From 538ad5ff5545063c27738747e2ce8e079f2d561b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?=
Date: Wed, 2 Jun 2021 18:50:42 +0200
Subject: [PATCH] new version 2.4.48 Resolves: #1952817 - rebase to 2.4.48
---
.gitignore | 1 +
httpd-2.4.43-r1870095+.patch | 115 -----------
httpd-2.4.43-sslcoalesce.patch | 192 ------------------
httpd-2.4.46-lua-resume.patch | 119 -----------
...-export.patch => httpd-2.4.48-export.patch | 6 +-
...> httpd-2.4.48-proxy-ws-idle-timeout.patch | 95 ++++-----
...929+.patch => httpd-2.4.48-r1842929+.patch | 27 +--
httpd.spec | 20 +-
sources | 4 +-
9 files changed, 65 insertions(+), 514 deletions(-)
delete mode 100644 httpd-2.4.43-r1870095+.patch
delete mode 100644 httpd-2.4.43-sslcoalesce.patch
delete mode 100644 httpd-2.4.46-lua-resume.patch
rename httpd-2.4.43-export.patch => httpd-2.4.48-export.patch (93%)
rename httpd-2.4.46-proxy-ws-idle-timeout.patch => httpd-2.4.48-proxy-ws-idle-timeout.patch (68%)
rename httpd-2.4.43-r1842929+.patch => httpd-2.4.48-r1842929+.patch (91%)
diff --git a/.gitignore b/.gitignore
index 09a5a07..ea4148c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -38,3 +38,4 @@ x86_64
/httpd-2.4.43.tar.bz2.asc
/KEYS
/httpd-2.4.46.tar.bz2.asc
+/httpd-2.4.48.tar.bz2.asc
diff --git a/httpd-2.4.43-r1870095+.patch b/httpd-2.4.43-r1870095+.patch
deleted file mode 100644
index 3fc8dfb..0000000
--- a/httpd-2.4.43-r1870095+.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
-index cbab6a3..765aa4b 100644
---- a/modules/ssl/ssl_engine_kernel.c
-+++ b/modules/ssl/ssl_engine_kernel.c
-@@ -114,6 +114,45 @@ static int has_buffered_data(request_rec *r)
- return result;
- }
-
-+/* If a renegotiation is required for the location, and the request
-+ * includes a message body (and the client has not requested a "100
-+ * Continue" response), then the client will be streaming the request
-+ * body over the wire already. In that case, it is not possible to
-+ * stop and perform a new SSL handshake immediately; once the SSL
-+ * library moves to the "accept" state, it will reject the SSL packets
-+ * which the client is sending for the request body.
-+ *
-+ * To allow authentication to complete in the hook, the solution used
-+ * here is to fill a (bounded) buffer with the request body, and then
-+ * to reinject that request body later.
-+ *
-+ * This function is called to fill the renegotiation buffer for the
-+ * location as required, or fail. Returns zero on success or HTTP_
-+ * error code on failure.
-+ */
-+static int fill_reneg_buffer(request_rec *r, SSLDirConfigRec *dc)
-+{
-+ int rv;
-+ apr_size_t rsize;
-+
-+ /* ### this is HTTP/1.1 specific, special case for protocol? */
-+ if (r->expecting_100 || !ap_request_has_body(r)) {
-+ return 0;
-+ }
-+
-+ rsize = dc->nRenegBufferSize == UNSET ? DEFAULT_RENEG_BUFFER_SIZE : dc->nRenegBufferSize;
-+ if (rsize > 0) {
-+ /* Fill the I/O buffer with the request body if possible. */
-+ rv = ssl_io_buffer_fill(r, rsize);
-+ }
-+ else {
-+ /* If the reneg buffer size is set to zero, just fail. */
-+ rv = HTTP_REQUEST_ENTITY_TOO_LARGE;
-+ }
-+
-+ return rv;
-+}
-+
- #ifdef HAVE_TLSEXT
- static int ap_array_same_str_set(apr_array_header_t *s1, apr_array_header_t *s2)
- {
-@@ -814,41 +853,14 @@ static int ssl_hook_Access_classic(request_rec *r, SSLSrvConfigRec *sc, SSLDirCo
- }
- }
-
-- /* If a renegotiation is now required for this location, and the
-- * request includes a message body (and the client has not
-- * requested a "100 Continue" response), then the client will be
-- * streaming the request body over the wire already. In that
-- * case, it is not possible to stop and perform a new SSL
-- * handshake immediately; once the SSL library moves to the
-- * "accept" state, it will reject the SSL packets which the client
-- * is sending for the request body.
-- *
-- * To allow authentication to complete in this auth hook, the
-- * solution used here is to fill a (bounded) buffer with the
-- * request body, and then to reinject that request body later.
