Someone remarked to me yesterday that their out-of-box 2.0.48 tarball would
not build under SuSe...
I noticed a brand new change to the libdl detection logic that drops -ldl from the
linkage list on unix. Would you please check that the generated LDFLAGS
did or did not include the -ldl argument
At 07:05 PM 1/13/2004, Brad Nicholes wrote:
>I don't think so because the "split into multiple bucket" code was
>only enabled if both large_file and send_file was enabled. Which meant
>that on a non-large_file build the check for ENABLE_SENDFILE_OFF wasn't
>there anyway. If they have large_fi
Do you know of any cases that actually require mpm_state to be updated in ap_signal_parent()? Setting
winnt_mpm_state to AP_MPMQ_STOPPING in child main should be sufficient unless I am missing something.
Bill
[EMAIL PROTECTED] wrote:
trawick 2003/12/16 18:16:44
Modified:server/mpm/w
Hi.
I've been building and using what will be httpd-2.1 for months. Just
within the last week or two, my builds have all failed when I try to run
them. As others are certainly running the CVS head builds without
problems, I'm hoping for a bit of guidance to see if someone can suggest
a fix.
Here'
I don't think so because the "split into multiple bucket" code was
only enabled if both large_file and send_file was enabled. Which meant
that on a non-large_file build the check for ENABLE_SENDFILE_OFF wasn't
there anyway. If they have large_file support and don't have send_file
(ie. NetWare
At 04:51 PM 1/13/2004, Günter Knauf wrote:
>do you still expect massive changes with APR 1.0 ?
I have the sense that folks want to see:
* platform neutral apr_poll() that works on apr_file_t's as well, since so many
daemons and other applications will require this. Non trivial - but we may
Hi ,
I am creating a module similar to mod_proxy, but has some different
functions. I want to find the definition of the function
ap_proxy_make_fake_req, and the
source code for it. Moreover, I found in one of the posts that this
function calls, core_create_req.
I cannot find any definition for
On Tue, Jan 13, 2004 at 04:43:07PM -0600, Ben Collins-Sussman wrote:
>
> Hello, Apache folk. After showing this bug to gstein, iholsman, and
> others in IRC, I fear I may have found a real bug. It has something
> to do with SSL, but it's not clear whether this is a bug in the Neon
> library, Ope
Woha...
At 11:50 AM 1/8/2004, [EMAIL PROTECTED] wrote:
>bnicholes2004/01/08 09:50:03
>
> Modified:server core.c
> Log:
> If large file support is enabled allow the file to be split into AP_MAX_SENDFILE
> sized buckets. Otherwise Apache will be unable to send files larger than 2 gig
Hi Bill,
thanks for your reply!
> Just so that everyone is on the same page, 2.1.0 will be an -alpha. If
sure - I'm aware of this (and it's on my site too);
but nevertheless there are now a lot of new things in 2.1-dev which people would
already like to play with
> and when
> we think we a
Hello, Apache folk. After showing this bug to gstein, iholsman, and
others in IRC, I fear I may have found a real bug. It has something
to do with SSL, but it's not clear whether this is a bug in the Neon
library, OpenSSL, mod_ssl, or httpd itself.
Client is: Redhat 9, svn 0.36.0 using neon 0.
>> Checked on RH, Suse and Cygwin, all running the GNU version
>> of xargs. On which platforms does it work?
>
> Works for me on FreeBSD and OS X and would work with -i on RH8.0's GNU
> version of xargs.
You're right, I missed that. After replacing "-I xx" with "-ixx" the
script works fine.
???
Well, I think you are asking a docs question so I'm forwarding there. But this
is nothing more than adding an appropriate LoadModule command, so it is
likely documented there.
Actually causing a loaded module (so, sl, dll or dylib) to actually do anything
productive would be the documentatio
Perhaps this is none of Apache's business, but should be a very specific
result from the various apr_poll setup functions that invoke select()?
Bill
At 08:53 AM 1/6/2004, Brian Akins wrote:
>Call me stupid, put why in various places does Apache do things like this:
>if (csd >= FD_SETSIZE) {
>
Günter,
Just so that everyone is on the same page, 2.1.0 will be an -alpha. If and when
we think we are about done with post 2.0 development, we will finally release
a 2.1.x-beta. That will become the codebase (after an iteration or few) of the
Apache 2.2 release. We are moving twords the tried
At 02:31 PM 1/8/2004, Jim Jagielski wrote:
>We're being sloppy with these... Shouldn't all FNM_* in
>httpd be using the APR versions? Just grepping for
>FNM_PERIOD...
