Re: [PATCH PR55304] mod_dav: COPY should not validate the parent of request.

2013-07-24 Thread Greg Stein 
Fixed in r1506714, and proposed for backport to 2.2.x and 2.4.x.

On Wed, Jul 24, 2013 at 3:38 PM, Ben Reser  wrote:
> This patch fixes a regression created by the PR54610.  COPY does not
> modify the parent of the source, so it should not be validating the
> parent.  This issue actually disallows the ability to COPY the root of
> a DAV repository since a properly implemented DAV provider will return
> NULL and dav_method_copymove() will error on that.
>
> We ran into this with Subversion, which actually revealed a security
> issue with our implementation of get_parent_resource() since it failed
> on the root.  But beyond that we realized we were not properly
> returning NULL for some resources when the resource is the root and
> thus has no parent.  If we fix this without this patch being made to
> mod_dav then HTTP 2.2.25 and 2.4.6 will lose the ability to COPY the
> root.
>
> If someone can apply it that would be appreciated.  It's certainly
> been looked at by several eyes over on the Subversion side.

Re: Hey Steinar... Re: Revisiting the pre_htaccess hook

2013-07-24 Thread Jeff Trawick 
On Wed, Jul 24, 2013 at 3:31 PM, Stefan Fritsch  wrote:

> Am Montag, 22. Juli 2013, 19:58:11 schrieb Steinar H. Gunderson:
> > On Wed, Jul 10, 2013 at 03:07:56PM -0400, Jeff Trawick wrote:
> > > I guess "it seems to work" in the earlier e-mail is the validation
> > > that the API is sufficient for MPM-ITK.
>
>
> > I see that 2.4.6 has been released, with no mention of open_htaccess
> > in the source code. Was this reverted after 2.4.5? Or was it simply
> > never applied to the 2.4.x branch?
>
> Unfortunately, it didn't get the necessary three +1 votes in time and
> hasn't been applied to the 2.4.x branch, yet.
>
>
Now it is approved for 2.4.next.

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

[PATCH PR55304] mod_dav: COPY should not validate the parent of request.

2013-07-24 Thread Ben Reser 
This patch fixes a regression created by the PR54610.  COPY does not
modify the parent of the source, so it should not be validating the
parent.  This issue actually disallows the ability to COPY the root of
a DAV repository since a properly implemented DAV provider will return
NULL and dav_method_copymove() will error on that.

We ran into this with Subversion, which actually revealed a security
issue with our implementation of get_parent_resource() since it failed
on the root.  But beyond that we realized we were not properly
returning NULL for some resources when the resource is the root and
thus has no parent.  If we fix this without this patch being made to
mod_dav then HTTP 2.2.25 and 2.4.6 will lose the ability to COPY the
root.

If someone can apply it that would be appreciated.  It's certainly
been looked at by several eyes over on the Subversion side.

Re: Hey Steinar... Re: Revisiting the pre_htaccess hook

2013-07-24 Thread Stefan Fritsch 
Am Montag, 22. Juli 2013, 19:58:11 schrieb Steinar H. Gunderson:
> On Wed, Jul 10, 2013 at 03:07:56PM -0400, Jeff Trawick wrote:
> > I guess "it seems to work" in the earlier e-mail is the validation
> > that the API is sufficient for MPM-ITK.


> I see that 2.4.6 has been released, with no mention of open_htaccess
> in the source code. Was this reverted after 2.4.5? Or was it simply
> never applied to the 2.4.x branch?

Unfortunately, it didn't get the necessary three +1 votes in time and 
hasn't been applied to the 2.4.x branch, yet.

Re: [PATCH] systemd socket activation

2013-07-24 Thread Jan Kaluža 

On 07/21/2013 11:14 PM, Paul Querna wrote:

Hiya Y'all, long time no patches :-)

Attached is a patch that would let httpd use systemd's socket
activation feature:
   

Also online here:
   


Hi,

I have tried the patch on F18 with httpd-2.4.6 and it works as expected. 
I really like it :).


Regards,
Jan Kaluza


It isn't particularly pretty;  Mostly it is working within how
listener code already works.  You can test it yourself very easily
using something like:

/usr/lib/systemd/systemd-activate -l 0.0.0.0:8080 -l 9080
/usr/local/httpd-dev/bin/httpd -DFOREGROUND

You'll note it works with multiple listeners.  I've been testing it on
Fedora 19, and it seems fine there.

Now, the patch is not part of mod_systemd.  This is mostly because the
listener.c code isn't exactly friendly to a non-core module messing
around with the listeners.  I'd definitely be +1 to a larger
refactoring of listen.c, but not sure I have the time / energy to head
that up.

If there aren't any objections I'll commit it into trunk in a few days,

Thanks,

Paul