*) Easy patches: synch 2.4.x and trunk

jimjag · jimjag · commit 83ab7e7e1cec · 2025-01-07T15:00:40.000Z
- server: Use apr_size_t instead of int to harden against overflows - mod_http2: DOXYGEN has nothing to do here, just remove this strange "#if defined(DOXYGEN)" - test: make the compiler happy when using --enable-maintainer-mode - mod_proxy: Fix format string type check - mod_http2: Fix comment, no functional change - <various>: Remove unnecessary APLOGNO() use in TRACE-level logging - mod_cache_socache: Update comment only, to remove reference to session cache - mod_dav: Fix error message formatting if an unauthenticated user tries to use an authenticated user's lock token - <none>: trigger ci - server: Fix typo in comment git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1922956 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/ABOUT_APACHE b/ABOUT_APACHE
@@ -128,7 +128,7 @@ group of volunteers who vote on changes to the distributed server), then
 you need to start by subscribing to the dev@httpd.apache.org mailing list.
 One warning though: traffic is high, 1000 to 1500 messages/month.
 To subscribe to the list, send an email to dev-subscribe@httpd.apache.org.
-We recommend reading the list for a while before trying to jump in to 
+We recommend reading the list for a while before trying to jump in to
 development.
 
    NOTE: The developer mailing list (dev@httpd.apache.org) is not
diff --git a/CHANGES b/CHANGES
@@ -1,6 +1,15 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.63
 
+  *) mod_md: update to version 2.4.29
+     - Fixed HTTP-01 challenges to not carry a final newline, as some ACME
+       server fail to ignore it. [Michael Kaufmann (@mkauf)]
+     - Fixed missing label+newline in server-status plain text output when
+       MDStapling is enabled.
+
+  *) mod_ssl: Restore support for loading PKCS#11 keys via ENGINE
+     without "SSLCryptoDevice" configured.  [Joe Orton]
+
   *) mod_authnz_ldap: Fix possible memory corruption if the
      AuthLDAPSubGroupAttribute directive is configured.  [Joe Orton]  
 
diff --git a/STATUS b/STATUS
@@ -157,34 +157,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) Easy patches: synch 2.4.x and trunk
-         - server: Use apr_size_t instead of int to harden against overflows
-         - mod_http2: DOXYGEN has nothing to do here, just remove this
-                      strange "#if defined(DOXYGEN)"
-         - test: make the compiler happy when using --enable-maintainer-mode
-         - mod_proxy: Fix format string type check
-         - mod_http2: Fix comment, no functional change
-         - <various>: Remove unnecessary APLOGNO() use in TRACE-level logging
-         - mod_cache_socache: Update comment only, to remove reference to
-                              session cache
-         - mod_dav: Fix error message formatting if an unauthenticated user
-                    tries to use an authenticated user's lock token
-         - <none>: trigger ci
-         - server: Fix typo in comment
-     trunk patch:
-          https://svn.apache.org/r1903680
-          https://svn.apache.org/r1912663
-          https://svn.apache.org/r1917013
-          https://svn.apache.org/r1912941
-          https://svn.apache.org/r1913078
-          https://svn.apache.org/r1913338
-          https://svn.apache.org/r1914035
-          https://svn.apache.org/r1914439
-          https://svn.apache.org/r1915270
-          https://svn.apache.org/r1915543
-     2.4.x patch: svn merge -c 1903680,1912663,1917013,1912941,1913078,1913338,1914035,1914439,1915270,1915543 ^/httpd/httpd/trunk .
-     +1: jailletc36, covener, jorton, jim
-
   *) Add the ldap-search option to mod_authnz_ldap, allowing authorization
      to be based on arbitrary expressions that do not include the username.
      Make sure that when ldap searches are too long, we explicitly log the
diff --git a/changes-entries/md_v2.4.29.txt b/changes-entries/md_v2.4.29.txt
diff --git a/changes-entries/modssl-engine-fallback.txt b/changes-entries/modssl-engine-fallback.txt
diff --git a/include/ap_socache.h b/include/ap_socache.h
@@ -94,9 +94,10 @@ typedef struct ap_socache_provider_t {
     unsigned int flags;
 
