Re: svn commit: r1905170 - /httpd/httpd/trunk/modules/dav/main/mod_dav.c
On Wed, Nov 09, 2022 at 08:19:47AM +0100, Ruediger Pluem wrote: > Would you provide some documentation for the new directive Yes, this is pending. -- Emmanuel Dreyfus m...@netbsd.org
Re: [External] Re: Apache HTTP Server dependency on OpenSSL
On 09.11.2022 08:39, Payyavula, Manjula Vani via dev wrote:
Hi Team,
We are facing security vulnerability with "faterxml jackson databind" dependency 2.13.3,
1.13.4, .. so on. Even if we used latest 2.14.0-rc2 version also did not resolve the
"CVE-.." type vulnerabilities.
Could you please help/suggest.
...with which Apache project? This mailing list is about the Apache HTTP
Server ("httpd").
Best regards, Julian
Re: svn commit: r1905170 - /httpd/httpd/trunk/modules/dav/main/mod_dav.c
On Wed, Nov 09, 2022 at 08:19:47AM +0100, Ruediger Pluem wrote:
> Better do not set it here, but leave it to 0 aka DAV_ENABLED_UNSET.
> This makes it possible to use DAV_INHERIT_VALUE in dav_merge_dir_config
> The corresponding code for dav_merge_dir_config is missing in this this patch.
It was committed before:
newconf->allow_lockdiscovery = DAV_INHERIT_VALUE(parent, child,
allow_lockdiscovery);
The chnage below this seems to be enough to do the job.
allow_lockdiscovery is only checked against DAV_ENABLED_OFF, hence
DAV_ENABLED_UNSET and DAV_ENABLED_ON have the same effect, which is
what is desired for backward compatibility sake.
Index: modules/dav/main/mod_dav.c
===
--- modules/dav/main/mod_dav.c (revision 1905191)
+++ modules/dav/main/mod_dav.c (working copy)
@@ -160,7 +160,7 @@
conf = (dav_dir_conf *)apr_pcalloc(p, sizeof(*conf));
-conf->allow_lockdiscovery = DAV_ENABLED_ON;
+conf->allow_lockdiscovery = DAV_ENABLED_UNSET;
/* clean up the directory to remove any trailing slash */
if (dir != NULL) {
--
Emmanuel Dreyfus
m...@netbsd.org
Re: svn commit: r1905170 - /httpd/httpd/trunk/modules/dav/main/mod_dav.c
On 11/9/22 10:59 AM, Emmanuel Dreyfus wrote:
> On Wed, Nov 09, 2022 at 08:19:47AM +0100, Ruediger Pluem wrote:
>> Better do not set it here, but leave it to 0 aka DAV_ENABLED_UNSET.
>> This makes it possible to use DAV_INHERIT_VALUE in dav_merge_dir_config
>> The corresponding code for dav_merge_dir_config is missing in this this
>> patch.
>
> It was committed before:
> newconf->allow_lockdiscovery = DAV_INHERIT_VALUE(parent, child,
>allow_lockdiscovery);
Sorry I missed this. Good catch.
>
> The chnage below this seems to be enough to do the job.
>
> allow_lockdiscovery is only checked against DAV_ENABLED_OFF, hence
> DAV_ENABLED_UNSET and DAV_ENABLED_ON have the same effect, which is
> what is desired for backward compatibility sake.
>
> Index: modules/dav/main/mod_dav.c
> ===
> --- modules/dav/main/mod_dav.c (revision 1905191)
> +++ modules/dav/main/mod_dav.c (working copy)
> @@ -160,7 +160,7 @@
>
> conf = (dav_dir_conf *)apr_pcalloc(p, sizeof(*conf));
>
> -conf->allow_lockdiscovery = DAV_ENABLED_ON;
> +conf->allow_lockdiscovery = DAV_ENABLED_UNSET;
>
> /* clean up the directory to remove any trailing slash */
> if (dir != NULL) {
>
>
>
The above fixes this. It is just a change in style because currently we init
conf to all zero's via apr_pcalloc which means all
fields are in an 'UNSET' state automatically. Hence just removing
conf->allow_lockdiscovery = DAV_ENABLED_ON;
would be more in line with the existing code.
Regards
RĂ¼diger