-- */
-- if (renegotiate && !renegotiate_quick
-- && !r->expecting_100
-- && ap_request_has_body(r)) {
-- int rv;
-- apr_size_t rsize;
--
-- rsize = dc->nRenegBufferSize == UNSET ? DEFAULT_RENEG_BUFFER_SIZE :
-- dc->nRenegBufferSize;
-- if (rsize > 0) {
-- /* Fill the I/O buffer with the request body if possible. */
-- rv = ssl_io_buffer_fill(r, rsize);
-- }
-- else {
-- /* If the reneg buffer size is set to zero, just fail. */
-- rv = HTTP_REQUEST_ENTITY_TOO_LARGE;
-- }
--
-- if (rv) {
-+ /* Fill reneg buffer if required. */
-+ if (renegotiate && !renegotiate_quick) {
-+ rc = fill_reneg_buffer(r, dc);
-+ if (rc) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02257)
- "could not buffer message body to allow "
- "SSL renegotiation to proceed");
-- return rv;
-+ return rc;
- }
- }
-
-@@ -1132,6 +1144,17 @@ static int ssl_hook_Access_modern(request_rec *r, SSLSrvConfigRec *sc, SSLDirCon
- }
- }
-
-+ /* Fill reneg buffer if required. */
-+ if (change_vmode) {
-+ rc = fill_reneg_buffer(r, dc);
-+ if (rc) {
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10228)
-+ "could not buffer message body to allow "
-+ "TLS Post-Handshake Authentication to proceed");
-+ return rc;
-+ }
-+ }
-+
- if (change_vmode) {
- char peekbuf[1];
-
diff --git a/httpd-2.4.43-sslcoalesce.patch b/httpd-2.4.43-sslcoalesce.patch
deleted file mode 100644
index ef1f728..0000000
--- a/httpd-2.4.43-sslcoalesce.patch
+++ /dev/null
@@ -1,192 +0,0 @@
-
-http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_io.c?r1=1836237&r2=1836236&pathrev=1836237&view=patch
-http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_io.c?r1=1873985&r2=1876037&view=patch
-
---- httpd-2.4.43/modules/ssl/ssl_engine_io.c.sslcoalesce
-+++ httpd-2.4.43/modules/ssl/ssl_engine_io.c
-@@ -1585,18 +1585,32 @@
- }
-
-
--/* ssl_io_filter_output() produces one SSL/TLS message per bucket
-+/* ssl_io_filter_output() produces one SSL/TLS record per bucket
- * passed down the output filter stack. This results in a high
-- * overhead (network packets) for any output comprising many small
-- * buckets. SSI page applied through the HTTP chunk filter, for
-- * example, may produce many brigades containing small buckets -
-- * [chunk-size CRLF] [chunk-data] [CRLF].
-+ * overhead (more network packets & TLS processing) for any output
-+ * comprising many small buckets. SSI output passed through the HTTP
-+ * chunk filter, for example, may produce many brigades containing
-+ * small buckets - [chunk-size CRLF] [chunk-data] [CRLF].
- *
-- * The coalescing filter merges many small buckets into larger buckets
-- * where possible, allowing the SSL I/O output filter to handle them
-- * more efficiently. */
-+ * Sending HTTP response headers as a separate TLS record to the
-+ * response body also reveals information to a network observer (the
-+ * size of headers) which can be significant.
-+ *
-+ * The coalescing filter merges data buckets with the aim of producing
-+ * fewer, larger TLS records - without copying/buffering all content
-+ * and introducing unnecessary overhead.
-+ *
-+ * ### This buffering could be probably be done more comprehensively
-+ * ### in ssl_io_filter_output itself.
-+ *
-+ * ### Another possible performance optimisation in particular for the
-+ * ### [HEAP] [FILE] HTTP response case is using a brigade rather than
-+ * ### a char array to buffer; using apr_brigade_write() to append
-+ * ### will use already-allocated memory from the HEAP, reducing # of
-+ * ### copies.
-+ */
-
--#define COALESCE_BYTES (2048)
-+#define COALESCE_BYTES (AP_IOBUFSIZE)
-
- struct coalesce_ctx {
- char buffer[COALESCE_BYTES];
-@@ -1609,11 +1623,12 @@
- apr_bucket *e, *upto;
- apr_size_t bytes = 0;
- struct coalesce_ctx *ctx = f->ctx;
-+ apr_size_t buffered = ctx ? ctx->bytes : 0; /* space used on entry */
- unsigned count = 0;
-
- /* The brigade consists of zero-or-more small data buckets which
-- * can be coalesced (the prefix), followed by the remainder of the
-- * brigade.
-+ * can be coalesced (referred to as the "prefix"), followed by the
-+ * remainder of the brigade.
