The non-zero value for one bit field is -1:
mod_crypto.c|565 col 18| error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
|| ctx->encrypt = 1;
|| ^ ~
mod_crypto.c|746 col 22| error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
|| ctx->clength = 1;
|| ^ ~
mod_crypto.c|903 col 35| error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
|| ctx->seen_eos = 1;
|| ^ ~
mod_crypto.c|960 col 22| error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
|| ctx->clength = 1;
|| ^ ~
Use unsigned bit fields for struct crypto_ctx's members seen_eos, encrypt and clength.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916299 13f79535-47bb-0310-9956-ffa450edef68
Whenever a filter process returns a non-zero exit status, or is killed
by a signal, return a HTTP 500 error, and log the reason.
Ran top-level make update-log-msg-tags to update APLOGNO numbers.
Submitted by: Dimitry Andric <dimitry@unified-streaming.com>
Github: closes#296
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1910267 13f79535-47bb-0310-9956-ffa450edef68
If the SSL handshake is initiated by ssl_hook_process_connection() in
AP_MODE_INIT mode, we still want to adapt the socket timeout according
to the time left for the handshake.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897422 13f79535-47bb-0310-9956-ffa450edef68
'eval' is of type 'struct sed_eval_s' and 'lnum' is an apr_int64_t.
So use APR_INT64_T_FMT format specifier to be more consistent.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897271 13f79535-47bb-0310-9956-ffa450edef68
It is more straighforward to log the real value returned by apr_file_read() in such a case. The error code is also logged anyway.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897270 13f79535-47bb-0310-9956-ffa450edef68
the input brigade even if done inflating (ctx->done is true), but
don't try to flush the inflate stream in that case. (Caught by
Coverity)
Github: closes#280
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895552 13f79535-47bb-0310-9956-ffa450edef68
to get their length. This may transform buckets unwanted (e.g. file
to mmap) and prevent optimization down the filter chain.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1892728 13f79535-47bb-0310-9956-ffa450edef68
* leaving mod_nw_ssl and mod_ssl itself untouched
* removing mod_ssl.h includes where no longer necessary
* some modules might skip post_config hooks, but those were left in, even when empty now.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887364 13f79535-47bb-0310-9956-ffa450edef68
mimetypes like:
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
This mimetypes contains 'xml', but is unfortunately not an xml file.
xml2enc processes these files (in particular, when mod_proxy_html is
used), typically resulting in them being corrupted as it seems to
attempt to perform a ISO-8859-1 to UTF-8 conversion on them.
* modules/filters/mod_xml2enc.c (xml2enc_ffunc): Restrict test for XML
types to matching "+xml".
Submitted by: Joseph Heenan <joseph.heenan fintechlabs.io>
PR: 64339
Github: closes#150
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1884505 13f79535-47bb-0310-9956-ffa450edef68
It helps simplifying a lot of duplicated code based on apr_strtoff(), while
also rejecting leading plus/minus signs which are dissalowed in Content-Length
and (Content-)Range headers.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1877954 13f79535-47bb-0310-9956-ffa450edef68
This avoids having to define AP_REG_NO_* for each APR_REG_* specific option,
thus replacing AP_REG_NO_DOTALL introduced lately.
For ap_rxplus_compile() and mod_substitute where default AP_REG_DOTALL is not
suitable, let's use:
AP_REG_NO_DEFAULT | ap_regcomp_get_default_cflags() & AP_REG_DOLLAR_ENDONLY
to keep the default AP_REG_DOLLAR_ENDONLY unless RegexDefaultOptions unsets it.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874090 13f79535-47bb-0310-9956-ffa450edef68
Fix gcc 9 warnings in code attempting to reduce gcc warnings.
(should have used expat...)
mod_xml2enc.c:26:28: warning: "/*" within comment [-Wcomment]
26 | /* libxml2 includes unicode/*.h files which uses C++ comments */
|
mod_proxy_html.c:32:28: warning: "/*" within comment [-Wcomment]
32 | /* libxml2 includes unicode/*.h files which uses C++ comments */
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1864464 13f79535-47bb-0310-9956-ffa450edef68
and r1850745 are only known since GCC 4.2. Since it gets
set unconditionally, this breaks compilation with old GCC
even when not using maintainer mode.
Make the fix for maintainer mode more specific by using
a version dependent pragma in the relevant two C files
only switching off error status for comment warnings.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1864435 13f79535-47bb-0310-9956-ffa450edef68
r1837435, r1834553, r1833598, r1833452, r1833383, r1833368.
Undoes the following:
mod_ssl: OpenSSL now initializes fully through APR, use that.
mod_ssl: build with LibreSSL.
LibreSSL seems to be openssl-1.1 API compatible only in version 2.8 (master).
So use that for MODSSL_USE_OPENSSL_PRE_1_1_API instead of 2.7, the two 2.7
compatibility-exceptions are handled explicitely but overall it's simpler.
Regarding CRYPTO_malloc_init vs OPENSSL_malloc_init, libreSSL uses none, the
former used to be a no-op but depends is LIBRESSL_INTERNAL in latest versions,
while the latter has never been (and will never be) defined. So don't call any
with LibreSSL.
Follow up to r1833368: share openssl between modules.
Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto
can use the same crypto library (e.g. openssl), use the new APR crypto loading
API so that they can work together and initialize/terminate the lib either once
for all or on demand and reusable by the others.
Follow up to r1833368: apr_crypto_prng_after_fork() now used a PID.
Make use of the new apr_crypto_rng API if available.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1861947 13f79535-47bb-0310-9956-ffa450edef68
r1853901 lowercased the [stage] for MRT_DEFAULT_[stage]_* macros but missed
to change the ones used in reqtimeout_hooks() to initialize the default rate
factors, leading to no default rate in 2.4.39. Fix that now. PR 63325.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1857129 13f79535-47bb-0310-9956-ffa450edef68
It helps both code readability where stages are initilized and potential
logging in the input filter (even if the stage is disabled).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853935 13f79535-47bb-0310-9956-ffa450edef68
The timeouts apply between the process_connection and pre_read_request hooks.
They are disabled by default for compatibily reasons.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853906 13f79535-47bb-0310-9956-ffa450edef68
