Mailing List Archive

svn commit: r1901009 - in /httpd/httpd/branches/2.4.x: CHANGES STATUS changes-entries/md_acme_failover.txt changes-entries/mod_proxy_log_backend_port.txt modules/http2/h2_mplx.c modules/http2/h2_version.h
Author: jim
Date: Tue May 17 18:17:44 2022
New Revision: 1901009

URL: http://svn.apache.org/viewvc?rev=1901009&view=rev
Log:
Merge r from trunk:

Submitted by: icing, rpluem, ylavic
Reviewed by: jim

Github: closes #317

Removed:
httpd/httpd/branches/2.4.x/changes-entries/md_acme_failover.txt
httpd/httpd/branches/2.4.x/changes-entries/mod_proxy_log_backend_port.txt
Modified:
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/modules/http2/h2_mplx.c
httpd/httpd/branches/2.4.x/modules/http2/h2_version.h

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1901009&r1=1901008&r2=1901009&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Tue May 17 18:17:44 2022
@@ -1,6 +1,13 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.54

+ *) mod_http2: removing unscheduling of ongonig tasks when
+ connection shows potential abuse by a client. This proved
+ counter-productive and the abuse detection can false flag
+ requests using server-side-events.
+ Fixes <https://github.com/icing/mod_h2/issues/231>.
+ [Stefan Eissing]
+
*) Implement full auto status ("key: value" type status output).
Especially not only status summary counts for certificates and
OCSP stapling but also lists. Auto status format is similar to
@@ -686,7 +693,7 @@ Changes with Apache 2.4.47
*) mod_ssl: Improve the coalescing filter to buffer into larger TLS
records, and avoid revealing the HTTP header size via TLS record
boundaries (for common response generators).
- [Joe Orton, Ruediger Pluem]
+ [Joe Orton, Ruediger Pluem]

*) mod_proxy_hcheck: Don't pile up health checks if the previous one did
not finish before hcinterval. PR 63010. [Yann Ylavic]
@@ -707,7 +714,7 @@ Changes with Apache 2.4.47
allowing for (non-)Upgrade negotiation with the origin server.
[Yann Ylavic]

- *) mod_proxy: Allow ProxyErrorOverride to be restricted to specific status
+ *) mod_proxy: Allow ProxyErrorOverride to be restricted to specific status
codes. PR63628. [Martin Drößler <mail martindroessler.de>]

*) core: Add ReadBufferSize, FlushMaxThreshold and FlushMaxPipelined
@@ -740,7 +747,7 @@ Changes with Apache 2.4.47
*) mod_rewrite: Extend the [CO] (cookie) flag of RewriteRule to accept a
SameSite attribute. [Eric Covener]

- *) mod_proxy: Add proxy check_trans hook. This allows proxy
+ *) mod_proxy: Add proxy check_trans hook. This allows proxy
modules to decline request handling at early stage.

*) mod_proxy_wstunnel: Decline requests without an Upgrade
@@ -795,10 +802,10 @@ Changes with Apache 2.4.44
*) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard
protocol limit). [Yann Ylavic]

- *) mod_http2:
- Fixes <https://github.com/icing/mod_h2/issues/200>:
+ *) mod_http2:
+ Fixes <https://github.com/icing/mod_h2/issues/200>:
"LimitRequestFields 0" now disables the limit, as documented.
- Fixes <https://github.com/icing/mod_h2/issues/201>:
+ Fixes <https://github.com/icing/mod_h2/issues/201>:
Do not count repeated headers with same name against the field
count limit. The are merged internally, as if sent in a single HTTP/1 line.
[Stefan Eissing]
@@ -865,7 +872,7 @@ Changes with Apache 2.4.42

*) mod_proxy_http: Fix the forwarding of requests with content body when a
balancer member is unavailable; the retry on the next member was issued
- with an empty body (regression introduced in 2.4.41). PR63891.
+ with an empty body (regression introduced in 2.4.41). PR63891.
[Yann Ylavic]

*) core: Use a temporary file when writing the pid file, avoiding
@@ -883,7 +890,7 @@ Changes with Apache 2.4.42
*) mod_authz_groupfile: Drop AH01666 from loglevel "error" to "info".
PR64172.