- *
- * Find the last bucket - if any - of that prefix. count gives
- * the number of buckets in the prefix. The "prefix" must contain
-@@ -1628,24 +1643,97 @@
- e != APR_BRIGADE_SENTINEL(bb)
- && !APR_BUCKET_IS_METADATA(e)
- && e->length != (apr_size_t)-1
-- && e->length < COALESCE_BYTES
-- && (bytes + e->length) < COALESCE_BYTES
-- && (ctx == NULL
-- || bytes + ctx->bytes + e->length < COALESCE_BYTES);
-+ && e->length <= COALESCE_BYTES
-+ && (buffered + bytes + e->length) <= COALESCE_BYTES;
- e = APR_BUCKET_NEXT(e)) {
-- if (e->length) count++; /* don't count zero-length buckets */
-- bytes += e->length;
-+ /* don't count zero-length buckets */
-+ if (e->length) {
-+ bytes += e->length;
-+ count++;
-+ }
- }
-+
-+ /* If there is room remaining and the next bucket is a data
-+ * bucket, try to include it in the prefix to coalesce. For a
-+ * typical [HEAP] [FILE] HTTP response brigade, this handles
-+ * merging the headers and the start of the body into a single TLS
-+ * record. */
-+ if (bytes + buffered > 0
-+ && bytes + buffered < COALESCE_BYTES
-+ && e != APR_BRIGADE_SENTINEL(bb)
-+ && !APR_BUCKET_IS_METADATA(e)) {
-+ apr_status_t rv = APR_SUCCESS;
-+
-+ /* For an indeterminate length bucket (PIPE/CGI/...), try a
-+ * non-blocking read to have it morph into a HEAP. If the
-+ * read fails with EAGAIN, it is harmless to try a split
-+ * anyway, split is ENOTIMPL for most PIPE-like buckets. */
-+ if (e->length == (apr_size_t)-1) {
-+ const char *discard;
-+ apr_size_t ignore;
-+
-+ rv = apr_bucket_read(e, &discard, &ignore, APR_NONBLOCK_READ);
-+ if (rv != APR_SUCCESS && !APR_STATUS_IS_EAGAIN(rv)) {
-+ ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, f->c, APLOGNO(10232)
-+ "coalesce failed to read from %s bucket",
-+ e->type->name);
-+ return AP_FILTER_ERROR;
-+ }
-+ }
-+
-+ if (rv == APR_SUCCESS) {
-+ /* If the read above made the bucket morph, it may now fit
-+ * entirely within the buffer. Otherwise, split it so it does
-+ * fit. */
-+ if (e->length > COALESCE_BYTES
-+ || e->length + buffered + bytes > COALESCE_BYTES) {
-+ rv = apr_bucket_split(e, COALESCE_BYTES - (buffered + bytes));
-+ }
-+
-+ if (rv == APR_SUCCESS && e->length == 0) {
-+ /* As above, don't count in the prefix if the bucket is
-+ * now zero-length. */
-+ }
-+ else if (rv == APR_SUCCESS) {
-+ ap_log_cerror(APLOG_MARK, APLOG_TRACE4, 0, f->c,
-+ "coalesce: adding %" APR_SIZE_T_FMT " bytes "
-+ "from split %s bucket, total %" APR_SIZE_T_FMT,
-+ e->length, e->type->name, bytes + buffered);
-+
-+ count++;
-+ bytes += e->length;
-+ e = APR_BUCKET_NEXT(e);
-+ }
-+ else if (rv != APR_ENOTIMPL) {
-+ ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, f->c, APLOGNO(10233)
-+ "coalesce: failed to split data bucket");
-+ return AP_FILTER_ERROR;
-+ }
-+ }
-+ }
-+
- upto = e;
-
-- /* Coalesce the prefix, if:
-- * a) more than one bucket is found to coalesce, or
-- * b) the brigade contains only a single data bucket, or
-- * c) the data bucket is not last but we have buffered data already.
-+ /* Coalesce the prefix, if any of the following are true:
-+ *
-+ * a) the prefix is more than one bucket
-+ * OR
-+ * b) the prefix is the entire brigade, which is a single bucket
-+ * AND the prefix length is smaller than the buffer size,
-+ * OR
-+ * c) the prefix is a single bucket
-+ * AND there is buffered data from a previous pass.
-+ *
-+ * The aim with (b) is to buffer a small bucket so it can be
-+ * coalesced with future invocations of this filter. e.g. three
-+ * calls each with a single 100 byte HEAP bucket should get
-+ * coalesced together. But an invocation with a 8192 byte HEAP
-+ * should pass through untouched.