I would think so ... patch on :)
>./modules/generators/mod_autoindex.c:
>FNM_NOESCAPE | FNM_PERIOD
On 13.01.2004, at 22:08, Ivan Ristic wrote:
Checked on RH, Suse and Cygwin, all running the GNU version
of xargs. On which platforms does it work?
Works for me on FreeBSD and OS X and would work with -i on RH8.0's GNU
version of xargs.
Cheers,
Erik
I've installed mod_log_forensic to test (from the CVS, 1.3 branch)
but the shell script check_forensic does not work for me. It fails
because the xargs binary does not implement the "-I placeholder"
parameter.
Checked on RH, Suse and Cygwin, all running the GNU version
of xargs. On which platform
Offlist, please contact me regarding suggestions on
various (incoming) FAX-to-Email solutions. Not the
normal "send a FAX by sending an Email" but
"receive an incoming FAX, image-ize it (TIFF, JPG,
whatever) and send via Email to someone".
tia.
> It's from various admins, using open source and commercial
> versions of Apache that I've rec'd the "request" from. One
> request from an admin was to make it *easier* to audit his
> network, by allowing each machine to have a slightly different
> "real" name.
So add an individual X-Server-Ident
+1
On Jan 13, 2004, at 9:54 AM, Jeff Trawick wrote:
Rather than using multiple symbols (HAVE_SYS_PRCTL_H, HAVE_PRCTL),
which would add to the CFLAGS, there is a single symbol
HAVE_SET_DUMPABLE which is defined via CFLAGS if all prerequisites are
met.
On Tue, Jan 13, 2004 at 09:35:15AM -0500, Jim Jagielski wrote:
> I didn't propose this to create (yet another) heated discussion,
> simply to suggest that we take ServerTokens to its logical
> conclusion based on some requests I've seen. :)
Yes. I agree with Lars that "security by obscurity" is no
On Tue, Jan 13, 2004 at 09:54:45AM -0500, Jeff Trawick wrote:
> Rather than using multiple symbols (HAVE_SYS_PRCTL_H, HAVE_PRCTL), which
> would add to the CFLAGS, there is a single symbol HAVE_SET_DUMPABLE
> which is defined via CFLAGS if all prerequisites are met.
>
> testing:
>
> Fedora Core
On Mon, Jan 12, 2004 at 12:38:59PM -0500, Jeff Trawick wrote:
> 2.x already does this
Of course. 500's should always be logged if generated by Apache.
+1.
Martin
--
<[EMAIL PROTECTED]> | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
Jean-Jacques Clar wrote:
I never used any profiling
tools on Linux,
but will like to learn as much as possible in that field.
Since I have to start from scratch, Is oprofile the best one or do you
have any
other suggestions?
oprofile is my favorite for Linux because:
* it's open source and the d
On Tue, Jan 13, 2004 at 03:28:24PM +, Ivan Ristic wrote:
> Also, imagine I have a PHP application (I chose PHP because
> it runs on Windows and on Unix), and that someone is trying
> to find a hole in the app. If they think I'm running Windows
> they'll try to run Windows-specific attem
I recently changed the signature of the Apache running on
modsecurity.org (to pretend to be IIS5). As a result, I've started
getting more IIS-related attacks than before. So, the signature
does matter.
And what was the security advantage?
Smaller number of attack attempts made specifical
Rather than using multiple symbols (HAVE_SYS_PRCTL_H, HAVE_PRCTL), which
would add to the CFLAGS, there is a single symbol HAVE_SET_DUMPABLE
which is defined via CFLAGS if all prerequisites are met.
testing:
Fedora Core 1: verified that feature was recognized and that the new
code was required
Mads Toftum wrote:
>
> On Tue, Jan 13, 2004 at 09:35:15AM -0500, Jim Jagielski wrote:
> >
> > Without a doubt. Look at how many exploits grep on not only
> > the "name" of the server but also the version.
> >
> So it is ok to be vulnerable - as long as it isn't obvious?
Of course not.
--
==
Lars Eilebrecht wrote:
>
> According to Jim Jagielski:
>
> > I didn't propose this to create (yet another) heated discussion,
>
> too late ;)
>
>
> > simply to suggest that we take ServerTokens to its logical
> > conclusion based on some requests I've seen. :)
>
> Sorry, but I don't see this
On Tue, Jan 13, 2004 at 09:35:15AM -0500, Jim Jagielski wrote:
>
> Without a doubt. Look at how many exploits grep on not only
> the "name" of the server but also the version.
>
So it is ok to be vulnerable - as long as it isn't obvious?