- *) mod_usertrack: Add CookieSameSite, CookieHTTPOnly, and CookieSecure
+ *) mod_usertrack: Add CookieSameSite, CookieHTTPOnly, and CookieSecure
to allow customization of the usertrack cookie. PR64077.
[Prashant Keshvani <prashant2400 gmail.com>, Eric Covener]

@@ -922,7 +929,7 @@ Changes with Apache 2.4.42
allow for use in <If> and <Macro> sections. If all possible variations lead to the configuration
you wanted in the first place, is another matter.
[.Michael Kaufmann <mail michael-kaufmann.ch>, Timothe Litt (@tlhackque),
- Michal Karm Babacek (@Karm), Stefan Eissing (@icing)]
+ Michal Karm Babacek (@Karm), Stefan Eissing (@icing)]

*) test: Added continuous testing with Travis CI.
This tests various scenarios on Ubuntu with the full test suite.
@@ -951,18 +958,18 @@ Changes with Apache 2.4.42
r:notes_table, r:subprocess_env_table as read-only native table alternatives
that can be iterated over. [Eric Covener]

- *) mod_http2: Fixed rare cases where a h2 worker could deadlock the main connection.
+ *) mod_http2: Fixed rare cases where a h2 worker could deadlock the main connection.
[Yann Ylavic, Stefan Eissing]

- *) mod_lua: Accept nil assignments to the exposed tables (r.subprocess_env,
- r.headers_out, etc) to remove the key from the table. PR63971.
+ *) mod_lua: Accept nil assignments to the exposed tables (r.subprocess_env,
+ r.headers_out, etc) to remove the key from the table. PR63971.
[Eric Covener]

*) mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the
- ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct`
+ ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct`
always `on`, regardless of configuration. Found and reported by
<Armin.Abfalterer@united-security-providers.ch> and
- <Marcial.Rion@united-security-providers.ch>. [Stefan Eissing]
+ <Marcial.Rion@united-security-providers.ch>. [Stefan Eissing]

*) mod_http2: Multiple field length violations in the same request no longer cause
several log entries to be written. [@mkauf]
@@ -972,7 +979,7 @@ Changes with Apache 2.4.42

*) mod_proxy_html, mod_xml2enc: Fix build issues with macOS due to r1864469
[Jim Jagielski]
-
+
*) mod_authn_socache: Increase the maximum length of strings that can be cached by
the module from 100 to 256. PR 62149 [<thorsten.meinl knime.com>]

@@ -986,7 +993,7 @@ Changes with Apache 2.4.42
*) mod_deflate, mod_brotli: honor "Accept-Encoding: foo;q=0" as per RFC 7231; which
means 'foo' is "not acceptable". PR 58158 [Chistophe Jaillet]

- *) mod_md v2.2.3:
+ *) mod_md v2.2.3:
- Configuring MDCAChallenges replaces any previous existing challenge configuration. It
had been additive before which was not the intended behaviour. [@mkauf]
- Fixing order of ACME challenges used when nothing else configured. Code now behaves as
@@ -1009,7 +1016,7 @@ Changes with Apache 2.4.42
locations or formats.
[Stefan Eissing]

- *) mod_proxy_balancer: Fix case-sensitive referer check related to CSRF/XSS
+ *) mod_proxy_balancer: Fix case-sensitive referer check related to CSRF/XSS
protection. PR 63688. [Armin Abfalterer <a.abfalterer gmail.com>]

Changes with Apache 2.4.41
@@ -1045,7 +1052,7 @@ Changes with Apache 2.4.41
leading to crashes. The memory copied is that of the configured push
link header values, not data supplied by the client. [Stefan Eissing]

- *) mod_proxy_balancer: Improve balancer-manager protection against
+ *) mod_proxy_balancer: Improve balancer-manager protection against
XSS/XSRF attacks from trusted users. [Joe Orton,
Niels Heinen <heinenn google.com>]

