Re: svn commit: r1906487 - /httpd/httpd/trunk/modules/dav/main/util.c

2023-01-09 Thread Ruediger Pluem 



On 1/9/23 5:16 PM, Joe Orton wrote:
> On Mon, Jan 09, 2023 at 04:47:33PM +0100, Ruediger Pluem wrote:
>> On 1/9/23 1:01 PM, jor...@apache.org wrote:
>>> Author: jorton
>>> Date: Mon Jan  9 12:01:56 2023
>>> New Revision: 1906487
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1906487=rev
>>> Log:
>>> * modules/dav/main/util.c (dav_process_if_header): Fix error
>>>   path for "Not" prefix parsing.
>>>
>>> Modified:
>>> httpd/httpd/trunk/modules/dav/main/util.c
>>>
>>> Modified: httpd/httpd/trunk/modules/dav/main/util.c
>>> URL: 
>>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?rev=1906487=1906486=1906487=diff
>>> ==
>>> --- httpd/httpd/trunk/modules/dav/main/util.c (original)
>>> +++ httpd/httpd/trunk/modules/dav/main/util.c Mon Jan  9 12:01:56 2023
>>> @@ -801,8 +801,14 @@ static dav_error * dav_process_if_header
>>>   "for the same state.");
>>>  }
>>>  condition = DAV_IF_COND_NOT;
>>> +list += 2;
>>> +}
>>> +else {
>>> +return dav_new_error(r->pool, HTTP_BAD_REQUEST,
>>> + DAV_ERR_IF_UNK_CHAR, 0,
>>> + "Invalid \"If:\" header: "
>>> + "Unexpected character in 
>>> List");
>>
>> Do we want to return here to save cycles or do we do another cycle in 
>> the while loop and reuse the error message from 'default:' and thus 
>> also ignore single 'N' s that are followed by a ' \t<['?
> 
> It seems consistent with other error cases to return straight away, but 
> I'm not following the second part, can you explain more?  An 'N' 
> followed by whitespace should be caught and treated as an error now (as 
> desired & expected).

Sorry for the confusion. It is treated as an error now. I was referring to my
other approach were it would not be caught. I also found another case that 
would not be
caught by my proposal (an 'N' at the end of the string). Hence all good. Your 
approach
is the correct and better one.

Regards

Rüdiger

Re: svn commit: r1903677 - in /httpd/httpd/trunk: changes-entries/ docs/manual/mod/ modules/md/ test/modules/md/

2023-01-09 Thread Christophe JAILLET 

Le 25/08/2022 à 16:00, ic...@apache.org a écrit :

Author: icing
Date: Thu Aug 25 14:00:13 2022
New Revision: 1903677

URL: http://svn.apache.org/viewvc?rev=1903677=rev
Log:
mod_md v2.4.19 from github sync

   *) mod_md: a new directive `MDStoreLocks` can be used on cluster
  setups with a shared file system for `MDStoreDir` to order
  activation of renewed certificates when several cluster nodes are
  restarted at the same time. Store locks are not enabled by default.

  Restored curl_easy cleanup behaviour from v2.4.14 and refactored
  the use of curl_multi for OCSP requests to work with that.
  Fixes .


Added:
 httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt
 httpd/httpd/trunk/test/modules/md/test_820_locks.py
Modified:
 httpd/httpd/trunk/docs/manual/mod/mod_md.xml
 httpd/httpd/trunk/modules/md/md_curl.c
 httpd/httpd/trunk/modules/md/md_http.c
 httpd/httpd/trunk/modules/md/md_http.h
 httpd/httpd/trunk/modules/md/md_log.h
 httpd/httpd/trunk/modules/md/md_reg.c
 httpd/httpd/trunk/modules/md/md_reg.h
 httpd/httpd/trunk/modules/md/md_store.c
 httpd/httpd/trunk/modules/md/md_store.h
 httpd/httpd/trunk/modules/md/md_store_fs.c
 httpd/httpd/trunk/modules/md/md_version.h
 httpd/httpd/trunk/modules/md/mod_md.c
 httpd/httpd/trunk/modules/md/mod_md_config.c
 httpd/httpd/trunk/modules/md/mod_md_config.h
 httpd/httpd/trunk/test/modules/md/conftest.py

