VladPolskiy/apache_httpd
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2026-01-13 05:41:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
34,268 Commits 62 Branches 306 Tags
trunk
Commit Graph

34268 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Orton
5bf7c9c34e * modules/dav/main/ms_wdv.c (mswdv_combined_proppatch): Drop redundant 
check of proppatch_len against APR_SIZE_MAX, update comment.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1931184 13f79535-47bb-0310-9956-ffa450edef68
 2026-01-08 13:26:41 +00:00
Joe Orton
bd61fb9492 mod_dav: Fix security issue in unreleased MS-WDV support: 
* modules/dav/main/ms_wdv.c (mswdv_combined_proppatch):
  The MS-WDV combined PROPPATCH handler reads a 16-byte hex length
  prefix from the request body and uses it directly for memory
  allocation without bounds checking. An attacker can specify an
  extremely large value to trigger OOM and crash the worker process.

  This patch validates the parsed length against LimitXMLRequestBody
  and APR_SIZE_MAX before allocation.

Reported by: Pavel Kohout, Aisle Research, www.aisle.com
Submitted by: Pavel Kohout, jorton
Github: closes #592


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1931148 13f79535-47bb-0310-9956-ffa450edef68
 2026-01-06 11:02:20 +00:00
Rainer Jung
9d749066e2 Happy New Year 2026 - part 2 
Consensus in the release branch seems to be to
update the year in NOTICE.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1931105 13f79535-47bb-0310-9956-ffa450edef68
 2026-01-04 15:14:52 +00:00
Rainer Jung
f65e13b890 Happy New Year 2026 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1931104 13f79535-47bb-0310-9956-ffa450edef68
 2026-01-04 15:11:13 +00:00
Joe Orton
806e1f383c CI: Build and run the libcheck-based tests. 
Github: closes #590


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930795 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-22 11:59:10 +00:00
Joe Orton
f718bc37e8 * test/modules/core: Adds regression test for CGI env var override 
Submitted by: Giannis Christodoulou <io.xristod gmail.com>
Github: closes #589


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930794 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-22 11:14:06 +00:00
Joe Orton
befb52370c Regenerate docs. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930727 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-19 12:49:53 +00:00
Joe Orton
d5b2934e37 * modules/proxy/mod_proxy_balancer.c (balancer_handler): Restore 
logging in XSS protection failure path to match 2.4.x.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930712 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-18 15:52:11 +00:00
Joe Orton
b6f3d786f6 mod_md: change types of fields of ocsp_summary_ctx_t 
The number of members in ostat_by_id may be up to UINT_MAX
and there are no guarantees that all types of members (good,
revoked or unknown) are present. An integer overflow may also
occur in md_ocsp_get_summary() when they are summed as ints.

Change types of good, revoked and unknown to unsigned.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Submitted by: Anastasia Belova <nabelova31 gmail.com>
Github: closes #534


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930710 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-18 12:50:42 +00:00
Joe Orton
8169261a09 CI: Update OpenSSL versions: test 3.0 (LTS) branch, latest 3.4/3.5, 
reset/clear cache to refresh the feature/ech branch.

Github: closes #586


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930709 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-18 12:47:05 +00:00
Joe Orton
7dc7cd7f01 Steal 2x lognos. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930704 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-18 10:09:34 +00:00
Joe Orton
6859a96df8 * acinclude.m4 (APACHE_CHECK_SYSTEMD): Define AP_SYSTEMD_VERSION if 
the version of libsystemd is available from pkg-config.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930703 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-18 09:54:28 +00:00
Joe Orton
efd77789fc Follow up to r1930632 - 
* modules/cache/mod_file_cache.c (mmap_handler): Remove unused
  variable.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930633 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-16 16:11:24 +00:00
Joe Orton
59c3f0e231 mod_file_cache: Fix crashes for mmap'ed files under threaded MPM. 
* modules/cache/mod_file_cache.c (mmap_handler): fix file getting
  unmapped erroneously when server is under load in multi-thread
  multi-core configuration

PR: 69901
Submitted by: barr.israel <barr.israel campus.technion.ac.il>
Github: closes #582