     /**
-     * Create a session cache based on the given configuration string.
-     * The instance pointer returned in the instance parameter will be
-     * passed as the first argument to subsequent invocations.
+     * Create a small object cache based on the given configuration
+     * string.  The instance pointer returned in the instance
+     * parameter will be passed as the first argument to subsequent
+     * invocations.
      *
      * @param instance Output parameter to which instance object is written.
      * @param arg User-specified configuration string.  May be NULL to
diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c
@@ -1268,7 +1268,7 @@ static dav_error * dav_validate_resource_state(apr_pool_t *p,
                         const char *errmsg;
 
                         errmsg = apr_pstrcat(p, "User \"",
-                                            r->user,
+                                             r->user ? r->user : "[none]",
                                             "\" submitted a locktoken created "
                                             "by user \"",
                                             lock->auth_user, "\".", NULL);
diff --git a/modules/http2/h2_proxy_session.c b/modules/http2/h2_proxy_session.c
@@ -789,7 +789,7 @@ static apr_status_t session_start(h2_proxy_session *session)
     apr_socket_t *s;
     
     s = ap_get_conn_socket(session->c);
-#if (!defined(WIN32) && !defined(NETWARE)) || defined(DOXYGEN)
+#if !defined(WIN32) && !defined(NETWARE)
     if (s) {
         ap_sock_disable_nagle(s);
     }
diff --git a/modules/http2/h2_ws.c b/modules/http2/h2_ws.c
@@ -44,7 +44,7 @@
 
 #if H2_USE_WEBSOCKETS
 
-#include "apr_encode.h" /* H2_USE_WEBSOCKETS is conditional on APR 1.6+ */
+#include "apr_encode.h" /* H2_USE_WEBSOCKETS is conditional on APR 1.7+ */
 
 static ap_filter_rec_t *c2_ws_out_filter_handle;
 
diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c
@@ -423,7 +423,7 @@ static int uldap_connection_init(request_rec *r,
 
     if (ldc->ChaseReferrals != AP_LDAP_CHASEREFERRALS_SDKDEFAULT) {
         /* Set options for rebind and referrals. */
-        ap_log_error(APLOG_MARK, APLOG_TRACE4, 0, r->server, APLOGNO(01278)
+        ap_log_error(APLOG_MARK, APLOG_TRACE4, 0, r->server,
                 "LDAP: Setting referrals to %s.",
                 ((ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) ? "On" : "Off"));
         apr_ldap_set_option(r->pool, ldc->ldap,
diff --git a/modules/lua/mod_lua.c b/modules/lua/mod_lua.c
@@ -204,7 +204,7 @@ static ap_lua_vm_spec *create_vm_spec(apr_pool_t **lifecycle_pool,
     else {
         spec->file = r->filename;
     }
-    ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, APLOGNO(02313)
+    ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
                   "%s details: scope: %s, file: %s, func: %s",
                   what, scope_to_string(spec->scope), spec->file,
                   function ? function : "-");
@@ -289,7 +289,7 @@ static int lua_handler(request_rec *r)
         ) {
         return DECLINED;
     }
-    ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, APLOGNO(01472)
+    ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
                   "handling [%s] in mod_lua", r->filename);
 