Added: httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt
URL: 
http://svn.apache.org/viewvc/httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt?rev=1903677=auto
==
--- httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt (added)
+++ httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt Thu Aug 25 14:00:13 
2022
@@ -0,0 +1,8 @@
+  *) mod_md: a new directive `MDStoreLocks` can be used on cluster
+ setups with a shared file system for `MDStoreDir` to order
+ activation of renewed certificates when several cluster nodes are
+ restarted at the same time. Store locks are not enabled by default.
+
+ Restored curl_easy cleanup behaviour from v2.4.14 and refactored
+ the use of curl_multi for OCSP requests to work with that.
+ Fixes .

Modified: httpd/httpd/trunk/docs/manual/mod/mod_md.xml
URL: 
http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_md.xml?rev=1903677=1903676=1903677=diff
==
--- httpd/httpd/trunk/docs/manual/mod/mod_md.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_md.xml Thu Aug 25 14:00:13 2022
@@ -1405,7 +1405,7 @@ MDMessageCmd /etc/apache/md-message
  
  
  
-

+
  MDRetryFailover
  
  MDRetryFailover number
@@ -1423,5 +1423,39 @@ MDMessageCmd /etc/apache/md-message
  
  
  
+
+
+MDStoreLocks
+


Hi,

a description is missing.
Not sure how to write it myself.

CJ


+MDStoreLocks on|off|duration
+MDStoreLocks off
+
+server config
+
+Available in version 2.4.55 and later
+
+
+Enable this to use a lock file on server startup when
+MDStoreDir is synchronized with the 
server
+configuration and renewed certificates are activated.
+
+Locking is intended for setups in a cluster that have a shared
+file system for MDStoreDir. It will protect the activation of
+renewed certificates when cluster nodes are restarted/reloaded
+at the same time. Under the condition that the shared file
+ system does support file locking.
+
+The default duration to obtain the lock is 5 seconds. If the 
log
+cannot be obtained, an error is logged and the server startup 
will
+continue. This may result in a cluster node to still use the
+previous certificate afterwards.
+
+A higher timeout will reduce that likelihood, but may delay 
server
+startups/reloads in case the locks are not properly handled in
+the underlying file system. A lock should only be held by a
+httpd instance for a short duration.
+
+
+

Re: svn commit: r1906487 - /httpd/httpd/trunk/modules/dav/main/util.c

2023-01-09 Thread Joe Orton 
On Mon, Jan 09, 2023 at 04:47:33PM +0100, Ruediger Pluem wrote:
> On 1/9/23 1:01 PM, jor...@apache.org wrote:
> > Author: jorton
> > Date: Mon Jan  9 12:01:56 2023
> > New Revision: 1906487
> > 
> > URL: http://svn.apache.org/viewvc?rev=1906487=rev
> > Log:
> > * modules/dav/main/util.c (dav_process_if_header): Fix error
> >   path for "Not" prefix parsing.
> > 
> > Modified:
> > httpd/httpd/trunk/modules/dav/main/util.c
> > 
> > Modified: httpd/httpd/trunk/modules/dav/main/util.c
> > URL: 
> > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?rev=1906487=1906486=1906487=diff
> > ==
> > --- httpd/httpd/trunk/modules/dav/main/util.c (original)
> > +++ httpd/httpd/trunk/modules/dav/main/util.c Mon Jan  9 12:01:56 2023
> > @@ -801,8 +801,14 @@ static dav_error * dav_process_if_header
> >   "for the same state.");
> >  }
> >  condition = DAV_IF_COND_NOT;
> > +list += 2;
> > +}
> > +else {
> > +return dav_new_error(r->pool, HTTP_BAD_REQUEST,
> > + DAV_ERR_IF_UNK_CHAR, 0,
> > + "Invalid \"If:\" header: "
> > + "Unexpected character in 
> > List");
> 
> Do we want to return here to save cycles or do we do another cycle in 
> the while loop and reuse the error message from 'default:' and thus 
> also ignore single 'N' s that are followed by a ' \t<['?

