; + apr_size_t t; if (!strs->curpos || !*strs->curpos) { w[0] = '\0'; diff --git a/test/clients/h2ws.c b/test/clients/h2ws.c index 1de38760dd5..414e0887fe4 100644 --- a/test/clients/h2ws.c +++ b/test/clients/h2ws.c @@ -141,14 +141,13 @@ static int parse_host_port(const char **phost, uint16_t *pport, int *pipv6, size_t *pconsumed, const char *s, size_t len, uint16_t def_port) { - size_t i, offset; + size_t i, offset=0; char *host = NULL; int port = 0; int rv = 1, ipv6 = 0; if (!len) goto leave; - offset = 0; if (s[offset] == '[') { ipv6 = 1; for (i = offset++; i < len; ++i) {