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930632 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-16 16:05:10 +00:00
Lucien Gentis
040c577fdd fr doc rebuild. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930511 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-13 14:03:53 +00:00
Lucien Gentis
8ac5787325 fr doc XML file update. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930510 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-13 14:01:53 +00:00
Stefan Eissing
542e0da070 *) mod_http2: update to version 2.0.37 
Prevent double purge of a stream, resulting in a double free.
     Fixes PR 69899.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930444 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-11 08:45:15 +00:00
Stefan Eissing
0245037281 mod_md: document the forgotten MDCACertificateFile directive. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930379 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-09 09:04:36 +00:00
Stefan Eissing
d9a2baffab *) mod_md: update to version 2.6.7 
- Fix a regression in `MDStapleOthers` which broke in v2.6.0 and no longer
       applied, no matter the configuration.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930363 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-08 12:54:34 +00:00
Joe Orton
c024d5d79e feat: add HEIC, HEIF and related mime types 
See https://en.wikipedia.org/wiki/High_Efficiency_Image_File_Format

Submitted by: Alexandru Mărășteanu <hello alexei.ro>
Github: closes #580


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930199 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-02 16:10:37 +00:00
Eric Covener
9d26b95787 don't use request notes for suexec 
also, stop accepting the obscure "note" option in
RequestHeader, it is only documented/described as being
meant for Header (output filter).



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930164 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-01 12:04:29 +00:00
Eric Covener
e4f00c5eb7 envvars from HTTP headers low precedence 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930163 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-01 12:03:12 +00:00
Eric Covener
6aa64b2f2d cover mixed slashes, simplify 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930162 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-01 12:01:44 +00:00
Eric Covener
ecc1b8f381 don't pass args for SSI request 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930161 13f79535-47bb-0310-9956-ffa450edef68
 2025-12-01 12:00:14 +00:00
Joe Orton
6393e628c0 feat: add HEIC, HEIF and related mime types 
See https://en.wikipedia.org/wiki/High_Efficiency_Image_File_Format

Submitted by: Alexandru Mărășteanu <hello alexei.ro>
Github: closes #580


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930012 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-26 11:30:42 +00:00
Yann Ylavic
4edb3e2dc1 Follow up to r1929972: CHANGES entry. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929973 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-25 11:43:03 +00:00
Yann Ylavic
e0e27574e5 mod_proxy_hcheck: Fix healthcheck disabled due to child restart while updating 
When a child gets restarted while the healthcheck watchdog running for a
worker, the healcheck will be disabled for that worker indefinitively because
its ->updated time remains zero. Fix all zero ->updated time at startup.

* mod_proxy_hcheck.c(hc_watchdog_callback):
  Have AP_WATCHDOG_STATE_STARTING set the ->updated time of all the workers to
  "now" (if zero).
  Move up scoped variables common to AP_WATCHDOG_STATE_{STARTING,RUNNING}
  loops.

Reported by: Lubos Uhliarik <luhliari redhat.com>



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929972 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-25 11:39:28 +00:00
Joe Orton
d7dec4f676 CI: Try to fix ab failures during OpenSSL ech job, set RPATH via LDFLAGS 
CI: For OpenSSL branch builds, always build a fresh version of the
OpenSSL branch and cache the commit hash to allow checking for freshness.
Also clone with --depth=1 to save time+bandwidth.

Github: closes #579


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929891 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-21 09:38:42 +00:00
Stefan Eissing
99b02bf7f0 *) mod_md: update to version 2.6.6 
- Fix a small memory leak when using OpenSSL's BIGNUMs. [Theo Buehler]
     - Fix reuse of curl easy handles by resetting them. [Michael Kaufmann]



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929883 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-20 12:52:24 +00:00
Joe Orton
3122c0aed4 feat: add vnd.sqlite3 mime type and extensions 
Submitted by: Alexandru Mărășteanu <hello alexei.ro>
Github: closes #563