@@ -1061,7 +1068,7 @@ Changes with Apache 2.4.41

Changes with Apache 2.4.40

- *) core, mod_rewrite: Set PCRE_DOTALL by default. Revert via
+ *) core, mod_rewrite: Set PCRE_DOTALL by default. Revert via
RegexDefaultOptions -DOTALL [Yann Ylavic]

*) core: Remove request details from built-in error documents [Eric Covener]
@@ -1093,13 +1100,13 @@ Changes with Apache 2.4.40
other modules want to provide those. Falls back to own implementation with
same behaviour as before.
[Stefan Eissing]
-
+
*) mod_md: new features
- protocol
- supports the ACMEv2 protocol. It is the default and will be used on the next
certificate renewal, unless another "MDCertificateAuthority" is configured
- ACMEv2 endpoints use the GET via empty POST way of accessing resources, see
- announcement by Let's Encrypt:
+ announcement by Let's Encrypt:
https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380
- challenges
- new challenge method 'tls-alpn-01' implemented
@@ -1211,41 +1218,41 @@ Changes with Apache 2.4.39
*) core: new configuration option 'MergeSlashes on|off' that controls handling of
multiple, consecutive slash ('/') characters in the path component of the request URL.
[Eric Covener]
-
+
*) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is
in play, the proper HTTP/2 stream reset did not trigger with H2_ERR_HTTP_1_1_REQUIRED.
- Fixed. [Michael Kaufmann]
+ Fixed. [Michael Kaufmann]

- *) mod_http2: new configuration directive: `H2Padding numbits` to control
+ *) mod_http2: new configuration directive: `H2Padding numbits` to control
padding of HTTP/2 payload frames. 'numbits' is a number from 0-8,
controlling the range of padding bytes added to a frame. The actual number
added is chosen randomly per frame. This applies to HEADERS, DATA and PUSH_PROMISE
- frames equally. The default continues to be 0, e.g. no padding. [Stefan Eissing]
-
+ frames equally. The default continues to be 0, e.g. no padding. [Stefan Eissing]
+
*) mod_http2: ripping out all the h2_req_engine internal features now that mod_proxy_http2
has no more need for it. Optional functions are still declared but no longer implemented.
While previous mod_proxy_http2 will work with this, it is recommended to run the matching
versions of both modules. [Stefan Eissing]
-
+
*) mod_proxy_http2: changed mod_proxy_http2 implementation and fixed several bugs which
resolve PR63170. The proxy module does now a single h2 request on the (reused)
connection and returns. [Stefan Eissing]
-
- *) mod_http2/mod_proxy_http2: proxy_http2 checks correct master connection aborted status
+
+ *) mod_http2/mod_proxy_http2: proxy_http2 checks correct master connection aborted status
to trigger immediate shutdown of backend connections. This is now always signalled
- by mod_http2 when the the session is being released.
+ by mod_http2 when the the session is being released.
proxy_http2 now only sends a PING frame to the backend when there is not already one
in flight. [Stefan Eissing]

- *) mod_proxy_http2: fixed an issue where a proxy_http2 handler entered an infinite
- loop when encountering certain errors on the backend connection.
+ *) mod_proxy_http2: fixed an issue where a proxy_http2 handler entered an infinite
+ loop when encountering certain errors on the backend connection.
See <https://bz.apache.org/bugzilla/show_bug.cgi?id=63170>. [Stefan Eissing]

- *) mod_http2: Configuration directives H2Push and H2Upgrade can now be specified per
+ *) mod_http2: Configuration directives H2Push and H2Upgrade can now be specified per
Location/Directory, e.g. disabling PUSH for a specific set of resources. [Stefan Eissing]

*) mod_http2: HEAD requests to some module such as mod_cgid caused the stream to
- terminate improperly and cause a HTTP/2 PROTOCOL_ERROR.
+ terminate improperly and cause a HTTP/2 PROTOCOL_ERROR.
Fixes <https://github.com/icing/mod_h2/issues/167>. [Michael Kaufmann]