- */
- if (bytes > 0
- && (count > 1
-- || (upto == APR_BRIGADE_SENTINEL(bb))
-+ || (upto == APR_BRIGADE_SENTINEL(bb)
-+ && bytes < COALESCE_BYTES)
- || (ctx && ctx->bytes > 0))) {
- /* If coalescing some bytes, ensure a context has been
- * created. */
-@@ -1656,7 +1744,8 @@
-
- ap_log_cerror(APLOG_MARK, APLOG_TRACE4, 0, f->c,
- "coalesce: have %" APR_SIZE_T_FMT " bytes, "
-- "adding %" APR_SIZE_T_FMT " more", ctx->bytes, bytes);
-+ "adding %" APR_SIZE_T_FMT " more (buckets=%u)",
-+ ctx->bytes, bytes, count);
-
- /* Iterate through the prefix segment. For non-fatal errors
- * in this loop it is safe to break out and fall back to the
-@@ -1671,7 +1760,8 @@
- if (APR_BUCKET_IS_METADATA(e)
- || e->length == (apr_size_t)-1) {
- ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, f->c, APLOGNO(02012)
-- "unexpected bucket type during coalesce");
-+ "unexpected %s bucket during coalesce",
-+ e->type->name);
- break; /* non-fatal error; break out */
- }
-
diff --git a/httpd-2.4.46-lua-resume.patch b/httpd-2.4.46-lua-resume.patch
deleted file mode 100644
index 1a22008..0000000
--- a/httpd-2.4.46-lua-resume.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-diff --git a/modules/lua/config.m4 b/modules/lua/config.m4
-index 29fd563..abeba1c 100644
---- a/modules/lua/config.m4
-+++ b/modules/lua/config.m4
-@@ -34,7 +34,7 @@ AC_DEFUN([CHECK_LUA_PATH], [dnl
- fi
- ])
-
--dnl Check for Lua 5.3/5.2/5.1 Libraries
-+dnl Check for Lua Libraries
- dnl CHECK_LUA(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
- dnl Sets:
- dnl LUA_CFLAGS
-@@ -44,7 +44,7 @@ AC_DEFUN([CHECK_LUA],
-
- AC_ARG_WITH(
- lua,
-- [AC_HELP_STRING([--with-lua=PATH],[Path to the Lua 5.3/5.2/5.1 prefix])],
-+ [AC_HELP_STRING([--with-lua=PATH],[Path to the Lua installation prefix])],
- lua_path="$withval",
- :)
-
-diff --git a/modules/lua/mod_lua.c b/modules/lua/mod_lua.c
-index 05f1e44..18b628c 100644
---- a/modules/lua/mod_lua.c
-+++ b/modules/lua/mod_lua.c
-@@ -342,7 +342,7 @@ static apr_status_t lua_setup_filter_ctx(ap_filter_t* f, request_rec* r, lua_fil
- {
- apr_pool_t *pool;
- ap_lua_vm_spec *spec;
-- int n, rc;
-+ int n, rc, nres;
- lua_State *L;
- lua_filter_ctx *ctx;
- ap_lua_server_cfg *server_cfg = ap_get_module_config(r->server->module_config,
-@@ -410,7 +410,7 @@ static apr_status_t lua_setup_filter_ctx(ap_filter_t* f, request_rec* r, lua_fil
- /* If a Lua filter is interested in filtering a request, it must first do a yield,
- * otherwise we'll assume that it's not interested and pretend we didn't find it.
- */
-- rc = lua_resume(L, 1);
-+ rc = lua_resume(L, 1, &nres);
- if (rc == LUA_YIELD) {
- if (f->frec->providers == NULL) {
- /* Not wired by mod_filter */
-@@ -432,7 +432,7 @@ static apr_status_t lua_setup_filter_ctx(ap_filter_t* f, request_rec* r, lua_fil
- static apr_status_t lua_output_filter_handle(ap_filter_t *f, apr_bucket_brigade *pbbIn)
- {
- request_rec *r = f->r;
-- int rc;
-+ int rc, nres;
- lua_State *L;
- lua_filter_ctx* ctx;
- conn_rec *c = r->connection;
-@@ -492,7 +492,7 @@ static apr_status_t lua_output_filter_handle(ap_filter_t *f, apr_bucket_brigade
- lua_setglobal(L, "bucket");
-
- /* If Lua yielded, it means we have something to pass on */
-- if (lua_resume(L, 0) == LUA_YIELD) {
-+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) {
- size_t olen;
- const char* output = lua_tolstring(L, 1, &olen);
- if (olen > 0) {
-@@ -524,7 +524,7 @@ static apr_status_t lua_output_filter_handle(ap_filter_t *f, apr_bucket_brigade
- apr_bucket *pbktEOS;
- lua_pushnil(L);
- lua_setglobal(L, "bucket");
-- if (lua_resume(L, 0) == LUA_YIELD) {
-+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) {
- apr_bucket *pbktOut;
- size_t olen;
- const char* output = lua_tolstring(L, 1, &olen);
-@@ -558,7 +558,7 @@ static apr_status_t lua_input_filter_handle(ap_filter_t *f,
- apr_off_t nBytes)
- {
- request_rec *r = f->r;
-- int rc, lastCall = 0;
-+ int rc, lastCall = 0, nres;
- lua_State *L;
- lua_filter_ctx* ctx;
- conn_rec *c = r->connection;
-@@ -621,7 +621,7 @@ static apr_status_t lua_input_filter_handle(ap_filter_t *f,
- lua_setglobal(L, "bucket");
-
- /* If Lua yielded, it means we have something to pass on */
-- if (lua_resume(L, 0) == LUA_YIELD) {
-+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) {
- size_t olen;
- const char* output = lua_tolstring(L, 1, &olen);