I must say that I don't buy that argument - it will just l
According to Jim Jagielski:
> I didn't propose this to create (yet another) heated discussion,
too late ;)
> simply to suggest that we take ServerTokens to its logical
> conclusion based on some requests I've seen. :)
Sorry, but I don't see this as the logical conclusion of
the ServerTokens di
* On Tue, Jan 13, 2004 at 02:25:36PM +, Ivan Ristic wrote:
> Because I believe that changing the signature prevents some
> automated tools from attacking the server.
This is a valid point.
> I recently changed the signature of the Apache running on
> modsecurity.org (to pretend to be
According to Ivan Ristic:
> I recently changed the signature of the Apache running on
> modsecurity.org (to pretend to be IIS5). As a result, I've started
> getting more IIS-related attacks than before. So, the signature
> does matter.
I'm getting IIS-related attacks on my servers even wi
Ivan Ristic wrote:
>
>
> > As Lars said (and I agree), it has nothing to do with security. Why do you
> > provide such a "feature" then?
>
>Because I believe that changing the signature prevents some
>automated tools from attacking the server.
>
>So, the signature
>does matter.
* Ivan Ristic <[EMAIL PROTECTED]> wrote:
>
> >> I like the idea. Right now you either have to
> >> change the source code or use mod_security to achieve
> >> this, but I think the feature belongs to the server core.
> >>
> >> But I think a new server directive is a better solution.
> >
>
I like the idea. Right now you either have to
change the source code or use mod_security to achieve
this, but I think the feature belongs to the server core.
But I think a new server directive is a better solution.
As Lars said (and I agree), it has nothing to do with security. Why do you
Colm MacCarthaigh wrote:
>
> On Tue, Jan 13, 2004 at 03:04:30PM +0100, Lars Eilebrecht wrote:
> > - It's only security by obscurity and providing such a
> > "security feature" may be misleading for our users.
> > - We don't want people to obfuscate the server name, do we?
>
> It's a terrible te
* Ivan Ristic <[EMAIL PROTECTED]> wrote:
>I like the idea. Right now you either have to
>change the source code or use mod_security to achieve
>this, but I think the feature belongs to the server core.
>
>But I think a new server directive is a better solution.
As Lars said (and
On Tue, Jan 13, 2004 at 08:53:38AM -0500, Jim Jagielski wrote:
> I'd like to get some sort of feedback concerning the idea
> of having ServerTokens not only "adjust" what Apache
> sends in the Server header, but also allow the directive
> to fully set that info.
>
> For example: ServerTokens Set A
On Tue, Jan 13, 2004 at 03:04:30PM +0100, Lars Eilebrecht wrote:
> - It's only security by obscurity and providing such a
> "security feature" may be misleading for our users.
> - We don't want people to obfuscate the server name, do we?
It's a terrible terrible terrible idea, and makes auditing
Jim Jagielski wrote:
I'd like to get some sort of feedback concerning the idea
of having ServerTokens not only "adjust" what Apache
sends in the Server header, but also allow the directive
to fully set that info.
For example: ServerTokens Set Aporche/3.5
would cause Apache to send Aporche/3.5 as t
According to Jim Jagielski:
> I'd like to get some sort of feedback concerning the idea
> of having ServerTokens not only "adjust" what Apache
> sends in the Server header, but also allow the directive
> to fully set that info.
I tend to be -1 on this for the following reasons:
- It's only secur
I'd like to get some sort of feedback concerning the idea
of having ServerTokens not only "adjust" what Apache
sends in the Server header, but also allow the directive
to fully set that info.
For example: ServerTokens Set Aporche/3.5
would cause Apache to send Aporche/3.5 as the
Server header. Some
Joe Orton wrote:
On Mon, Jan 12, 2004 at 11:43:10PM -0800, Stas Bekman wrote:
[EMAIL PROTECTED] wrote:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26076
[...]
--- Additional Comments From [EMAIL PROTECTED] 2004-01-13 07:18
---
That's not a bug: a $DESTDIR installation is an inte
On Mon, Jan 12, 2004 at 11:43:10PM -0800, Stas Bekman wrote:
> [EMAIL PROTECTED] wrote:
>
> >http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26076
> [...]
> >--- Additional Comments From [EMAIL PROTECTED] 2004-01-13 07:18
> >---
> >That's not a bug: a $DESTDIR installation is an interm
[EMAIL PROTECTED] wrote:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26076
[...]
--- Additional Comments From [EMAIL PROTECTED] 2004-01-13 07:18 ---
That's not a bug: a $DESTDIR installation is an intermediate install step. The
apxs in the $DESTDIR root would not be expected to wor
47 matches
Mail list logo