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929706 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-13 09:43:43 +00:00
Joe Orton
3d782af5f2 Update credit and bump next-number after r1929581. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929705 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-13 08:49:10 +00:00
Joe Orton
2c0400df47 * modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Adjust comments 
to line up with the current code better; no functional change. [skip ci]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929704 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-13 08:46:23 +00:00
Joe Orton
5f4b4bfcd4 * modules/ssl/ssl_engine_kernel.c (ssl_check_vhost_sni_policy): 
Fix handling of STRICT mode.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929631 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-10 15:30:46 +00:00
Lucien Gentis
824174ad5f fr doc rebuild. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929599 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-08 14:19:56 +00:00
Lucien Gentis
4a33b78ca7 fr doc XML file updates. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929598 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-08 14:15:15 +00:00
Joe Orton
37c60486dc docs: Update compatibility note for SSLVHostSNIPolicy 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929582 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-07 13:58:34 +00:00
Joe Orton
2d92bae127 mod_dav, mod_dav_fs: Add opt-in support for controlling resource 
modification times via the X-Oc-Mtime header in the PUT and MKCOL
method implementations.

* modules/dav/fs/mod_dav.h: Extend dav_hooks_repository struct
  with set_mtime function pointer.

* modules/dav/fs/repos.c (dav_fs_set_mtime): New function.

* modules/dav/main/mod_dav.c (dav_cmd_davhonormtimeheader,
  dav_parse_mtime): New functions.
  (dav_method_put, dav_method_mkcol): Add X-Oc-Mtime handling.
  (dav_cmds): Add DAVHonorMtimeHeader directive.

Submitted by: Leo <i hardrain980.com>
Github: closes #556


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929581 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-07 12:57:48 +00:00
Joe Orton
606656ef29 mod_ssl: Keep existing flags when calling SSL_set_shutdown() 
Preserve existing flags (SSL_RECEIVED_SHUTDOWN or SSL_SENT_SHUTDOWN) when
calling SSL_set_shutdown().

For abortive or unclean shutdowns, additionally call SSL_set_quiet_shutdown().

Submitted by: Michael Kaufmann <mail michael-kaufmann.ch>
Github: closes #560


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929580 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-07 12:39:45 +00:00
Stefan Eissing
148c6b52dc mod_http2: use ap_cstr_casecmpn for check header names 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929527 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-04 16:54:07 +00:00
Stefan Eissing
fe33bd5637 mod_http2: use length supplied by nghttp2 to check trailers. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929517 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-04 15:49:44 +00:00
Stefan Eissing
7afd53dde8 mod_md, update tp v2.6.5 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929514 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-04 14:30:49 +00:00
Joe Orton
09c247059a Improve grammar. 
Submitted by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929503 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-04 08:25:02 +00:00
Lucien Gentis
d2bdf0018e fr doc rebuild. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929460 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-01 13:40:58 +00:00
Lucien Gentis
6481cca3b4 fr doc XML file update. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929459 13f79535-47bb-0310-9956-ffa450edef68
 2025-11-01 13:37:42 +00:00
Joe Orton
76b525f25e Add missing ) in the writelog message. 
Submitted by: Jean-Frederic Clere <jfclere apache.org>
Github: closes #543


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929393 13f79535-47bb-0310-9956-ffa450edef68
 2025-10-28 13:42:07 +00:00
Joe Orton
29e63f2abe Update docs on SSLVhostSNIPolicy to cover the impact on 
non-SNI connections. Reorder the table for clarity.

Submitted by: Aaron Ogburn <aogburn redhat.com>, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929361 13f79535-47bb-0310-9956-ffa450edef68
 2025-10-27 10:30:41 +00:00
Lucien Gentis
ec66d1c24b fr doc rebuild. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929335 13f79535-47bb-0310-9956-ffa450edef68
 2025-10-25 12:23:32 +00:00
Lucien Gentis
d3658cf052 fr doc XML file update. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929334 13f79535-47bb-0310-9956-ffa450edef68
 2025-10-25 12:04:12 +00:00
Lucien Gentis
4137511428 misplaced tags in english version and fr doc XML file update. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929333 13f79535-47bb-0310-9956-ffa450edef68
 2025-10-25 11:58:42 +00:00
Joe Orton
decce8f7d7 Regenerate docs. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929309 13f79535-47bb-0310-9956-ffa450edef68
 2025-10-23 11:52:43 +00:00