- pbktOut = apr_bucket_heap_create(output, olen, 0, c->bucket_alloc);
-@@ -643,7 +643,7 @@ static apr_status_t lua_input_filter_handle(ap_filter_t *f,
- apr_bucket *pbktEOS = apr_bucket_eos_create(c->bucket_alloc);
- lua_pushnil(L);
- lua_setglobal(L, "bucket");
-- if (lua_resume(L, 0) == LUA_YIELD) {
-+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) {
- apr_bucket *pbktOut;
- size_t olen;
- const char* output = lua_tolstring(L, 1, &olen);
-diff --git a/modules/lua/mod_lua.h b/modules/lua/mod_lua.h
-index 0e49cdc..72b4de7 100644
---- a/modules/lua/mod_lua.h
-+++ b/modules/lua/mod_lua.h
-@@ -48,7 +48,15 @@
- #if LUA_VERSION_NUM > 501
- /* Load mode for lua_load() */
- #define lua_load(a,b,c,d) lua_load(a,b,c,d,NULL)
--#define lua_resume(a,b) lua_resume(a, NULL, b)
-+
-+#if LUA_VERSION_NUM > 503
-+#define lua_resume(a,b,c) lua_resume(a, NULL, b, c)
-+#else
-+/* ### For version < 5.4, assume that exactly one stack item is on the
-+ * stack, which is what the code did before but seems dubious. */
-+#define lua_resume(a,b,c) (*(c) = 1, lua_resume(a, NULL, b))
-+#endif
-+
- #define luaL_setfuncs_compat(a,b) luaL_setfuncs(a,b,0)
- #else
- #define lua_rawlen(L,i) lua_objlen(L, (i))
diff --git a/httpd-2.4.43-export.patch b/httpd-2.4.48-export.patch
similarity index 93%
rename from httpd-2.4.43-export.patch
rename to httpd-2.4.48-export.patch
index 0d9fd72..439f768 100644
--- a/httpd-2.4.43-export.patch
+++ b/httpd-2.4.48-export.patch
@@ -6,7 +6,7 @@ to do so indirectly.
Upstream: https://svn.apache.org/r1861685 (as new default-off configure option)
diff --git a/Makefile.in b/Makefile.in
-index 9eeb5c7..8746a10 100644
+index 40c7076..ac98e5f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -4,8 +4,15 @@ CLEAN_SUBDIRS = test
@@ -27,7 +27,7 @@ index 9eeb5c7..8746a10 100644
server/libmain.la \
$(BUILTIN_LIBS) \
diff --git a/server/Makefile.in b/server/Makefile.in
-index 1fa3344..116850b 100644
+index 8111877..f00bb3f 100644
--- a/server/Makefile.in
+++ b/server/Makefile.in
@@ -12,7 +12,7 @@ LTLIBRARY_SOURCES = \
@@ -36,7 +36,7 @@ index 1fa3344..116850b 100644
util_charset.c util_cookies.c util_debug.c util_xml.c \
- util_filter.c util_pcre.c util_regex.c exports.c \
+ util_filter.c util_pcre.c util_regex.c \
- scoreboard.c error_bucket.c protocol.c core.c request.c provider.c \
+ scoreboard.c error_bucket.c protocol.c core.c request.c ssl.c provider.c \
eoc_bucket.c eor_bucket.c core_filters.c \
util_expr_parse.c util_expr_scan.c util_expr_eval.c
diff --git a/server/main.c b/server/main.c
diff --git a/httpd-2.4.46-proxy-ws-idle-timeout.patch b/httpd-2.4.48-proxy-ws-idle-timeout.patch
similarity index 68%
rename from httpd-2.4.46-proxy-ws-idle-timeout.patch
rename to httpd-2.4.48-proxy-ws-idle-timeout.patch
index e9f9d40..d04dc68 100644
--- a/httpd-2.4.46-proxy-ws-idle-timeout.patch
+++ b/httpd-2.4.48-proxy-ws-idle-timeout.patch
@@ -1,25 +1,20 @@
diff --git a/docs/manual/mod/mod_proxy_wstunnel.html.en b/docs/manual/mod/mod_proxy_wstunnel.html.en
-index 7506ccb..8867578 100644
+index 9f2c120..61ff7de 100644
--- a/docs/manual/mod/mod_proxy_wstunnel.html.en
+++ b/docs/manual/mod/mod_proxy_wstunnel.html.en
-@@ -60,14 +60,33 @@ NONE means you bypass the check for the header but still upgrade to WebSocket.
- ANY means that Upgrade
will read in the request headers and use
- in the response Upgrade
-
--Directives
--
This module provides no
-- directives.
-+
Directives
-+
+@@ -83,6 +83,7 @@ in the response Upgrade
+ Directives
+
-+
+
Bugfix checklist
See also
+@@ -108,6 +109,23 @@ in the response Upgrade
+ WebSocket requests as in httpd 2.4.46 and earlier.
-+
+
++
+
+
+Description: | Sets the maximum amount of time to wait for data on the websockets tunnel |
@@ -40,21 +35,18 @@ index 7506ccb..8867578 100644
Available Languages: en |
diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c
-index fb53fe6..73da758 100644
+index bcbba42..c29ded1 100644
--- a/modules/proxy/mod_proxy_wstunnel.c
+++ b/modules/proxy/mod_proxy_wstunnel.c
-@@ -18,6 +18,10 @@
-
- module AP_MODULE_DECLARE_DATA proxy_wstunnel_module;
-
-+typedef struct {
+@@ -22,6 +22,7 @@ module AP_MODULE_DECLARE_DATA proxy_wstunnel_module;
+ typedef struct {
+ unsigned int fallback_to_proxy_http :1,
+ fallback_to_proxy_http_set :1;
+ apr_time_t idle_timeout;
-+} proxyws_dir_conf;
-+
- /*
- * Canonicalise http-like URLs.