     /* XXX: This seems wrong because it may generate wrong headers for HEAD requests */
@@ -309,7 +309,7 @@ static int lua_handler(request_rec *r)
             ap_lua_release_state(L, spec, r);
             return HTTP_INTERNAL_SERVER_ERROR;
         }
-        ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r, APLOGNO(01474) "got a vm!");
+        ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r, "got a vm!");
         lua_getglobal(L, "handle");
         if (!lua_isfunction(L, -1)) {
             ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, APLOGNO(01475)
diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
@@ -230,7 +230,7 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
     ap_log_rerror(APLOG_MARK, APLOG_TRACE8, 0, r, "Into ajp_marshal_into_msgb");
 
     if ((method = sc_for_req_method_by_id(r)) == UNKNOWN_METHOD) {
-        ap_log_rerror(APLOG_MARK, APLOG_TRACE8, 0, r, APLOGNO(02437)
+        ap_log_rerror(APLOG_MARK, APLOG_TRACE8, 0, r,
                "ajp_marshal_into_msgb - Sending unknown method %s as request attribute",
                r->method);
         method = SC_M_JK_STORED;
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
@@ -4030,7 +4030,7 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function,
                 worker->s->error_time = apr_time_now();
                 worker->s->status |= PROXY_WORKER_IN_ERROR;
                 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00959)
-                    "ap_proxy_connect_backend disabling worker for (%s:%hu) "
+                    "ap_proxy_connect_backend disabling worker for (%s:%d) "
                     "for %" APR_TIME_T_FMT "s",
                     worker->s->hostname_ex, (int)worker->s->port,
                     apr_time_sec(worker->s->retry));
diff --git a/server/util_expr_parse.c b/server/util_expr_parse.c
@@ -1326,7 +1326,7 @@ YYSTYPE yylval;
 
   goto yysetstate;
 
-  /* TODO: comppiler warning that this is unused, and it seems to */
+  /* TODO: compiler warning that this is unused, and it seems to */
   (void)yynerrs;
 /*------------------------------------------------------------.
 | yynewstate -- Push a new state, which is found in yystate.  |
diff --git a/server/util_script.c b/server/util_script.c
@@ -466,7 +466,7 @@ AP_DECLARE(int) ap_scan_script_header_err_core_ex(request_rec *r, char *buffer,
 {
     char x[MAX_STRING_LEN];
     char *w, *l;
-    int p;
+    apr_size_t p;
     int cgi_status = HTTP_UNSET;
     apr_table_t *merge;
     apr_table_t *cookie_table;
@@ -837,7 +837,7 @@ static int getsfunc_STRING(char *w, int len, void *pvastrs)
 {
     struct vastrs *strs = (struct vastrs*) pvastrs;
     const char *p;
-    int t;
+    apr_size_t t;
 
     if (!strs->curpos || !*strs->curpos) {
         w[0] = '\0';
diff --git a/test/clients/h2ws.c b/test/clients/h2ws.c
@@ -141,14 +141,13 @@ static int parse_host_port(const char **phost, uint16_t *pport,
                            int *pipv6, size_t *pconsumed,
                            const char *s, size_t len, uint16_t def_port)
 {
-    size_t i, offset;
+    size_t i, offset=0;
     char *host = NULL;
     int port = 0;
     int rv = 1, ipv6 = 0;
 
     if (!len)
         goto leave;
-    offset = 0;
     if (s[offset] == '[') {
         ipv6 = 1;
         for (i = offset++; i < len; ++i) {

-Original file line number
+Diff line change
 you need to start by subscribing to the [email protected] mailing list.
 One warning though: traffic is high, 1000 to 1500 messages/month.
 To subscribe to the list, send an email to [email protected].
 -We recommend reading the list for a while before trying to jump in to
 +We recommend reading the list for a while before trying to jump in to
 development.
    NOTE: The developer mailing list ([email protected]) is not
Original file line number	Diff line number	Diff line change
`@@ -789,7 +789,7 @@ static apr_status_t session_start(h2_proxy_session *session)`
`789`	`789`	`apr_socket_t *s;`
`790`	`790`
`791`	`791`	`s = ap_get_conn_socket(session->c);`
`792`		`-#if (!defined(WIN32) && !defined(NETWARE)) \|\| defined(DOXYGEN)`
	`792`	`+#if !defined(WIN32) && !defined(NETWARE)`
`793`	`793`	`if (s) {`
`794`	`794`	`ap_sock_disable_nagle(s);`
`795`	`795`	`}`