*) http: Fix possible empty response with mod_ratelimit for HEAD requests.
@@ -1293,13 +1300,13 @@ Changes with Apache 2.4.38

*) mod_negotiation: Treat LanguagePriority as case-insensitive to match
AddLanguage behavior and HTTP specification. PR 39730 [Christophe Jaillet]
-
+
*) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
have been fixed. [Michael Kaufmann, Stefan Eissing]
-
+
*) mod_setenvif: We can have expressions that become true if a regex pattern
in the expression does NOT match. In this case val is NULL
- and we should just set the value for the environment variable
+ and we should just set the value for the environment variable
like in the pattern case. [Ruediger Pluem]

*) mod_session: Always decode session attributes early. [Hank Ibell]
@@ -1308,7 +1315,7 @@ Changes with Apache 2.4.38
multiple environment variables are specified in a directive. [Hank Ibell]

*) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
- this type of map is present in the configuration. PR62311.
+ this type of map is present in the configuration. PR62311.
[Hank Ibell <hwibell gmail.com>]

*) mod_dav: Fix invalid Location header when a resource is created by
@@ -1332,7 +1339,7 @@ Changes with Apache 2.4.38
*) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
redirects, subsequent ProxyPassReverse statements, whether they are
relative or absolute, may fail. PR 60408. [Peter Haworth <pmh1wheel gmail.com>]
-
+
*) mod_lua: Now marked as a stable module [https://s.apache.org/Xnh1]

Changes with Apache 2.4.37
@@ -1361,9 +1368,9 @@ Changes with Apache 2.4.36
[Eric Covener]

*) mod_http2: adding defensive code for stream EOS handling, in case the request handler
- missed to signal it the normal way (eos buckets). Addresses github issues
+ missed to signal it the normal way (eos buckets). Addresses github issues
https://github.com/icing/mod_h2/issues/164, https://github.com/icing/mod_h2/issues/167
- and https://github.com/icing/mod_h2/issues/170. [Stefan Eissing]
+ and https://github.com/icing/mod_h2/issues/170. [Stefan Eissing]

*) ab: Add client certificate support. PR 55774. [Graham Leggett]

@@ -1441,7 +1448,7 @@ Changes with Apache 2.4.35
*) mod_watchdog: Correct some log messages. [Rainer Jung]

*) mod_md: When the last domain name from an MD is moved to another one,
- that now empty MD gets moved to the store archive. PR 62572.
+ that now empty MD gets moved to the store archive. PR 62572.
[Stefan Eissing]

*) mod_ssl: Fix merging of SSLOCSPOverrideResponder. [Jeff Trawick,

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1901009&r1=1901008&r2=1901009&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Tue May 17 18:17:44 2022
@@ -163,11 +163,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
ylavic: I think "extra" should be an apr_size_t.
icing: added r1899905 with the proposed changes and assertions.

- *) mod_http2: remove unscheduling of ongoing tasks when client
- behaviour triggers mood change. Fixes https://github.com/icing/mod_h2/issues/231
- Trunk version of patch: n.a.
- 2.4.x patch: https://github.com/apache/httpd/pull/317.diff
- +1: icing, rpluem, ylavic

PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[. New proposals should be added at the end of the list ]

Modified: httpd/httpd/branches/2.4.x/modules/http2/h2_mplx.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_mplx.c?rev=1901009&r1=1901008&r2=1901009&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/http2/h2_mplx.c (original)
+++ httpd/httpd/branches/2.4.x/modules/http2/h2_mplx.c Tue May 17 18:17:44 2022
@@ -861,102 +861,6 @@ void h2_mplx_s_task_done(h2_mplx *m, h2_
* h2_mplx DoS protection
******************************************************************************/