- * scheme is the scheme for the URL
-@@ -111,6 +115,8 @@ static int proxy_wstunnel_request(apr_pool_t *p, request_rec *r,
+ } proxyws_dir_conf;
+
+ static int can_fallback_to_proxy_http;
+@@ -152,6 +153,8 @@ static int proxy_wstunnel_request(apr_pool_t *p, request_rec *r,
conn_rec *c = r->connection;
apr_socket_t *sock = conn->sock;
conn_rec *backconn = conn->connection;
@@ -63,7 +55,7 @@ index fb53fe6..73da758 100644
char *buf;
apr_bucket_brigade *header_brigade;
apr_bucket *e;
-@@ -188,10 +194,13 @@ static int proxy_wstunnel_request(apr_pool_t *p, request_rec *r,
+@@ -229,10 +232,13 @@ static int proxy_wstunnel_request(apr_pool_t *p, request_rec *r,
c->keepalive = AP_CONN_CLOSE;
do { /* Loop until done (one side closes the connection, or an error) */
@@ -78,7 +70,7 @@ index fb53fe6..73da758 100644
}
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(02444) "error apr_poll()");
return HTTP_INTERNAL_SERVER_ERROR;
-@@ -366,6 +375,38 @@ cleanup:
+@@ -418,11 +424,26 @@ cleanup:
return status;
}
@@ -96,37 +88,22 @@ index fb53fe6..73da758 100644
+ return NULL;
+}
+
-+static void *create_proxyws_dir_config(apr_pool_t *p, char *dummy)
-+{
-+ proxyws_dir_conf *new =
-+ (proxyws_dir_conf *) apr_pcalloc(p, sizeof(proxyws_dir_conf));
-+
+ static void *create_proxyws_dir_config(apr_pool_t *p, char *dummy)
+ {
+ proxyws_dir_conf *new =
+ (proxyws_dir_conf *) apr_pcalloc(p, sizeof(proxyws_dir_conf));
+
+ new->idle_timeout = -1; /* no timeout */
-+
-+ return (void *) new;
-+}
-+
-+static const command_rec ws_proxy_cmds[] =
-+{
+ new->fallback_to_proxy_http = 1;
+
+ return (void *) new;
+@@ -465,7 +486,8 @@ static const command_rec ws_proxy_cmds[] =
+ proxyws_fallback_to_proxy_http, NULL, RSRC_CONF|ACCESS_CONF,
+ "whether to let mod_proxy_http handle the upgrade and tunneling, "
+ "On by default"),
+-
+ AP_INIT_TAKE1("ProxyWebsocketIdleTimeout", proxyws_set_idle, NULL, RSRC_CONF|ACCESS_CONF,
+ "timeout for activity in either direction, unlimited by default."),
-+
-+ {NULL}
-+};
-+
- static void ap_proxy_http_register_hook(apr_pool_t *p)
- {
- proxy_hook_scheme_handler(proxy_wstunnel_handler, NULL, NULL, APR_HOOK_FIRST);
-@@ -374,10 +415,10 @@ static void ap_proxy_http_register_hook(apr_pool_t *p)
-
- AP_DECLARE_MODULE(proxy_wstunnel) = {
- STANDARD20_MODULE_STUFF,
-- NULL, /* create per-directory config structure */
-+ create_proxyws_dir_config, /* create per-directory config structure */
- NULL, /* merge per-directory config structures */
- NULL, /* create per-server config structure */
- NULL, /* merge per-server config structures */
-- NULL, /* command apr_table_t */
-+ ws_proxy_cmds, /* command apr_table_t */
- ap_proxy_http_register_hook /* register hooks */
+ {NULL}
};
+
diff --git a/httpd-2.4.43-r1842929+.patch b/httpd-2.4.48-r1842929+.patch
similarity index 91%
rename from httpd-2.4.43-r1842929+.patch
rename to httpd-2.4.48-r1842929+.patch
index b926195..f83a21d 100644
--- a/httpd-2.4.43-r1842929+.patch
+++ b/httpd-2.4.48-r1842929+.patch
@@ -1,8 +1,8 @@
diff --git a/Makefile.in b/Makefile.in
-index 06b8c5a..9eeb5c7 100644
+index 6747aea..40c7076 100644
--- a/Makefile.in
+++ b/Makefile.in
-@@ -213,6 +213,7 @@ install-cgi:
+@@ -233,6 +233,7 @@ install-cgi:
install-other:
@test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir)
@test -d $(DESTDIR)$(runtimedir) || $(MKINSTALLDIRS) $(DESTDIR)$(runtimedir)
@@ -11,7 +11,7 @@ index 06b8c5a..9eeb5c7 100644
file=apachecore.$$ext; \
if test -f $$file; then \
diff --git a/acinclude.m4 b/acinclude.m4
-index 95232f5..5d9d669 100644
+index b6ef442..98f1441 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -45,6 +45,7 @@ AC_DEFUN([APACHE_GEN_CONFIG_VARS],[
@@ -22,7 +22,7 @@ index 95232f5..5d9d669 100644
APACHE_SUBST(other_targets)
APACHE_SUBST(progname)
APACHE_SUBST(prefix)
-@@ -688,6 +689,7 @@ AC_DEFUN([APACHE_EXPORT_ARGUMENTS],[
+@@ -665,6 +666,7 @@ AC_DEFUN([APACHE_EXPORT_ARGUMENTS],[
APACHE_SUBST_EXPANDED_ARG(runtimedir)
APACHE_SUBST_EXPANDED_ARG(logfiledir)
APACHE_SUBST_EXPANDED_ARG(proxycachedir)
@@ -31,7 +31,7 @@ index 95232f5..5d9d669 100644
dnl
diff --git a/configure.in b/configure.in
-index a63eada..c8f9aa2 100644
+index 37346b2..f303784 100644
--- a/configure.in
+++ b/configure.in
@@ -41,7 +41,7 @@ dnl Something seems broken here.
