You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2022/05/09 18:02:07 UTC
svn commit: r1900755 - in /httpd/httpd/branches/2.4.x: ./ changes-entries/ modules/http/ modules/proxy/
Author: jim
Date: Mon May 9 18:02:07 2022
New Revision: 1900755
URL: http://svn.apache.org/viewvc?rev=1900755&view=rev
Log:
Merge r1899451, r1899454, r1899562, r1899564, r1899584, r1899886 from trunk:
* Close the connection in case an EOC bucket was seen
* In case we see an EOC bucket and there was an error bucket before, use its
status as status for the request. This should ensure proper status logging
in the access log.
* We need to set r->status on each call after we noticed an EOC as
data bucket generators like ap_die might have changed the status
code. But we know better in this case and insist on the status
code that we have seen in the error bucket.
* Keep track of the number of keepalives we processed on this connection.
* Report a broken backend in case reading the response line failed on the
first request on this connection otherwise we assume we have just run
into a keepalive race and the backend is still healthy.
* Add Changelog for r1899451, r1899454, r1899562, r1899564, r1899584
Submitted by: rpluem
Reviewed by: jim
Github: closes #314
Removed:
httpd/httpd/branches/2.4.x/changes-entries/md_auto_status.txt
httpd/httpd/branches/2.4.x/changes-entries/md_ocsp_update.txt
httpd/httpd/branches/2.4.x/changes-entries/md_tailscale.txt
httpd/httpd/branches/2.4.x/changes-entries/md_timeperiod_null.txt
httpd/httpd/branches/2.4.x/changes-entries/mod_heartmonitor-HeartbeatMaxServers.diff
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/modules/http/http_filters.c
httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1899451,1899454,1899562,1899564,1899584,1899886
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1900755&r1=1900754&r2=1900755&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Mon May 9 18:02:07 2022
@@ -1,6 +1,34 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.54
+ *) Implement full auto status ("key: value" type status output).
+ Especially not only status summary counts for certificates and
+ OCSP stapling but also lists. Auto status format is similar to
+ what was used for mod_proxy_balancer.
+ [Rainer Jung]
+
+ *) mod_md: fixed a bug leading to failed transfers for OCSP
+ stapling information when more than 6 certificates needed
+ updates in the same run. [Stefan Eissing]
+
+ *) mod_proxy: Set a status code of 502 in case the backend just closed the
+ connection in reply to our forwarded request. [Ruediger Pluem]
+
+ *) mod_md: a possible NULL pointer deref was fixed in
+ the JSON code for persisting time periods (start+end).
+ Fixes #282 on mod_md's github.
+ Thanks to @marcstern for finding this.
+
+ *) mod_heartmonitor: Set the documented default value
+ "10" for HeartbeatMaxServers instead of "0". With "0"
+ no shared memory slotmem was initialized. [Rainer Jung]
+
+ *) mod_md: added support for managing certificates via a
+ local tailscale demon for users of that secure networking.
+ This gives trusted certificates for tailscale assigned
+ domain names in the *.ts.net space.
+ [Stefan Eissing]
+
Changes with Apache 2.4.53
*) SECURITY: CVE-2022-23943: mod_sed: Read/write beyond bounds
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1900755&r1=1900754&r2=1900755&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Mon May 9 18:02:07 2022
@@ -153,20 +153,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
2.4.x patch: svn merge -c 1898453 ^/httpd/httpd/trunk .
+1: jaillect36, ylavic, rpluem
- *) mod_proxy: Set a status code of 502 in case the backend just closed the
- connection in reply to our forwarded request.
- Trunk version of patch:
- https://svn.apache.org/r1899451
- https://svn.apache.org/r1899454
- https://svn.apache.org/r1899562
- https://svn.apache.org/r1899564
- https://svn.apache.org/r1899584
- https://svn.apache.org/r1899886
- Backport version for 2.4.x of patch:
- https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/314.diff
- Can be applied via apply_backport_pr.sh 314
- +1: rpluem, ylavic, jim
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.4.x/modules/http/http_filters.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http/http_filters.c?rev=1900755&r1=1900754&r2=1900755&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/http/http_filters.c (original)
+++ httpd/httpd/branches/2.4.x/modules/http/http_filters.c Mon May 9 18:02:07 2022
@@ -1845,6 +1845,7 @@ AP_DECLARE(long) ap_get_client_block(req
/* Context struct for ap_http_outerror_filter */
typedef struct {
int seen_eoc;
+ int first_error;
} outerror_filter_ctx_t;
/* Filter to handle any error buckets on output */
@@ -1873,10 +1874,18 @@ apr_status_t ap_http_outerror_filter(ap_
/* stream aborted and we have not ended it yet */
r->connection->keepalive = AP_CONN_CLOSE;
}
+ /*
+ * Memorize the status code of the first error bucket for possible
+ * later use.
+ */
+ if (!ctx->first_error) {
+ ctx->first_error = ((ap_bucket_error *)(e->data))->status;
+ }
continue;
}
/* Detect EOC buckets and memorize this in the context. */
if (AP_BUCKET_IS_EOC(e)) {
+ r->connection->keepalive = AP_CONN_CLOSE;
ctx->seen_eoc = 1;
}
}
@@ -1900,6 +1909,18 @@ apr_status_t ap_http_outerror_filter(ap_
* EOS bucket.
*/
if (ctx->seen_eoc) {
+ /*
+ * Set the request status to the status of the first error bucket.
+ * This should ensure that we log an appropriate status code in
+ * the access log.
+ * We need to set r->status on each call after we noticed an EOC as
+ * data bucket generators like ap_die might have changed the status
+ * code. But we know better in this case and insist on the status
+ * code that we have seen in the error bucket.
+ */
+ if (ctx->first_error) {
+ r->status = ctx->first_error;
+ }
for (e = APR_BRIGADE_FIRST(b);
e != APR_BRIGADE_SENTINEL(b);
e = APR_BUCKET_NEXT(e))
Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c?rev=1900755&r1=1900754&r2=1900755&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c Mon May 9 18:02:07 2022
@@ -1138,8 +1138,23 @@ int ap_proxy_http_process_response(proxy
ap_pass_brigade(r->output_filters, bb);
/* Mark the backend connection for closing */
backend->close = 1;
- /* Need to return OK to avoid sending an error message */
- return OK;
+ if (origin->keepalives) {
+ /* We already had a request on this backend connection and
+ * might just have run into a keepalive race. Hence we
+ * think positive and assume that the backend is fine and
+ * we do not need to signal an error on backend side.
+ */
+ return OK;
+ }
+ /*
+ * This happened on our first request on this connection to the
+ * backend. This indicates something fishy with the backend.
+ * Return HTTP_INTERNAL_SERVER_ERROR to signal an unrecoverable
+ * server error. We do not worry about r->status code and a
+ * possible error response here as the ap_http_outerror_filter
+ * will fix all of this for us.
+ */
+ return HTTP_INTERNAL_SERVER_ERROR;
}
if (!c->keepalives) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01105)
@@ -1336,6 +1351,14 @@ int ap_proxy_http_process_response(proxy
backend->close = 1;
origin->keepalive = AP_CONN_CLOSE;
}
+ else {
+ /*
+ * Keep track of the number of keepalives we processed on this
+ * connection.
+ */
+ origin->keepalives++;
+ }
+
} else {
/* an http/0.9 response */
backasswards = 1;