On Fri, Dec 12, 2014 at 9:12 AM, Ken Dreyer <kdre...@redhat.com> wrote: > Hi folks, > > The Apache fork that we ship on Ceph.com > (https://github.com/ceph/apache2) is several versions behind upstream > and has a couple CVEs by now. > > I've heard from the developers (I don't remember if it was Dan, Yehuda, > or someone else) refer on IRC to the idea that the changes in our Ceph > Apache fork were cosmetic, and it's ok to simply use upstream Apache. > > I wanted to confirm this with a wider audience: it's ok to stop > maintaining and shipping our custom Apache? > > In other words, we would remove references to our custom Apache from > Teuthology, and our docs, and eventually from our repositories? > > > ----- > > Diving into our changes, there are two patches that we have on top of > Apache 2.2.22: > > 1. "rgw: don't unset Content-Length header on HEAD response (this was > being done when content length was 0)" > https://github.com/ceph/apache2/commit/5ae1b4a081b05fcacf55e7114eec87d9b2a0a5da > . (See also the original patch submission at > http://tracker.ceph.com/issues/897) > > 2. "don't complain on badly formatted expectations" > https://github.com/ceph/apache2/commit/0d9948f1e483386adef0841896484db8422127b2 > > Both of these were submitted to Apache upstream in December 2013 (thread > on apache-dev "Ceph patches for httpd") and merged in > http://svn.apache.org/r1554303 .
Oh, awesome! > > So his will be controllable via new directives in httpd 2.5: > "HttpContentLengthHeadZero" (defaults to off, ie, continue to squelch > the zero-length header) and HttpExpectStrict (defaults to off, ie, > continue to log the error). > > So for httpd 2.5 we have something that gives us what we need. I don't think we really need either of these changes. One was really only triggered in a very synthetic use case (the Expect header), and the other one only happened with a very old version of boto, and we've managed to send an upstream fix for it 3-4 years ago. I'm all for dropping it. Yehuda -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