It seems consistent with other error cases to return straight away, but 
I'm not following the second part, can you explain more?  An 'N' 
followed by whitespace should be caught and treated as an error now (as 
desired & expected).

Regards, Joe

Re: stable branch

2023-01-09 Thread Eric Covener 
On Mon, Jan 9, 2023 at 10:35 AM Ruediger Pluem  wrote:
>
>
>
> On 1/9/23 3:54 PM, Emmanuel Dreyfus wrote:
> > On Mon, Jan 09, 2023 at 09:37:37AM -0500, Eric Covener wrote:
> >> svn relocate http://svn.apache.org https://svn.apache.org
> >
> > That did it! I made the commit, but someone knowledgable should
> > probably check I did not break something
>
> Looks good. Typically commit messages for backports start with:
>
> Merge rXXX, rYYY from trunk:
>
> See e.g.
>
> http://svn.apache.org/viewvc?rev=1906489=rev

I use http://people.apache.org/~jorton/svn.merge which sets this up in
the "clog" output.
I edit "clog" to put some info from STATUS in before committing.



--
Eric Covener
cove...@gmail.com

Re: svn commit: r1906487 - /httpd/httpd/trunk/modules/dav/main/util.c

2023-01-09 Thread Ruediger Pluem 



On 1/9/23 1:01 PM, jor...@apache.org wrote:
> Author: jorton
> Date: Mon Jan  9 12:01:56 2023
> New Revision: 1906487
> 
> URL: http://svn.apache.org/viewvc?rev=1906487=rev
> Log:
> * modules/dav/main/util.c (dav_process_if_header): Fix error
>   path for "Not" prefix parsing.
> 
> Modified:
> httpd/httpd/trunk/modules/dav/main/util.c
> 
> Modified: httpd/httpd/trunk/modules/dav/main/util.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?rev=1906487=1906486=1906487=diff
> ==
> --- httpd/httpd/trunk/modules/dav/main/util.c (original)
> +++ httpd/httpd/trunk/modules/dav/main/util.c Mon Jan  9 12:01:56 2023
> @@ -801,8 +801,14 @@ static dav_error * dav_process_if_header
>   "for the same state.");
>  }
>  condition = DAV_IF_COND_NOT;
> +list += 2;
> +}
> +else {
> +return dav_new_error(r->pool, HTTP_BAD_REQUEST,
> + DAV_ERR_IF_UNK_CHAR, 0,
> + "Invalid \"If:\" header: "
> + "Unexpected character in List");

Do we want to return here to save cycles or do we do another cycle in the while 
loop and reuse the error message from 'default:'
and thus also ignore single 'N' s that are followed by a ' \t<['?

Regards

Rüdiger

Re: stable branch

2023-01-09 Thread Ruediger Pluem 



On 1/9/23 3:54 PM, Emmanuel Dreyfus wrote:
> On Mon, Jan 09, 2023 at 09:37:37AM -0500, Eric Covener wrote:
>> svn relocate http://svn.apache.org https://svn.apache.org
> 
> That did it! I made the commit, but someone knowledgable should
> probably check I did not break something 

Looks good. Typically commit messages for backports start with:

Merge rXXX, rYYY from trunk:

See e.g.

http://svn.apache.org/viewvc?rev=1906489=rev

Regards

Rüdiger

Re: svn commit: r1906494 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS docs/manual/expr.xml docs/manual/mod/mod_authn_core.xml modules/aaa/mod_authn_core.c