-static int m_timed_out_busy_iter(void *data, void *val)
-{
- stream_iter_ctx *ctx = data;
- h2_stream *stream = val;
- if (h2_task_has_started(stream->task) && !stream->task->worker_done
- && (ctx->now - stream->task->started_at) > stream->task->timeout) {
- /* timed out stream occupying a worker, found */
- ctx->stream = stream;
- return 0;
- }
- return 1;
-}
-
-static h2_stream *m_get_timed_out_busy_stream(h2_mplx *m)
-{
- stream_iter_ctx ctx;
- ctx.m = m;
- ctx.stream = NULL;
- ctx.now = apr_time_now();
- h2_ihash_iter(m->streams, m_timed_out_busy_iter, &ctx);
- return ctx.stream;
-}
-
-static int m_latest_repeatable_unsubmitted_iter(void *data, void *val)
-{
- stream_iter_ctx *ctx = data;
- h2_stream *stream = val;
-
- if (!stream->task) goto leave;
- if (!h2_task_has_started(stream->task) || stream->task->worker_done) goto leave;
- if (h2_stream_is_ready(stream)) goto leave;
- if (stream->task->redo) {
- ++ctx->count;
- goto leave;
- }
- if (h2_task_can_redo(stream->task)) {
- /* this task occupies a worker, the response has not been submitted
- * yet, not been cancelled and it is a repeatable request
- * -> we could redo it later */
- if (!ctx->stream
- || (ctx->stream->task->started_at < stream->task->started_at)) {
- /* we did not have one or this one was started later */
- ctx->stream = stream;
- }
- }
-leave:
- return 1;
-}
-
-static apr_status_t m_assess_task_to_throttle(h2_task **ptask, h2_mplx *m)
-{
- stream_iter_ctx ctx;
-
- /* count the running tasks already marked for redo and get one that could
- * be throttled */
- *ptask = NULL;
- ctx.m = m;
- ctx.stream = NULL;
- ctx.count = 0;
- h2_ihash_iter(m->streams, m_latest_repeatable_unsubmitted_iter, &ctx);
- if (m->tasks_active - ctx.count > m->limit_active) {
- /* we are above the limit of running tasks, accounting for the ones
- * already throttled. */
- if (ctx.stream && ctx.stream->task) {
- *ptask = ctx.stream->task;
- return APR_EAGAIN;
- }
- /* above limit, be seeing no candidate for easy throttling */
- if (m_get_timed_out_busy_stream(m)) {
- /* Too many busy workers, unable to cancel enough streams
- * and with a busy, timed out stream, we tell the client
- * to go away... */
- return APR_TIMEUP;
- }
- }
- return APR_SUCCESS;
-}
-
-static apr_status_t m_unschedule_slow_tasks(h2_mplx *m)
-{
- h2_task *task;
- apr_status_t rv;
-
- /* Try to get rid of streams that occupy workers. Look for safe requests
- * that are repeatable. If none found, fail the connection.
- */
- while (APR_EAGAIN == (rv = m_assess_task_to_throttle(&task, m))) {
- ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, m->c,
- "h2_mplx(%s): unschedule, resetting task for redo later",
- task->id);
- task->redo = 1;
- h2_task_rst(task, H2_ERR_CANCEL);
- }
- return rv;
-}
-
static apr_status_t s_mplx_be_happy(h2_mplx *m, h2_task *task)
{
apr_time_t now;
@@ -1006,9 +910,6 @@ static apr_status_t m_be_annoyed(h2_mplx
m->id, m->limit_active);
}

- if (m->tasks_active > m->limit_active) {
- status = m_unschedule_slow_tasks(m);
- }
return status;
}


Modified: httpd/httpd/branches/2.4.x/modules/http2/h2_version.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_version.h?rev=1901009&r1=1901008&r2=1901009&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/http2/h2_version.h (original)
+++ httpd/httpd/branches/2.4.x/modules/http2/h2_version.h Tue May 17 18:17:44 2022
@@ -27,7 +27,7 @@
* @macro
* Version number of the http2 module as c string
*/
-#define MOD_HTTP2_VERSION "1.15.26"
+#define MOD_HTTP2_VERSION "1.15.28"

/**
* @macro