Bug report for Apache httpd-2 [2016/03/13]

2016-03-12 Thread bugzilla
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
| 8713|Inf|Min|2002-05-01|No Errorlog on PROPFIND/Depth:Infinity|
| 8867|Opn|Cri|2002-05-07|exports.c generation fails when using a symlink to|
|10747|New|Maj|2002-07-12|ftp SIZE command and 'smart' ftp servers results i|
|11294|New|Enh|2002-07-30|desired vhost_alias option|
|11580|Opn|Enh|2002-08-09|generate Content-Location headers |
|12033|Opn|Nor|2002-08-26|Graceful restart immediately result in [warn] long|
|13599|Inf|Nor|2002-10-14|autoindex formating broken for multibyte sequences|
|13661|Ass|Enh|2002-10-15|Apache cannot not handle dynamic IP reallocation  |
|14104|Opn|Enh|2002-10-30|not documented: must restart server to load new CR|
|14496|New|Enh|2002-11-13|Cannot upgrade any version on Windows. Must uninst|
|14922|Inf|Enh|2002-11-28| is currently hardcoded to 'apache2'  |
|15719|Inf|Nor|2002-12-30|WebDAV MOVE to destination URI which is content-ne|
|16761|Inf|Nor|2003-02-04|CustomLog with pipe spawns process during config  |
|16802|New|Enh|2003-02-05|Additional AllowOverride directive "Restrict" |
|16811|Ass|Maj|2003-02-05|mod_autoindex always return webpages in UTF-8.|
|17107|New|Min|2003-02-16|Windows should not install printenv   |
|17114|New|Enh|2003-02-17|Please add strip and install-strip targets to Make|
|17244|Ass|Nor|2003-02-20|./configure --help gives false information regardi|
|17497|Opn|Nor|2003-02-27|mod_mime_magic generates incorrect response header|
|18325|New|Enh|2003-03-25|PAM support for suEXEC|
|18334|Inf|Cri|2003-03-25|Server crashes when authenticating users against L|
|19043|New|Min|2003-04-15|Interesting interaction between cern_meta module a|
|19670|New|Enh|2003-05-05|content type header supplied upon PUT is thrown aw|
|20036|Ass|Nor|2003-05-19|Trailing Dots stripped from PATH_INFO environment |
|21260|New|Nor|2003-07-02|CacheMaxExpire directive not enforced !   |
|21533|Ass|Cri|2003-07-11|Multiple levels of htacces files can cause mod_aut|
|22237|New|Enh|2003-08-08|option to disable ServerSignature on index pages  |
|22484|Opn|Maj|2003-08-16|semaphore problem takes httpd down|
|22686|Opn|Nor|2003-08-25|ab: apr_poll: The timeout specified has expired (7|
|22898|Opn|Nor|2003-09-02|nph scripts with two HTTP header  |
|23167|Inf|Cri|2003-09-14|--enable-layout never goes to apr apr-util|
|23181|New|Nor|2003-09-15|Status 304 (Not modified) and chunking leads to an|
|23238|New|Cri|2003-09-18|non-async-signal-safe operations from signal handl|
|23330|New|Enh|2003-09-22|Enhance ApacheMonitor to view and control Tomcat s|
|23911|Opn|Cri|2003-10-18|CGI processes left defunct/zombie under 2.0.54|
|24031|New|Enh|2003-10-23|Passphrase protected private key in SSLProxyMachin|
|24095|Opn|Cri|2003-10-24|ERROR "Parent: child process exited with status 32|
|24437|Opn|Nor|2003-11-05|mod_auth_ldap doubly-escapes backslash (\) charact|
|24890|Opn|Nor|2003-11-21|Apache config parser should not be local aware ( g|
|25014|New|Enh|2003-11-26|A flexible interface for mod_log_config   |
|25201|New|Enh|2003-12-04|Provide Cache Purge operation |
|25240|Inf|Enh|2003-12-05|SSL Library Error: 336105671 logged as information|
|25435|New|Enh|2003-12-11|sethandler and directoryindex not playing nice|
|25469|Opn|Enh|2003-12-12|create AuthRoot for defining paths to auth files  |
|25484|Ass|Nor|2003-12-12|Non-service Apache cannot be stopped in WinXP |
|25543|Inf|Nor|2003-12-15|mod_proxy_ajp overwrites existing response headers|
|25667|New|Nor|2003-12-19|Memory leak in function ssl_scache_dbm_retrieve().|
|25863|New|Enh|2004-01-02|new per-host initialization hooks |
|26005|New|Nor|2004-01-08|SERVER_NAME incorrect when using IPv6 address in U|
|26142|New|Maj|2004-01-14|EnableSendFile Off for Windows XP Home|
|26153|Opn|Cri|2004-01-15|Apache cygwin directory traversal vulnerability   |
|26368|New|Min|