2023-01-09 Thread Eric Covener 
On Mon, Jan 9, 2023 at 10:11 AM Ruediger Pluem  wrote:
>
>
>
> On 1/9/23 2:16 PM, cove...@apache.org wrote:
> > Author: covener
> > Date: Mon Jan  9 13:16:50 2023
> > New Revision: 1906494
> >
> > URL: http://svn.apache.org/viewvc?rev=1906494=rev
> > Log:
> > Merge r1663123, r1670431 from trunk:
> >
> > mod_authn_core: Add expression support to AuthName and AuthType.
> >
> >
> > Add missing APLOGNOs by running
> > docs/log-message-tags/update-log-msg-tags.
> >
> > bump version in XML to 2.4.55
> >
> > Submitted By: minfrin
> > Reviewed By: minfrin, jim, covener
> >
> >
> > Modified:
> > httpd/httpd/branches/2.4.x/   (props changed)
> > httpd/httpd/branches/2.4.x/CHANGES
> > httpd/httpd/branches/2.4.x/STATUS
> > httpd/httpd/branches/2.4.x/docs/manual/expr.xml
> > httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_core.xml
> > httpd/httpd/branches/2.4.x/modules/aaa/mod_authn_core.c
> >
> > Propchange: httpd/httpd/branches/2.4.x/
> > --
> >   Merged /httpd/httpd/trunk:r1663123,1670431
>
> > Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_core.xml
> > URL: 
> > http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_core.xml?rev=1906494=1906493=1906494=diff
> > ==
> > --- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_core.xml (original)
> > +++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_core.xml Mon Jan  
> > 9 13:16:50 2023
> > @@ -141,6 +141,16 @@ authentication
> >
> >  The string provided for the AuthName is what will
> >  appear in the password dialog provided by most browsers.
> > +
> > +From 2.4.13, expression syntax can be
>
> I guess this should be 2.4.55.
>
> > +used inside the directive to produce the name dynamically.
> > +
> > +   For example:
> > +
> > +   
> > + AuthName "%{HTTP_HOST}"
> > +   
> > +
> >  
> >   >  href="../howto/auth.html">Authentication, Authorization, and
> > @@ -195,6 +205,9 @@ authentication
> >  /Directory
> >  
> >
> > +From 2.4.13, expression syntax can be
>
> I guess this should be 2.4.55.
>
> > +used inside the directive to specify the type dynamically.> +
> >  When disabling authentication, note that clients which have
> >  already authenticated against another portion of the server's document
> >  tree will typically continue to send authentication HTTP headers
> >
>

Thanks, I was sure I had edited those by hand, not sure how it got lost.

Re: svn commit: r1906494 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS docs/manual/expr.xml docs/manual/mod/mod_authn_core.xml modules/aaa/mod_authn_core.c

2023-01-09 Thread Ruediger Pluem 



On 1/9/23 2:16 PM, cove...@apache.org wrote:
> Author: covener
> Date: Mon Jan  9 13:16:50 2023
> New Revision: 1906494
> 
> URL: http://svn.apache.org/viewvc?rev=1906494=rev
> Log:
> Merge r1663123, r1670431 from trunk:
> 
> mod_authn_core: Add expression support to AuthName and AuthType.
> 
> 
> Add missing APLOGNOs by running
> docs/log-message-tags/update-log-msg-tags.
> 
> bump version in XML to 2.4.55
> 
> Submitted By: minfrin
> Reviewed By: minfrin, jim, covener
> 
> 
> Modified:
> httpd/httpd/branches/2.4.x/   (props changed)
> httpd/httpd/branches/2.4.x/CHANGES
> httpd/httpd/branches/2.4.x/STATUS
> httpd/httpd/branches/2.4.x/docs/manual/expr.xml
> httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_core.xml
> httpd/httpd/branches/2.4.x/modules/aaa/mod_authn_core.c
> 
> Propchange: httpd/httpd/branches/2.4.x/
> --
>   Merged /httpd/httpd/trunk:r1663123,1670431

> Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_core.xml
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_core.xml?rev=1906494=1906493=1906494=diff
> ==
> --- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_core.xml (original)
> +++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_core.xml Mon Jan  9 
> 13:16:50 2023
> @@ -141,6 +141,16 @@ authentication
>  
>  The string provided for the AuthName is what will
>  appear in the password dialog provided by most browsers.
> +
> +From 2.4.13, expression syntax can be

I guess this should be 2.4.55.

> +used inside the directive to produce the name dynamically.
> +
> +   For example:
> +
> +   
> + AuthName "%{HTTP_HOST}"
> +   
> +
>  
>href="../howto/auth.html">Authentication, Authorization, and
> @@ -195,6 +205,9 @@ authentication
>  /Directory
>  
>  
> +From 2.4.13, expression syntax can be

I guess this should be 2.4.55.