@@ -56,7 +56,7 @@ index 2b4a70c..e076f41 100644
#endif /* AP_CONFIG_LAYOUT_H */
diff --git a/include/http_config.h b/include/http_config.h
-index f9c2d77..c229bc9 100644
+index 77657ae..384a90f 100644
--- a/include/http_config.h
+++ b/include/http_config.h
@@ -757,6 +757,14 @@ AP_DECLARE(char *) ap_server_root_relative(apr_pool_t *p, const char *fname);
@@ -124,10 +124,10 @@ index addfd7e..2389f8f 100644
APR_HOOK_MIDDLE);
dav_hook_find_liveprop(dav_fs_find_liveprop, NULL, NULL, APR_HOOK_MIDDLE);
diff --git a/server/core.c b/server/core.c
-index 3db9d61..79b2a82 100644
+index d135764..c2176b9 100644
--- a/server/core.c
+++ b/server/core.c
-@@ -129,6 +129,8 @@ AP_DECLARE_DATA int ap_main_state = AP_SQ_MS_INITIAL_STARTUP;
+@@ -142,6 +142,8 @@ AP_DECLARE_DATA int ap_main_state = AP_SQ_MS_INITIAL_STARTUP;
AP_DECLARE_DATA int ap_run_mode = AP_SQ_RM_UNKNOWN;
AP_DECLARE_DATA int ap_config_generation = 0;
@@ -136,7 +136,7 @@ index 3db9d61..79b2a82 100644
static void *create_core_dir_config(apr_pool_t *a, char *dir)
{
core_dir_config *conf;
-@@ -1409,12 +1411,15 @@ AP_DECLARE(const char *) ap_resolve_env(apr_pool_t *p, const char * word)
+@@ -1444,13 +1446,16 @@ AP_DECLARE(const char *) ap_resolve_env(apr_pool_t *p, const char * word)
return res_buf;
}
@@ -147,6 +147,7 @@ index 3db9d61..79b2a82 100644
ap_server_config_defines = saved_server_config_defines;
saved_server_config_defines = NULL;
server_config_defined_vars = NULL;
+ ap_runtime_dir = NULL;
- return OK;
+ core_state_dir = NULL;
+
@@ -154,7 +155,7 @@ index 3db9d61..79b2a82 100644
}
/*
-@@ -3120,6 +3125,24 @@ static const char *set_runtime_dir(cmd_parms *cmd, void *dummy, const char *arg)
+@@ -3220,6 +3225,24 @@ static const char *set_runtime_dir(cmd_parms *cmd, void *dummy, const char *arg)
return NULL;
}
@@ -179,7 +180,7 @@ index 3db9d61..79b2a82 100644
static const char *set_timeout(cmd_parms *cmd, void *dummy, const char *arg)
{
const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_CONTEXT);
-@@ -4414,6 +4437,8 @@ AP_INIT_TAKE1("ServerRoot", set_server_root, NULL, RSRC_CONF | EXEC_ON_READ,
+@@ -4521,6 +4544,8 @@ AP_INIT_TAKE1("ServerRoot", set_server_root, NULL, RSRC_CONF | EXEC_ON_READ,
"Common directory of server-related files (logs, confs, etc.)"),
AP_INIT_TAKE1("DefaultRuntimeDir", set_runtime_dir, NULL, RSRC_CONF | EXEC_ON_READ,
"Common directory for run-time files (shared memory, locks, etc.)"),
@@ -188,7 +189,7 @@ index 3db9d61..79b2a82 100644
AP_INIT_TAKE1("ErrorLog", set_server_string_slot,
(void *)APR_OFFSETOF(server_rec, error_fname), RSRC_CONF,
"The filename of the error log"),
-@@ -4941,8 +4966,7 @@ static int core_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptem
+@@ -5055,8 +5080,7 @@ static int core_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptem
if (!saved_server_config_defines)
init_config_defines(pconf);
@@ -198,7 +199,7 @@ index 3db9d61..79b2a82 100644
ap_regcomp_set_default_cflags(AP_REG_DEFAULT);
-@@ -5170,6 +5194,27 @@ AP_DECLARE(int) ap_state_query(int query)
+@@ -5303,6 +5327,27 @@ AP_DECLARE(int) ap_state_query(int query)
}
}
diff --git a/httpd.spec b/httpd.spec
