Re: svn commit: r1905170 - /httpd/httpd/trunk/modules/dav/main/mod_dav.c
On Wed, Nov 09, 2022 at 08:19:47AM +0100, Ruediger Pluem wrote: > Would you provide some documentation for the new directive Yes, this is pending. -- Emmanuel Dreyfus m...@netbsd.org
Re: [External] Re: Apache HTTP Server dependency on OpenSSL
On 09.11.2022 08:39, Payyavula, Manjula Vani via dev wrote: Hi Team, We are facing security vulnerability with "faterxml jackson databind" dependency 2.13.3, 1.13.4, .. so on. Even if we used latest 2.14.0-rc2 version also did not resolve the "CVE-.." type vulnerabilities. Could you please help/suggest. ...with which Apache project? This mailing list is about the Apache HTTP Server ("httpd"). Best regards, Julian
Re: svn commit: r1905170 - /httpd/httpd/trunk/modules/dav/main/mod_dav.c
On Wed, Nov 09, 2022 at 08:19:47AM +0100, Ruediger Pluem wrote: > Better do not set it here, but leave it to 0 aka DAV_ENABLED_UNSET. > This makes it possible to use DAV_INHERIT_VALUE in dav_merge_dir_config > The corresponding code for dav_merge_dir_config is missing in this this patch. It was committed before: newconf->allow_lockdiscovery = DAV_INHERIT_VALUE(parent, child, allow_lockdiscovery); The chnage below this seems to be enough to do the job. allow_lockdiscovery is only checked against DAV_ENABLED_OFF, hence DAV_ENABLED_UNSET and DAV_ENABLED_ON have the same effect, which is what is desired for backward compatibility sake. Index: modules/dav/main/mod_dav.c === --- modules/dav/main/mod_dav.c (revision 1905191) +++ modules/dav/main/mod_dav.c (working copy) @@ -160,7 +160,7 @@ conf = (dav_dir_conf *)apr_pcalloc(p, sizeof(*conf)); -conf->allow_lockdiscovery = DAV_ENABLED_ON; +conf->allow_lockdiscovery = DAV_ENABLED_UNSET; /* clean up the directory to remove any trailing slash */ if (dir != NULL) { -- Emmanuel Dreyfus m...@netbsd.org
Re: svn commit: r1905170 - /httpd/httpd/trunk/modules/dav/main/mod_dav.c
On 11/9/22 10:59 AM, Emmanuel Dreyfus wrote: > On Wed, Nov 09, 2022 at 08:19:47AM +0100, Ruediger Pluem wrote: >> Better do not set it here, but leave it to 0 aka DAV_ENABLED_UNSET. >> This makes it possible to use DAV_INHERIT_VALUE in dav_merge_dir_config >> The corresponding code for dav_merge_dir_config is missing in this this >> patch. > > It was committed before: > newconf->allow_lockdiscovery = DAV_INHERIT_VALUE(parent, child, >allow_lockdiscovery); Sorry I missed this. Good catch. > > The chnage below this seems to be enough to do the job. > > allow_lockdiscovery is only checked against DAV_ENABLED_OFF, hence > DAV_ENABLED_UNSET and DAV_ENABLED_ON have the same effect, which is > what is desired for backward compatibility sake. > > Index: modules/dav/main/mod_dav.c > === > --- modules/dav/main/mod_dav.c (revision 1905191) > +++ modules/dav/main/mod_dav.c (working copy) > @@ -160,7 +160,7 @@ > > conf = (dav_dir_conf *)apr_pcalloc(p, sizeof(*conf)); > > -conf->allow_lockdiscovery = DAV_ENABLED_ON; > +conf->allow_lockdiscovery = DAV_ENABLED_UNSET; > > /* clean up the directory to remove any trailing slash */ > if (dir != NULL) { > > > The above fixes this. It is just a change in style because currently we init conf to all zero's via apr_pcalloc which means all fields are in an 'UNSET' state automatically. Hence just removing conf->allow_lockdiscovery = DAV_ENABLED_ON; would be more in line with the existing code. Regards RĂ¼diger