> +used inside the directive to specify the type dynamically.> +
>  When disabling authentication, note that clients which have
>  already authenticated against another portion of the server's document
>  tree will typically continue to send authentication HTTP headers
> 

Regards

Rüdiger

Re: stable branch

2023-01-09 Thread Emmanuel Dreyfus 
On Mon, Jan 09, 2023 at 09:37:37AM -0500, Eric Covener wrote:
> svn relocate http://svn.apache.org https://svn.apache.org

That did it! I made the commit, but someone knowledgable should
probably check I did not break something 

-- 
Emmanuel Dreyfus
m...@netbsd.org

Re: stable branch

2023-01-09 Thread Eric Covener 
On Mon, Jan 9, 2023 at 9:23 AM Emmanuel Dreyfus  wrote:
>
> On Mon, Jan 09, 2023 at 08:05:30AM -0500, Eric Covener wrote:
> > Yes. Most times, the person who proposed it does the final backport.
> > Sometimes, the last person to vote or someone preparing a release will
> > apply it.
>
> Um, sorry for the noob questions, but I ma stick with
> svn: E195023: Commit failed (details follow):
> svn: E195023: Changing directory '/scratch/httpd-trunk/httpd/branches/2.4.x' 
> is forbidden by the server
> svn: E175013: Access to '/repos/asf/!svn/me' forbidden
>
> I do svn commit --username manu --password ***
> What am I doing wrong?
>

I think this is the "You need to switch your SVN checkout URL to https
to commit" symptom.

I think this does it:

svn relocate http://svn.apache.org https://svn.apache.org

Re: stable branch

2023-01-09 Thread Emmanuel Dreyfus 
On Mon, Jan 09, 2023 at 08:05:30AM -0500, Eric Covener wrote:
> Yes. Most times, the person who proposed it does the final backport.
> Sometimes, the last person to vote or someone preparing a release will
> apply it.

Um, sorry for the noob questions, but I ma stick with
svn: E195023: Commit failed (details follow):
svn: E195023: Changing directory '/scratch/httpd-trunk/httpd/branches/2.4.x' is 
forbidden by the server
svn: E175013: Access to '/repos/asf/!svn/me' forbidden

I do svn commit --username manu --password ***
What am I doing wrong?

-- 
Emmanuel Dreyfus
m...@netbsd.org

Re: stable branch

2023-01-09 Thread Eric Covener 
On Mon, Jan 9, 2023 at 3:48 AM Emmanuel Dreyfus  wrote:
>
> Hello
>
> I see in httpd/branches/2.4.x/STATUS that my DAVlockDiscovery
> contribution now has three +1 including mine. May I commit
> the change to the branch?
>
>   *) mod_dav: DAVlockDiscovery option to disable WebDAV lock discovery
>  This is a game changer for performances if client use PROPFIND a lot,
>  trunk patch: http://svn.apache.org/r1904638
>   http://svn.apache.org/r1904662
>   http://svn.apache.org/r1905170
>   http://svn.apache.org/r1905206
>   http://svn.apache.org/r1905230
>  2.4.x patch: svn merge -c 1904638,1904662,1905170,1905206,1905230 
> ^/httpd/h
> ttpd/trunk .
>  +1: manu, covener, gbechis
>  covener: xml needs doc tweak after backport

Yes. Most times, the person who proposed it does the final backport.
Sometimes, the last person to vote or someone preparing a release will
apply it.

stable branch

2023-01-09 Thread Emmanuel Dreyfus 
Hello

I see in httpd/branches/2.4.x/STATUS that my DAVlockDiscovery
contribution now has three +1 including mine. May I commit
the change to the branch?

  *) mod_dav: DAVlockDiscovery option to disable WebDAV lock discovery
 This is a game changer for performances if client use PROPFIND a lot,
 trunk patch: http://svn.apache.org/r1904638
  http://svn.apache.org/r1904662
  http://svn.apache.org/r1905170
  http://svn.apache.org/r1905206
  http://svn.apache.org/r1905230
 2.4.x patch: svn merge -c 1904638,1904662,1905170,1905206,1905230 ^/httpd/h
ttpd/trunk .
 +1: manu, covener, gbechis
 covener: xml needs doc tweak after backport




-- 
Emmanuel Dreyfus
m...@netbsd.org