index 1713f77..e45e680 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -12,8 +12,8 @@
Summary: Apache HTTP Server
Name: httpd
-Version: 2.4.46
-Release: 15%{?dist}
+Version: 2.4.48
+Release: 1%{?dist}
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@@ -68,9 +68,9 @@ Patch3: httpd-2.4.43-deplibs.patch
# Needed for socket activation and mod_systemd patch
Patch19: httpd-2.4.43-detect-systemd.patch
# Features/functional changes
-Patch21: httpd-2.4.43-r1842929+.patch
+Patch21: httpd-2.4.48-r1842929+.patch
Patch22: httpd-2.4.43-mod_systemd.patch
-Patch23: httpd-2.4.43-export.patch
+Patch23: httpd-2.4.48-export.patch
Patch24: httpd-2.4.43-corelimit.patch
Patch25: httpd-2.4.43-selinux.patch
Patch26: httpd-2.4.43-gettid.patch
@@ -83,10 +83,8 @@ Patch39: httpd-2.4.43-sslprotdefault.patch
Patch40: httpd-2.4.43-r1861269.patch
Patch41: httpd-2.4.43-r1861793+.patch
Patch42: httpd-2.4.43-r1828172+.patch
-Patch43: httpd-2.4.43-sslcoalesce.patch
-Patch44: httpd-2.4.46-lua-resume.patch
Patch45: httpd-2.4.43-logjournal.patch
-Patch46: httpd-2.4.46-proxy-ws-idle-timeout.patch
+Patch46: httpd-2.4.48-proxy-ws-idle-timeout.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1949969
Patch47: httpd-2.4.43-pr37355.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1949606
@@ -96,7 +94,6 @@ Patch48: httpd-2.4.46-freebind.patch
# Bug fixes
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243
Patch60: httpd-2.4.43-enable-sslv3.patch
-Patch62: httpd-2.4.43-r1870095+.patch
Patch63: httpd-2.4.46-htcacheclean-dont-break.patch
# Security fixes
@@ -242,15 +239,12 @@ written in the Lua programming language.
%patch40 -p1 -b .r1861269
%patch41 -p1 -b .r1861793+
%patch42 -p1 -b .r1828172+
-%patch43 -p1 -b .sslcoalesce
-%patch44 -p1 -b .luaresume
%patch45 -p1 -b .logjournal
%patch46 -p1 -b .proxy-ws-idle-timeout
%patch47 -p1 -b .pr37355
%patch48 -p1 -b .freebind
%patch60 -p1 -b .enable-sslv3
-%patch62 -p1 -b .r1870095
%patch63 -p1 -b .htcacheclean-dont-break
# Patch in the vendor string
@@ -793,6 +787,10 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
+* Wed Jun 02 2021 Luboš Uhliarik - 2.4.48-1
+- new version 2.4.48
+- Resolves: #1952817 - rebase to 2.4.48
+
* Wed May 26 2021 Luboš Uhliarik - 2.4.46-15
- Resolves: #1949606 - RFE: httpd, add IP_FREEBIND support for Listen
diff --git a/sources b/sources
index 1212cee..5e6cb0c 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (httpd-2.4.46.tar.bz2) = 5936784bb662e9d8a4f7fe38b70c043b468114d931cd10ea831bfe74461ea5856b64f88f42c567ab791fc8907640a99884ba4b6a600f86d661781812735b6f13
-SHA512 (httpd-2.4.46.tar.bz2.asc) = 1f54c20d1aeedb7c745eb72acd79e1ed61d547b22c3dbe53cd3274ed3d897543cd8c49181d4b15d79c12755746cf0a2464d620f69e254ac3f998760133094df0
+SHA512 (httpd-2.4.48.tar.bz2) = 6c250626f1e7d10428a92d984fd48ff841effcc8705f7816ab71b681bbd51d0012ad158dcd13763fe7d630311f2de258b27574603140d648be42796ab8326724
+SHA512 (httpd-2.4.48.tar.bz2.asc) = 9f125de75107b04dd01f71e9e233b1602658b49e38371931b98dc1092be8df05cf7243b5564fa2f56f46544bef61a54a721dee5ca17ce823a2302a7c3698a195
SHA512 (KEYS) = 7ab66c64eaa4a152e88a913993c8ea0d9c46fd5865788e7b32a9619784d245cef8bddd9700368e3d63ce88ed94df8933e5892878523dc0fce697331136bb829e