Bug 204304 - www/apache24: Include REDIRECT_URL fix from 2.4.next
Summary: www/apache24: Include REDIRECT_URL fix from 2.4.next
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-apache (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-05 10:01 UTC by fullermd
Modified: 2016-02-01 19:42 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (apache)


Attachments
Patch extracted from svn (4.26 KB, patch)
2015-11-05 10:16 UTC, fullermd
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description fullermd 2015-11-05 10:01:45 UTC
The REDIRECT_URL changes in 2.4.17 cause some havok, particularly with PHP.  See e.g. <https://bugs.php.net/bug.php?id=70757>.

Upstream has already made a change for 2.4.next making the behavior configurable, with the default set to the way 2.4.16 and earlier acted.  See:

https://bz.apache.org/bugzilla/show_bug.cgi?id=57785

http://svn.apache.org/viewvc?view=revision&revision=1712268

IWBNI the port included the fix so things worked smoothly until the fix is released.  In local testing, the .[ch] bits of the patch from SVN apply and work fine.
Comment 1 fullermd 2015-11-05 10:16:44 UTC
Created attachment 162806 [details]
Patch extracted from svn

Dropping this patch into files/ works here.
Comment 2 commit-hook freebsd_committer 2015-12-14 20:54:06 UTC
A commit references this bug:

Author: ohauer
Date: Mon Dec 14 20:53:29 UTC 2015
New revision: 403736
URL: https://svnweb.freebsd.org/changeset/ports/403736

Log:
  - update to 2.4.18
  - backport r1719967
    mod_ssl: fix build with openssl < 0.9.8m (missing semicolon).

  This release also contains the patch for FreeBSD PR 204304
   Make the fix for fully qualifying REDIRECT_URL from PR#57785 opt-in.
   http://svn.apache.org/viewvc?view=revision&revision=1712268

  Changes with Apache 2.4.18

    *) mod_ssl: for all ssl_engine_vars.c lookups, fall back to master connection
       if conn_rec itself holds no valid SSLConnRec*. Fixes PR58666.
       [Stefan Eissing]

    *) mod_http2: connection level window for flow control is set to protocol
       maximum of 2GB-1, preventing window exhaustion when sending data on many
       streams with higher cumulative window size.
       Reducing write frequency unless push promises need to be flushed.
       [Stefan Eissing]

    *) mod_http2: required minimum version of libnghttp2 is 1.2.1
       [Stefan Eissing]

    *) mod_proxy_fdpass: Fix AH01153 error when using the default configuration.
       In earlier version of httpd, you can explicitelly set the 'flusher' parameter
       to 'flush' as a workaround. (i.e. flusher=flush)
       Add documentation for the 'flusher' parameter when defining a proxy worker.
       [Christophe Jaillet]

    *) mod_ssl: For the "SSLStaplingReturnResponderErrors off" case, make sure
       to only staple responses with certificate status "good". [Kaspar Brand]

    *) mod_http2: new directive 'H2PushPriority' to allow priority specifications
       on server pushed streams according to their content-type.
       [Stefan Eissing]

    *) mod_http2: fixes crash on connection abort for a busy connection.
       fixes crash on a request that did not produce any response.
       [Stefan Eissing]

    *) mod_http2: trailers are sent after reponse body if set in request_rec
       trailers_out before the end-of-request bucket is sent through the
       output filters. [Stefan Eissing]

    *) mod_http2: incoming trailers (headers after request body) are properly
       forwarded to the processing engine. [Stefan Eissing]

    *) mod_http2: new directive 'H2Push' to en-/disable HTTP/2 server
       pushes a server/virtual host. Pushes are initiated by the presence
       of 'Link:' headers with relation 'preload' on a response. [Stefan Eissing]

    *) mod_http2: write performance of http2 improved for larger resources,
       especially static files. [Stefan Eissing]

    *) core: if the first HTTP/1.1 request on a connection goes to a server that
       prefers different protocols, these protocols are announced in a Upgrade:
       header on the response, mentioning the preferred protocols.
       [Stefan Eissing]

    *) mod_http2: new directives 'H2TLSWarmUpSize' and 'H2TLSCoolDownSecs'
       to control TLS record sizes during connection lifetime.
       [Stefan Eissing]

    *) mod_http2: new directive 'H2ModernTLSOnly' to enforce security
       requirements of RFC 7540 on TLS connections. [Stefan Eissing]

    *) core: add ap_get_protocol_upgrades() to retrieve the list of protocols
       that a client could possibly upgrade to. Use in first request on a
       connection to announce protocol choices. [Stefan Eissing]

    *) mod_http2: reworked deallocation on connection shutdown and worker
       abort. Separate parent pool for all workers. worker threads are joined
       on planned worker shutdown. [Yann Ylavic, Stefan Eissing]

    *) mod_ssl: when receiving requests for other virtual hosts than the handshake
       server, the SSL parameters are checked for equality. With equal
       configuration, requests are passed for processing. Any change will trigger
       the old behaviour of "421 Misdirected Request".
       SSL now remembers the cipher suite that was used for the last handshake.
       This is compared against for any vhost/directory cipher specification.
       Detailed examination of renegotiation is only done when these do not
       match.
       Renegotiation is 403ed when a master connection is present. Exact reason
       is given additionally in a request note. [Stefan Eissing]

    *) core: Fix scoreboard crash (SIGBUS) on hardware requiring strict 64bit
       alignment (SPARC64, PPC64).  [Yann Ylavic]

    *) mod_cache: Accept HT (Horizontal Tab) when parsing cache related header
       fields as described in RFC7230. [Christophe Jaillet]

    *) core/util_script: making REDIRECT_URL a full URL is now opt-in
       via new 'QualifyRedirectURL' directive.

    *) core: Limit to ten the number of tolerated empty lines between request,
       and consume them before the pipelining check to avoid possible response
       delay when reading the next request without flushing.  [Yann Ylavic]

    *) mod_ssl: Extend expression parser registration to support ssl variables
       in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function
       syntax "ssl(VARNAME)". [Rainer Jung]

  PR:		204304

  with head apache@

Changes:
  head/www/apache24/Makefile
  head/www/apache24/distinfo
  head/www/apache24/files/patch-configure.in
  head/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in
  head/www/apache24/files/patch-docs__conf__httpd.conf.in
  head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c
Comment 3 fullermd 2016-02-01 19:42:18 UTC
2.4.18 update mooted