A future for mod_lua and NetWare?

2016-03-12 Thread NormW

G/M All.
When mod_lua hit httpd-trunk it was configured to have a single (global) 
memory pool, and NetWare compiled it and ran lua code as expected.


A later modification to mod_lua code introduced a memory pool per 
process and required shared memory, a function group that is not in 
NetWare's skill set. The present code can still be compiled by NetWare 
but when it is loaded into the web server, results in:



"mod_lua: Failed to create shared memory segment on file %s",
 lua_ivm_shmfile);
return HTTP_INTERNAL_SERVER_ERROR;


in the server logs.

The question then is:

1. Would it be desirable to support both pool modes using #ifdef 
APR_HAS_SHM to determine pool type used (this would affect at least 3 
files, mod_lua.c, lua_vmprint.c and lua_request.c);


OR

Having having regard for code simplification, the better(?) (newer) pool 
system and the age of NetWare, just remove NetWare support from mod_lua?


For consideration,
Norm


Re: [Patch] mod_tcp / mod_proxy_tcp / mod_ssl_tcp

2016-03-12 Thread Eric Covener
On Sat, Mar 12, 2016 at 10:46 AM, Graham Leggett  wrote:
> The following patch provides support for TCP proxying to httpd.
>
> It consists of the following three parts:
>
> - mod_tcp: Allows the frontend to receive pure TCP connections
> - mod_proxy_tcp: Allows the proxy to make pure tcp or tls connections to a 
> backend
> - mod_ssl_tcp: Allows the proxy to route incoming connections based on the 
> SNI header (tlsext)


Very cool stuff. Only looked on the surface so far, but one thing it
reminded me of in the async case is that the MPM knows the "suspended"
count but we never gave an API to really "unsuspend" when using a
timed or socket callback.  Longer term we really need to find a way to
share that raw forwarding code as it's now probably in three modules.


[Patch] mod_tcp / mod_proxy_tcp / mod_ssl_tcp

2016-03-12 Thread Graham Leggett
Hi all,

The following patch provides support for TCP proxying to httpd.

It consists of the following three parts:

- mod_tcp: Allows the frontend to receive pure TCP connections
- mod_proxy_tcp: Allows the proxy to make pure tcp or tls connections to a 
backend
- mod_ssl_tcp: Allows the proxy to route incoming connections based on the SNI 
header (tlsext)

In the following example config, incoming TCP connections are routed based on 
their SNI (the tlsext protocol) to given backend servers, which then complete 
the SSL connections as raw tunnels.

This allows you to use client certificates through the httpd proxy balancer all 
the way to the backend server without the proxy terminating any SSL along the 
way.


  Protocol tlsext

  ServerName jira.example.com

  ProxyPass / tcp://john.example.com:443



  Protocol tlsext

  ServerName www.example.com

  ProxyPass / tcp://erica.example.com:443


In order for mod_ssl_tcp to work, it needs to read ahead to see if any client 
hello message is present, and then set aside any extra data so it could be read 
again. This is fundamentally incompatible with c->data_in_input_filters which 
only allows the core filter to set aside unread data. For this reason the 
ability to set aside data was rolled out to all filters.

mod_ssl_tcp just cares about SNI for now, but could conceivably support APLN 
too, making a configuration something like this:


  Protocol tlsext
  ServerName secure.example.com
  
ProxyPass / tcp://imap.example.com:993
  
  
ProxyPass / tcp://pop3.example.com:995
  


Regards,
Graham
--



httpd-tcp-proxy.patch
Description: Binary data